lespacefish

That would be awesome! That functionality would definitely be something that would swing me in favor of getting a bash bunny. Running QUACK to use powershell to get the file and execute it would be a perfect way to get that (or maybe even storing it on the bunny itself, because we can do that now!).

That totally could be used, however I was thinking that this could all be done on one device. One less device to worry about getting found (of course if the cost is no issue). But yeah, this definitely is the job of the turtle, but was wondering if it could be done on the bunny.

I don't have a bash bunny, and even if I did I don't know how to code for the various languages that may be needed, but I have an idea: You have what ever payload you want run as it does, but then afterwards you have the bunny force the machine to share its internet with it, so you can access the bash bunny on the network later (not taking it back after the payload executes). Obviously ssh wouldn't normally work since port forwarding wouldn't be set, but I am sure the creative and knowledgeable community you guys are know some tool (like teamviewer for terminal) to make an ssh like connection possible without port forwarding. This is just an idea, but looking at the possibilities that the bash bunny brings gives me hope for something like this to be possible. (If anyone can make this I would be very impressed).

Using the Skiddie UAC exploit from episode 2117, is there any way to add persistence to it? I would assume to add it to the executable somewhere. Additionally, could you add to the vbs script to get multiples of the (now persistent) exe and stores them in many of the autorun locations? Essentially I am looking to make a payload, that combined with a autorunsript, automatically get system and stores a bunch of persistent copies around the computer so the only realistic way to get rid of it is to reinstall windows. Thanks!