hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/remote_access/USB_Intruder
History
Kyle Hoehn 9c527c29c4 Added USB Intruder payload (#220) 
* USB Intruder

Initial upload of the USB Intruder v1.1

Tested on Windows 7 and Windows 10.

* USB Intruder

Updated Readme.

Forgot to add a line.

* Update...again...

Added link for forum comments/discussion.

* USB Intruder

USB Intruder v1.1 Commit.
2017-05-18 14:52:54 +10:00
..
USB_Intruder
Added USB Intruder payload (#220)
2017-05-18 14:52:54 +10:00
d.cmd
Added USB Intruder payload (#220)
2017-05-18 14:52:54 +10:00
payload.txt
Added USB Intruder payload (#220)
2017-05-18 14:52:54 +10:00
README.MD
Added USB Intruder payload (#220)
2017-05-18 14:52:54 +10:00
undo.bat
Added USB Intruder payload (#220)
2017-05-18 14:52:54 +10:00

README.MD

USB Intruder for BashBunny (and adaptable to TwinDucky)

  • Title: USB Intruder
  • Author: B0rk
  • Version: 1.1
  • Target: Windows 7+
  • Props: Hak5Darren, Diggster, IMcPwn, and many more
  • Category: Infiltration/Execution

Description

THIS PAYLOAD ASSUMES YOUR VICTIM HAS ADMINISTRATOR PRIVILEGES

Infiltrates a target system and performs the following:

Created a hidden ProgData folder in the %WinDir% (HID) Sets powershell execution to unrestricted (HID) Copies files from the USB_Intruder directory on the BashBunny to the hidden ProgData folder in the Windows directory (STORAGE) Launches seq1.ps1 that launches the following tasks in order Creates a new user with the following credentials - pwnie:dungothacked (UAC.bat) Sets new user pwnie to local Administrators group (UAC.bat) Shares the root of the C: drive with full permissions to the new user pwnie with the label HACKED$ (Hidden) (UAC.bat) Hides the new user pwnie from the logon screen (hide.ps1) Executes the eject.ps1 file that properly ejects the Mass Storage portion of the payload (eject.ps1) Executes a shell.bat file that a Meterpreter script that calls back to the Attacker's Handler (Create/Replace with your own) Cleans up the Run dialogue history (HID) Sync's the BashBunny for final removal (BB)

undo.bat is provided to reverse the creation actions above (in case you want to test)

Be sure to have your handler ready to accept the incoming connection from the victim

Configuration

Replace the shell.bat file in the USB_Intruder folder with your own custom Meterpreter script or what ever payload you would like.

There is always potential for additional scripts to be run from the seq1.bat file, so bolster it with additional jobs.

You will need to change delays accordingly to the profile of the victim's PC hardware.

STATUS

LED Status
Solid White Initialization
Blue Flashing HID/Storage Phase
Yellow Flashing Cleanup of Run
Green Flashing Sync/EOF
Solid Green 100% Complete

Discussion and Comments at https://forums.hak5.org/index.php?/topic/40981-payloadusb_intruder/