hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/credentials/ProcDumpBunny
History
0iphor13 287faf1f1e
Created ProcDumpBunny (#487) 
* Uploaded ReverseBunny

Obfuscated reverse shell via powershell

* Uploaded WifiSnatch

Get your targets stored wifi information and credentials, store them on your Bashbunny and hop away 🐇

* Update ReverseBunny.txt

Changed payload to evade Windows Defender

* Update payload.txt

Added new "Eject Method" - props to Night(9o3)

* Update README.md

* Deleted ReverseBunny.txt

Deleted because of higher risk to get caught by AV

* Updated ReverseBunny to version 1.2

Updated ReverseBunny to version 1.2.
- Deleted payload on disk because of AV
- Added custom shell design

* Updated ReverseBunny to version 1.2

Updated README for ReverseBunny update

* Updated payload

fixed some stupid left overs <3

* Uploaded pingUinBunny

a reverse shell using icmp

* Delete payloads/library/remote_access/switch1 directory

* Uploaded pingUinBunny

A reverse shell using icmp

* Update README.md

* Update README.md

* Updated to PingZhell

* Update Bunny.pl

* Update README.md

* Update README.md

* Update payload.txt

* Rename payloads/library/remote_access/pingUinBunny/Bunny.pl to payloads/library/remote_access/PingZhellBunny/Bunny.pl

* Rename payloads/library/remote_access/pingUinBunny/PingZhell.ps1 to payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

* Rename payloads/library/remote_access/pingUinBunny/README.md to payloads/library/remote_access/PingZhellBunny/README.md

* Rename payloads/library/remote_access/pingUinBunny/payload.txt to payloads/library/remote_access/PingZhellBunny/payload.txt

* Update payload.txt

* Update README.md

* Update README.md

* Update Bunny.pl

* Created ProcDumpBunny

Dump lsass.exe with a renamed version of procdump and get the users hashes with Mimikatz

* Update README.md

* Update payload.txt
2022-01-25 12:31:59 -06:00
..
payload.txt
Created ProcDumpBunny (#487)
2022-01-25 12:31:59 -06:00
README.md
Created ProcDumpBunny (#487)
2022-01-25 12:31:59 -06:00
Screenshot (37).png
Created ProcDumpBunny (#487)
2022-01-25 12:31:59 -06:00
Screenshot (38).png
Created ProcDumpBunny (#487)
2022-01-25 12:31:59 -06:00
Screenshot (39).png
Created ProcDumpBunny (#487)
2022-01-25 12:31:59 -06:00

README.md

Title: ProcDumpBunny

Author: 0iphor13

Version: 1.0

What is ProcDumpBunny?

It is simple - using a renamed version of procdump - you are able to dump hashes from lsass.exe

Instruction:

Download ProcDump from Microsoft - https://docs.microsoft.com/en-us/sysinternals/downloads/procdump - rename the Executeable to Bunny.exe alt text Place Bunny.exe in the same payload switch as your payload alt text

Plug in BashBunny. Exfiltrate the out.dmp file and read it with Mimikatz. alt text