Jump to content

Search the Community

Showing results for tags 'payload'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud CĀ²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. Topic for discussions around Network reconnaissance payload for Shark Jack. Network reconnaissance payload for Shark Jack Swiss knife network reconnaissance payload with options for loot capturing (e.g. DIG, NMAP, IFCONFIG, ARP-SCAN, LLDP), notification (e.g. Homey, Pushover (the best push notfications service!), Slack), exfiltration (e.g. Cloud C2, Pastebin, Slack) and led blinking for IP address. Payload is based on various sample payloads from HAK5, MonsieurMarc, Topknot and others. The script has been created in a modular fashion which allows easy extending the script with n
  2. Nmap Quickscan with Discord Integration (Cleaned & C2 Enabled) This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. The Payload waits for "Internet Connection" to be present. Once Internet Connection is found, It scans the local subnet for any online devices. - While also logging the Public IP of the Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.) payload.sh #!/bin/bash # Title: Nmap Quickscan w/ Discord Integration (Cleaned & C2 Enabled) # Author: REDD of Private-Loc
  3. My first payload, wanted to make something simple and cross-platform to try and learn the platform. Please give any feedback (I can't test on OSX myself) you may have to help me improve my payload writing! Features I'm looking to add that I need help with in a future version: - Loop so that the video opens multiple times before ending payload - Ability to crank up device volume while executing payload ######## INITIALIZATION ######## LED SETUP # Use RNDIS for Windows. Mac/*nix use ECM_ETHERNET ATTACKMODE RNDIS_ETHERNET #ATTACKMODE ECM_ETHERNET ######## ATTACK PHASE (WINDOWS
  4. ok, so I'm new to this, but if I want to combine a couple of the payloads that's available at hak5 GitHub, can I for example make one payload that has wifi connect payload and the open ap Nmap my thought was to copy the payloads into a single payload and make the individual payload a function! Any tips or tricks would be nice! My goal is that if it connects to a specific network when it boots up, it will dump the loot to C2, but if it doesn't connect, it will automatically start the Open AP Nmap Scan this is what I have so far: --------------------------------------------
  5. Is it possible to make a rubber ducky open a new cmd window with admin privileges? (without the privileges yourself) (Please put the code in the comments if you can)
  6. Topic for discussions around Backup and Restore shell scripts for Shark Jack. Backup and Restore shell scripts for Shark Jack Being tired of having to re-image your Shark Jack and going through the hassle of backing up and restoring the device? These shell scripts will help you to backup and restore all important data on your Shark Jack. The scripts has been created in a modular fashion which allows easy extending the scripts with new functions. The backup script (backup.sh) incorporates logic to determine already existing backup folders and create a new (unique) backup folder e
  7. SharkLib - SharkJack Quick Payload Library This Tool was created less than 24 hours after having a "SharkJack", I realized how much of a pain it is to swap back and forth between prior loaded Payloads. So after 7 hours of debugging, testing, and pulling my hair out. - I give to you "SharkLib". SharkLib allows you to Backup/Restore prior loaded Payloads, via SSH Terminal. No more needing to have to "go deploy another script", you can easily use C2 or any SSH Terminal Service to switch your desired payloads. Features: Installs to Local System to allow ease of access of "Shark
  8. GIve-Me-My-iP (GIMMP) This payload is used to force the SharkJack on to Static LAN's. Main Scenario - DHCP is disabled or not present on the LAN, only Static IP Devices. The Payload uses ARP-Scan to scan a Array of Subnets to determine if ANY devices are on those subnets. - If so connect to the last known network with devices and set the IP of the SharkJack to the Subnet and Last Digits you assign in the payload. Enjoy. NOTE: This payload requires the Router/LAN to have ARP Scanning enabled. Some Routers/LAN's do not have this feature enabled. The Code: #!/bin/bash # # Tit
  9. Windows Persistent Reverse Shell for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker. Targets Windows 10 (working on support for older versions) Connection can be closed and reconnected at any time Deploys in roughly 15-20 sec Works with NetCat Requirements Have a working Bash Bunny :) STATUS LED STATUS Purple Setup Amber (Single Blink) Installing
  10. DisableD3f3nd3r This payload was created out of frustration of people asking how to disable Windows Defender via BashBunny, Rubber-Ducky. I have released payloads for both devices. This is just a basic Powershell "Download String" function to pull from a public Gist/GitHub RAW code (or any other RAW code format). The script will attempt to escalate to Administrator to perform "Disabling Defender". Source Code of the Powershell Script: https://gist.github.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc The Payload: #!/bin/bash # # Title: Disable D3f3nd3r (BashBunn
  11. Flood Gateway (DDoS) This Payload was created to have a automated way to stress test a Router/Gateway at any given moment. Currently it can use SYN/ACK/RST/UDP/BlackNurse/XMAS and SlowLoris Attacks. This potentially DDoS's the connected Gateway to determine if the Router/Gateway can handle being attacked internally. (And other reasons.... šŸ˜‰) The Code: #!/bin/bash # # Title: Flood Gateway (DDoS) # Author: REDD of Private-Locker # Version: 1.2 # # Description: This payload detects the Gateway IP then proceeds to # flood the Gateway IP by sending SYN/ACK/RST/UDP Pa
  12. Hey guys newbie here, i was wondering if there is a way / payload that if i save a backdoor.apk in the bash it auto installs in android phone? im making a android apk backdoor(rat) and im trying to find a way to make it auto install and run with the bas without internet? if not is there a way with usb rubber ducky? thanks in advance. sorry for my english :/
  13. I Have a few questions about the article "Stealing Files with the USB Rubber Ducky ā€“ USB Exfiltration Explained." I would like to know if that code for the payload would work for an OSX system and if it does not work what would be the changes needed for it to work. Also would I have tried to use the same payload for jpgs and photos but it does not seem to work, Is there a way for that to succeed or is it not possible. I would really appreciate it since that is the task I have been given. Thanks
  14. I Have a few questions about the article "Stealing Files with the USB Rubber Ducky ā€“ USB Exfiltration Explained." I would like to know if that code for the payload would work for an OSX system and if it does not work what would be the changes needed for it to work. Also would I have tried to use the same payload for jpgs and photos but it does not seem to work, Is there a way for that to succeed or is it not possible. I would really appreciate it since that is the task I have been given. Thanks
  15. Hi, Just wondering if anyone could give me some guidance I work in the security team at a company, I want to roll out a siem agent to developers laptops. I need to install this agent as quickly as possible to linux/mac boxes whilst they are locked or unlocked.(devs dont want to do it themselves are pretty reluctant on handing over their laptops) the agent is basically a bash script install... chmod +x & ./<filename> I think I could use my bashbunny to quickly walk over to the devs laptops, put the usb in... and job done.... So my question is if I
  16. One of the problems I had with the ducky is that when typing a script on a target's pc it's really hard if there is a person in front of it. Instead of trying to create the command screen as small as possible so the targets won't see the screen, I've made it so big that they will think the monitor crashed or the cable fell out. The only thing you see now is a black screen and black text so the targets won't see any strings the ducky types. It also doesn't matter if the user clicks on somewhere on the screen with the mouse, because te whole screen is the command line. Here is the payload:
  17. Hey y'all, just wanted to share my slightly modified nmap scan payload. It scans a bunch of ports, saves the output with a date stamp and multiple output types, and then uploads the loot to the C2 server. #!/bin/bash # # Title: Custom Nmap Payload for Shark Jack # Author: Flatlinebb # Version: 1.02 # # Scans target subnet with Nmap using specified options. Saves each scan result # to loot storage folder. Uploads loot to your C2 server # # Red ...........Setup # Amber..........Scanning # Green..........Finished # # See nmap --help for options. Default "-sP" ping scans the address space
  18. Link to github: https://github.com/hak5/bashbunny-payloads/pull/67 Comment if you would like to see some improvments or changes.
  19. HoldEmUp Private Encryption Locker By REDD (aka Ar1k88) Fork from: https://github.com/private-locker/Private-Encrypted-Locker GitHub URL: https://github.com/private-locker/bashbunny-payloads/tree/master/payloads/library/general/HoldEmUp (Waiting on Official Hak5 Merge) This Script was previously released on here, then taken down. I had decided to release it on here again since we have also released the Source on our Community GitHub. Features: Use 256 AES Encryption to encrypt and secure files with a Uniquely Generated AES Key. Edit "settings.db" to change the fi
  20. Hi dear friends. I watched to this video. But I dont know, which payload he was use in this video. So, what do you think about it? Which payload must be it?
  21. Shanegal


