Search the Community
Showing results for tags 'powershell'.
-
Hey I am super new to this, so forgive me if there is another payload like this, I looked around but could not find anything like it just yet. The payload copies CMD.exe to sethc.exe allowing you to press the shift key 5 times to open up a cmd line. Though the attack must be carried out when the user is logged in, you can still open the cmd line the same way even on the login screen. Let me know what you guys think, It's my first payload so I would appreciate any constructive criticism and any idea on how to make it better. https://github.com/InvaderSquibs/BashBunny/tree/master/payloads/li
-
Why is the below not working correctly? It should Write-Host 'Active', but it doesn't? PS C:\Windows\system32> $(Get-ADUser JoeBloggs -Properties *).PasswordExpired False PS C:\Windows\system32> if ($(Get-ADUser JoeBloggs -Properties *).PasswordExpired -eq "False") { Write-Host "Active" } else { Write-Host "Locked" } Locked Thanks.
-
I'm having trouble writing a powershell script that will 'exit' the terminal after running the code. This problem occurs when using a Quack script on the Bash Bunny. Here's the end part of the Ducky script into that I wrote: I pretty sure that's correct, and it should exit after deleting a file called ip.txt However, no such luck. What I have tried to solve the problem: STRING EXIT STRING Exit STRING exit; STRING del ip.txt; exit; But, no of these make a difference. I even checked a Ducky script written by DarrenHak5 who has the same way of exitin -
Hi guys, I have the following PowerShell code; $FolderPath = "\\server\folder1\folder2\~folder3" $SplitFolder = $FolderPath -split '\\' I can then echo each split using; echo $SplitFolder[2] server echo $SplitFolder[3] folder1 echo $SplitFolder[4] folder2 but when I get to echo $SplitFolder[5], because the folder name begins with a tilde (~), it fails; echo $SplitFolder[5] Cannot index into a null array. At line:1 char:1 + echo $SplitFolder[5] + ~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (:) [], RuntimeException + FullyQualifiedErrorI -
https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/recon/InfoGrabber It has been a while since my script was updated so if anyone want to want to help make it more effective or make it faster it would be much appreciated :D -
Hello, I wanted to download files via CMD, and the first way I discovered was FTP. I rent a server and everything worked. The problem is that it takes kinda long to type in the credentials. After some research I found this PowerShell line: powershell (new-object System.Net.WebClient).DownloadFile('http://website.com/file.exe','%TEMP%\file.exe') But I have some questions: What is the part after %TEMP% for? Is that the destination where the files "arrives"? So if i wanted to download it to C:\, I just have to change it to C:\, right? Where can I host the file for free?
-
Slydoor Passing Powershell scripts to victim PCs via USB storage. Hey guys, here comes my second payload! This payload passes scripts to a user PC via USB storage (possibly more options coming in future) and HID injection. Target: Windows 7, 8, 8.1, 10 Dependencies: File 'a.ps1' - This is the script that is initiated to run other scripts (requires Admin privileges) Features: Modes: - Payload 'modes' are .ps1 files in the payload directory, allowing you to create your own 'modes' and configure the payload to run them - Slydoor, by default, comes with 2
-
Hopefully I get the voting thing right as I wanted to add content, we will see. If you see 2 separate posts, it is because I am ignant. (spelled wrong on purpose). So, in my travels on this board, I have come across people building agents to run their Powershell scripts. Most make out fine. What has prompted this is I have been asked a few times about how I build an agent or even help in building one. The BBTPS is awesome, it just is advanced and scary to some. Plus if you are running only 1 payload and need no dynamic payload delivery then BBTPS is too much. Welp, I like h
-
Hmm, So, who is interested in injecting their powershell process into another process to hide it? Only advantage to this is if you are not going to be there. Makes no sense to do it with the BB connected since you are going to be there but if you ever wanted to leave something behind (like the keylogger payload) but want it to be hidden well I can create a solution for you. I planned on doing it eventually when I was done optimizing the BBTPS but I can take a break from it to think of and create a template for ya'll. It will be borrowing from the PowershellEmpire teams PSInject mo
-
EncDecFiles.ps1 Author: (c) 2017 by QDBA Version 1.0 Description EncDecFiles.ps1 is a powershell script to Encrypt / Decrypt a powershell (or any other) file with AES. You can use it to obfuscate your powershell script, so AV Scanner doesn't detect it. Usage: EncDecFiles.ps1 < -Encrypt | -Decrypt > # encrypt or decrypt a file < -In Filename > # Input File [ -Out Filename ] # Output File [ -Pass Password ]
-
Okay all, I finally finished this thing well enough for me to release but more work yet to be done. It works. Try it out and let me know what you think. I got tired of fiddling with it and just decided to get something out there. https://github.com/PoSHMagiC0de/BBTPS Oh, my first time actually using github too. I usually have friends in town who does pushed on my behalf..cause I am lazy. I decided to learn git and do it myself.
