hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/execution/RazerSystemShell/README.md
emptyhen 9fdacee185
New Payload: Razer System Shell (#463) 
Exploit Razer USA HID driver installation to System authority PowerShell. 
This is heavily based on Tweet by @_MG_ on 22nd Aug 2021 but modified to work with BashBunny
2021-08-24 20:30:24 +01:00

1.2 KiB
Raw Blame History

Razer System Shell from Bash Bunny

Author: Emptyhen Version: 0.1

Description

Makes use of a exploitation that's part of the driver installation process for Razer HID devices. From a low privilege (non administrator account) this code produces a System authority PowerShell prompt.

There are some long delays built into this payload to allow for the time required to install the drivers and start the Razer Synaptics installation and configuration tool.

Although this has been designed for the Bash Bunny, it should be compatible with the Key Croc too.

Note: To run the payload a second time, the Razer driver needs to be removed from Device Manager.

STATUS

LED Status Status
PINK Payload starting and configuring the attack mode.
ORANGE - Single Flash Waiting for drivers to be installed.
ORANGE - Two Flashes Injecting keystrokes to create the shell.
ORANGE - Three Flashes Waiting for PowerShell to launch
GREEN Payload finished.