    hey guys, so I had some trouble with the screaming payload of doom payload so ive adapted the wallpaper changer payload to do basically the same thing but instead of transferring the wallpaper jpeg, it transfers the .wav file from the bash bunny. Everything kinda works apart from the transferred wav file keeps showing up as 0kb after the script has run? can anyone help me with this please? Here is the script ive have made and ive attached the full payload at the bottom LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET HOST_IP GET SWITCH_POSITION udisk mount cd /root
  22. In the spirit of april fools, I ported the original UnifiedRickRoll to windows, so you can easily switch between apple and windows computers and still get the same effect. https://github.com/hak5/bashbunny-payloads/pull/139
  23. Hello, having received my new toy recently (bashbunny) : I tried to use some scripts like "wallpaper-changer-of-doom" except it didn't work at home. Here is the script: https://github.com/jcardonne/Bashbunny-payloads/blob/master/wallpaper-prank If some of you have any suggestions, I'm interested:) Affectionately, jcardonne
  24. Im working with Kali Linux. I started getting into working with Metasploit, Payloads ... But heres the problem: I am not finding a way to create a Payload, that does not get detected by a Antivirus. Please Help šŸ˜„
  25. Dear everyone, I am doing some experimenting with my new bash bunny and was wondering if once I enable an ATTACKMODE interface if it is possible to disable it after a little while without turning off the payload. For example I am trying ATTACKMODE HID STORAGE and then wondering if I can do something like DISABLE STORAGE or something of like that. I know to some of you this is probably going to seem like a stupid question but if anyone knows the answer can you please share. Thank you!!!
  • Create New...