Dave-ee Jones Posted May 18, 2017 Share Posted May 18, 2017 Slydoor Passing Powershell scripts to victim PCs via USB storage. Hey guys, here comes my second payload! This payload passes scripts to a user PC via USB storage (possibly more options coming in future) and HID injection. Target: Windows 7, 8, 8.1, 10 Dependencies: File 'a.ps1' - This is the script that is initiated to run other scripts (requires Admin privileges) Features: Modes: - Payload 'modes' are .ps1 files in the payload directory, allowing you to create your own 'modes' and configure the payload to run them - Slydoor, by default, comes with 2 modes - recon and adder [Mode] Recon: - Gathers WLAN data via 'netsh' module - Gathers process data via 'Get-Process' module - Gathers computer hardware data [Mode] Adder: - Creates a local Administrator account - Username: Slydoor - Password: slydoor Known bugs: None found as of yet In saying that, the Bunny automatically goes dark (ATTACKMODE OFF, LED OFF) after 3 seconds once the UAC has been bypassed (7 seconds after starting the first script). Github: Link to Github page I will be updating this quite a bit in the background, so stay tuned if you are interested in keeping this up-to-date. I will only upload versions that are working properly. Usage: When you create a .ps1 script, you can drag it into the payload folder and open the 'payload.txt' file. Once you've opened the file, you can edit the MODE option near the top ([OPTION] Mode). Here you can specify the name of the script (mode). E.g. If I wanted to run the 'recon.ps1' script I would set MODE to "recon" (make sure it is a string!). It's as easy as that. Okay, that's cool, but how is it different to other Powershell 'agents'? It's not really, it's just an easy solution for those who want to get some Powershell scripts going as soon as they have their Bunny (many people having issues getting their own to work). Update log: - Updated to 1.2 at 11:50AM on 19/05/17 Feel free to give me lots of constructive feedback! If you find any bugs, comment below - I'll check this post most days. This payload is open-source and editable as you like, but please do not post a copy of this as your own work, as it isn't nice and it isn't your own work! Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 18, 2017 Author Share Posted May 18, 2017 @PoSHMagiC0de It's not an agent. :P Link to comment Share on other sites More sharing options...
rottingsun Posted May 18, 2017 Share Posted May 18, 2017 Nice. I got mine in recently. My first payload was running procdump from the bunny and then saving the dump file onto the bunny for later mimikatz analysis. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 18, 2017 Author Share Posted May 18, 2017 7 hours ago, rottingsun said: Nice. I got mine in recently. My first payload was running procdump from the bunny and then saving the dump file onto the bunny for later mimikatz analysis. Noice. Link to comment Share on other sites More sharing options...
Computer_Security Posted December 23, 2018 Share Posted December 23, 2018 Looks good! I was trying to search for more meaningful bugs but could only find one small one.🤷♂️ On line 29 of file "payload.txt" echo "- Can't find mode script" >> $LOG_PATH I am not sure if you did this on purpose but I believe you meant to type: echo "- Can't find $MODE script" >> $LOG_PATH Thanks for sharing your code I really liked it! 👍 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.