Jump to content

[PAYLOAD] Slydoor

Dave-ee Jones

Recommended Posts


Passing Powershell scripts to victim PCs via USB storage.

Hey guys, here comes my second payload! This payload passes scripts to a user PC via USB storage (possibly more options coming in future) and HID injection.


Windows 7, 8, 8.1, 10


File 'a.ps1'
	- This is the script that is initiated to run other scripts (requires Admin privileges)



	- Payload 'modes' are .ps1 files in the payload directory, allowing you to create your own 'modes' and configure the payload to run them
	- Slydoor, by default, comes with 2 modes - recon and adder

[Mode] Recon:
	- Gathers WLAN data via 'netsh' module
	- Gathers process data via 'Get-Process' module
 	- Gathers computer hardware data

[Mode] Adder:
	- Creates a local Administrator account
	- Username: Slydoor
	- Password: slydoor


Known bugs:

None found as of yet

In saying that, the Bunny automatically goes dark (ATTACKMODE OFF, LED OFF) after 3 seconds once the UAC has been bypassed (7 seconds after starting the first script).



Link to Github page

I will be updating this quite a bit in the background, so stay tuned if you are interested in keeping this up-to-date. I will only upload versions that are working properly.


When you create a .ps1 script, you can drag it into the payload folder and open the 'payload.txt' file. Once you've opened the file, you can edit the MODE option near the top ([OPTION] Mode). Here you can specify the name of the script (mode). E.g. If I wanted to run the 'recon.ps1' script I would set MODE to "recon" (make sure it is a string!).

It's as easy as that.

Okay, that's cool, but how is it different to other Powershell 'agents'?

It's not really, it's just an easy solution for those who want to get some Powershell scripts going as soon as they have their Bunny (many people having issues getting their own to work).

Update log:

- Updated to 1.2 at 11:50AM on 19/05/17

Feel free to give me lots of constructive feedback!

If you find any bugs, comment below - I'll check this post most days.

This payload is open-source and editable as you like, but please do not post a copy of this as your own work, as it isn't nice and it isn't your own work!

Link to comment
Share on other sites

  • 1 year later...

Looks good! I was trying to search for more meaningful bugs but could only find one small one.🤷‍♂️

On line 29 of file "payload.txt"

echo "- Can't find mode script" >> $LOG_PATH

I am not sure if you did this on purpose but I believe you meant to type:

echo "- Can't find $MODE script" >> $LOG_PATH


Thanks for sharing your code I really liked it! 👍

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...