Search the Community
Showing results for tags 'handler'.
WabbitWeb The ultimate payload-handling tool! Hey guys, I finally got around to uploading my first payload, after many weeks of tinkering with it - trying to get it to work. So, what did I spend hours upon days upon multiple weeks making? This. A tool that focuses mainly on handling payloads. With this tool, you have to know that payloads are referred to as Letters, as the payloads are saved as letters (A, B and C). Target: Windows 7, 8, 8.1, 10 Dependencies: Impacket - For SMB server - WabbitWeb will still work without Impacket, but won't start the SMB server Directory 'ww' - Holds everything, basically Features: BashBunny-hosted python webserver - Handles all of the events, commands and pages! - Beautiful, user-friendly web interface that scales with your screen! File Command System (FCS - makes it sound a bit fancier) - Uses the BashBunny's file system to handle commands and functions! - If there is a file called COMMAND.sh in the 'ww' directory, it will instantly source and delete it! - Allows WabbitWeb to have a CLI interface in the website itself! Payload Launcher - Website app (handled by FCS) - Launch a Letter you just created using the Payload Editor! Payload Editor - Website app (handled by FCS) - Create a Letter, a payload saved to a letter (A, B or C) that is runnable almost instantly! - Doesn't handle existing payloads, only allows you to create new ones (future feature, maybe?) Command Line - Pass commands straight to the Bunny! - Logs and saves all commands to WabbitWeb! SMB Launcher - Website app (handled by FCS) - Launches a SMB server at WabbitWeb's payload folder - giving you access to all it's code DURING RUNTIME! - Automagically starts up a Windows Explorer window pointed straight at the SMB server! - Edit your Letters in your own editor (e.g. Notepad++) or copy your own payload to the folder, then use the Payload Launcher to run them! Shutdown (yes..this is a feature!) - Website app (handled by FCS) - Shuts down WabbitWeb (...what did you expect?) - Uses ATTACKMODE OFF to hide, thanks to firmware 1.3! Known bugs: Payload Editor - LED commands return a usage error - Sleep functions don't register - Swapping ATTACKMODEs isn't wise (doable, but it doesn't like it too much) Github: Link to Github page I will be updating this quite a bit in the background, so stay tuned if you are interested in keeping this up-to-date. I will only upload versions that are working properly, so don't worry if you think that its main features (Letters - Payload Launcher and Payload Editor) might not be working and therefore not update. Currently the files are in their own Github (master), so if anyone could give me a rundown of how to get Darren to put them in the payloads folder, shout at me in the comments or PM me. Usage: To use WabbitWeb, just copy the contents of the Github repo to a switch, plug the Bunny in with that switch ready and let it fly. Once it is flashing blue, you can open up Chrome (preferably Chrome, but most web browsers should work fine) and go to: 172.16.64.1:80 which will take you to the WabbitWeb's home page! From there, you can create payloads (known as Letters), launch the Letters you make, start up an SMB server so you can edit the Letters firsthand and edit the webpages if you really want..or just see the code as it is running. Okay, that's cool. How do I edit a Letter from the SMB server's folder? All you need to do is go to the 'scripts' folder and you should see 3 script files (among a few other files) there, la.sh, lb.sh and lc.sh. They are your A, B and C letters. If you create a payload using the Payload Editor, you will see the scripts update. If you create a script using Notepad++ or another program like that (e.g. Notepad - ew..) and save it as one of those letters, you can launch it using the Payload Launcher! Keep in mind that any output you make goes straight to a log file in the usual logs folder, so don't bother manually making a log file unless you want it somewhere specific. Screenshots: Link to Imgur post Updates: Updated to 1.0.1 on 5/05/17 Updated to 1.0.2 on 5/05/17 Updated to 1.0.3 on 8/05/17 Updated to 1.0.4 on 10/05/17 Updated to 1.0.5 on 10/05/17 Updated to 1.0.6 on 11/05/17 Updated to 1.1.0 on 22/05/17 Updated to 1.1.1 on 23/05/17 Feel free to give me lots of constructive feedback! Also, if you can think of anything that may fix any of the bugs above, feel free to comment/PM me! If you find any more bugs, comment below - I'll check this post most days. This payload is open-source and editable as you like, but please do not post a copy of this as your own work, as it isn't nice and it isn't your own work!
Hello everyone! Super new here and have started going through some metasploit tutorials. Of course I have managed to run into an issue that I have not seen any tutorial run into. After I set my RHOST and RPORT and exploit it it sits at [*] Started reverse double handler And then goes back to the regular msf command line. I have attempted this attack from my laptop to the VM running on my desktop of metasploitable, as well as from the VM Kali linux running on my desktop, both results were the exact same. Does anyone have any idea where I should start? I have attached a file of what I am stuck looking at.