hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/recon/Win_PoSH_WordReport
History
cribb-it 8cd8d859cd
New Payload: Win_PoSH_WordReport, Fix typos in Win_PoSH_FakeLoginScreen (#431) 
* Add files via upload

* Update readme.md

* Update payload.txt

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Add files via upload

* Update readme.md

* Update readme.md

* Add Payload WIN_PoSH_HKU_RegBackUp

* Update readme.md

* Update payload.txt

* Change for admin shell

* Update readme.md

* Update payload.txt

* Update payload.txt

* Update readme.md

* Added payload WIN_PoSH_SaveSecurityHive

Added new payload to exfiltration that saves the HKLM security hive to the bunny

* Morse Code File Exfiltration

A bit pointless with limitation of morse code but I thought it was fun to create.

* Update readme.md

* Update for non-alphanumeric

* Update for timing

* Update readme.md

* Update readme.md

* Update readme.md

* Update readme.md

* Update payload.txt

* New payload - Fake Login

Shows a fake version of the windows 10 login screen

* Update readme.md

* Changes to Fake Login Payload

* Changes to Fake Login

* Win_PoSH_FakeLogin: Changes to payload and readme

* New recon payload: Win_PoSH_WordReport

* Update fixed typo: Win_PoSH_WordReport
2021-04-30 17:02:21 +01:00
..
payload.txt
New Payload: Win_PoSH_WordReport, Fix typos in Win_PoSH_FakeLoginScreen (#431)
2021-04-30 17:02:21 +01:00
readme.md
New Payload: Win_PoSH_WordReport, Fix typos in Win_PoSH_FakeLoginScreen (#431)
2021-04-30 17:02:21 +01:00
Recon.ps1
New Payload: Win_PoSH_WordReport, Fix typos in Win_PoSH_FakeLoginScreen (#431)
2021-04-30 17:02:21 +01:00

readme.md

Word Report

  • Author: Cribbit
  • Version: 1.0
  • Target: Windows (Powershell 5.1+)
  • Category: Recon
  • Attackmode: HID & Storage
  • Extensions: Run
  • Props: Don Murdoch, Boe Prox, Simen Kjeserud, DannyK999 & T.J. Connor

Change Log

Version Changes
1.0 Initial release

Description

This payload in similar to the InfoGrabber payload. But save the info to a MS Word document and collects some different data.

This payload needs an admin powershell prompt to run

Configuration

This payload is written for an English version of windows. You will need to update the letters used when accessing the menu with ALT for other languages

Colours

Status Colour Description
SETUP Magenta solid Setting attack mode
ATTACK Yellow single blink Injecting Powershell script
INJECTED Green blink followed by SOLID Injection finished
FINISHED Blinks the scroll lock twice Script is finished