Dave-ee Jones Posted May 18, 2017 Share Posted May 18, 2017 (edited) Slydoor Passing Powershell scripts to victim PCs via USB storage. Hey guys, here comes my second payload! This payload passes scripts to a user PC via USB storage (possibly more options coming in future) and HID injection. Target: Windows 7, 8, 8.1, 10 Dependencies: File 'a.ps1' - This is the script that is initiated to run other scripts (requires Admin privileges) Features: Modes: - Payload 'modes' are .ps1 files in the payload directory, allowing you to create your own 'modes' and configure the payload to run them - Slydoor, by default, comes with 2 modes - recon and adder [Mode] Recon: - Gathers WLAN data via 'netsh' module - Gathers process data via 'Get-Process' module - Gathers computer hardware data [Mode] Adder: - Creates a local Administrator account - Username: Slydoor - Password: slydoor Known bugs: None found as of yet In saying that, the Bunny automatically goes dark (ATTACKMODE OFF, LED OFF) after 3 seconds once the UAC has been bypassed (7 seconds after starting the first script). Github: Link to Github page I will be updating this quite a bit in the background, so stay tuned if you are interested in keeping this up-to-date. I will only upload versions that are working properly. Usage: When you create a .ps1 script, you can drag it into the payload folder and open the 'payload.txt' file. Once you've opened the file, you can edit the MODE option near the top ([OPTION] Mode). Here you can specify the name of the script (mode). E.g. If I wanted to run the 'recon.ps1' script I would set MODE to "recon" (make sure it is a string!). It's as easy as that. Okay, that's cool, but how is it different to other Powershell 'agents'? It's not really, it's just an easy solution for those who want to get some Powershell scripts going as soon as they have their Bunny (many people having issues getting their own to work). Update log: - Updated to 1.2 at 11:50AM on 19/05/17 Feel free to give me lots of constructive feedback! If you find any bugs, comment below - I'll check this post most days. This payload is open-source and editable as you like, but please do not post a copy of this as your own work, as it isn't nice and it isn't your own work! Edited July 17, 2017 by Dave-ee Jones Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.