- 20 replies
-
- 4
-
-
- powershell
- bashbunny
- (and 1 more)
-
Violation of CoC
-
- 1
-
-
- powershell
- windows
- (and 2 more)
-
Localized SMB Powershell delivery. For when USB and Web methods are disabled or too noisy. https://github.com/hak5/bashbunny-payloads/pull/172 -
Hello all, I have been trying to figure out a good payload to make for the BashBunny. Seems like most of you thought of the simple ones. The ones I was going to improve it seems the authors are on it so just dropping help here and there is really all that is needed. So, what could I write. Welp, after contributing to Powershell Empire and using other frameworks and having a partial framework I stopped working on myself in Powershell I decided to re-purpose parts of it and put it toward the BB. I been hearing people asking about dynamic switching and stuff like that. Welp, I
-
Violation of CoC
- 1 reply
-
- 3
-
-
- powershell
- windows
- (and 3 more)
-
Discussion Thread for Root CA installer. (No Local Admin Rights necessary) current development via: https://github.com/jrsmile/bashbunny-payloads/tree/master/payloads/library/rooter (TESTED and Working) pull request waiting. small Howto create self-signed-root-ca: Create the Root Certificate (Done Once) Creating the root certificate is easy and can be done quickly. Once you do these steps, you’ll end up with a root SSL certificate that you’ll install on all of your desktops, and a private key you’ll use to sign the certificates that get installed on your various devices. Cr
-
Here's a simple payload to download and execute a powershell payload locally from the BashBunny. This payload is especially useful when running larger Powershell scripts. It's much faster than waiting on HID keystrokes.
-
Violation of CoC
- 30 replies
-
- 4
-
-
- powershell
- rdnis
- (and 1 more)
-
I liked the USB Exfiltrator so much I wanted to try and make one that was able to grab everything and dump it to a FTP site. This way if there are large/many documents it wouldn't fill up the BashBunny. Script is pretty simple, it executes a PowerShell script that clears the run history and then starts uploading the users documents directory. It will keep PowerShell running in the background so if there are a lot of files or large files go ahead on unplug the BB once the status light is green, it will just keep going. Still new to this and know there will be some bug or errors so welcome
-
Hello all, As part of a script I am writing I am trying to change directories using the find feature of the drive letter and the $SWITCH_POSITION variable. I tried using Set-Location in Powershell but could not get it to work with the variables needed to find the drive letter and the switch position. I came up with the below and it works in Powershell but not in Ducky Script on the Bash Bunny. I am sure it is because I am missing escapes for special characters (possible) but after hours of trying I could not get it to work. I am at the experts mercy here in the Hak5 Forums :) The payload. -
Hi, Based on the powershell script written to extract creds from Google Chrome, I made a script to read the SQLite database where the cookies are stored and extract Facebook session cookies. It uses no library, like in the ChromeCreds payload, I use regex to search for the cookies. I haven't written any payload, and I also want to do the same with Firefox. http://pastebin.com/25Z8peMb Enjoy
-
Violation of CoC
-
Violation of CoC
- 27 replies
-
- 2
-
-
- powershell
- payload
- (and 3 more)
-
Violation of CoC
- 8 replies
-
- 1
-
-
- quack
- powershell
- (and 3 more)
