Jump to content

Recommended Posts

Slydoor

Passing Powershell scripts to victim PCs via USB storage.

Hey guys, here comes my second payload! This payload passes scripts to a user PC via USB storage (possibly more options coming in future) and HID injection.

Target:

Windows 7, 8, 8.1, 10

Dependencies:

File 'a.ps1'
	- This is the script that is initiated to run other scripts (requires Admin privileges)

 

Features:

Modes:
	- Payload 'modes' are .ps1 files in the payload directory, allowing you to create your own 'modes' and configure the payload to run them
	- Slydoor, by default, comes with 2 modes - recon and adder

[Mode] Recon:
	- Gathers WLAN data via 'netsh' module
	- Gathers process data via 'Get-Process' module
 	- Gathers computer hardware data

[Mode] Adder:
	- Creates a local Administrator account
	- Username: Slydoor
	- Password: slydoor

 

Known bugs:

None found as of yet

In saying that, the Bunny automatically goes dark (ATTACKMODE OFF, LED OFF) after 3 seconds once the UAC has been bypassed (7 seconds after starting the first script).

 

Github:

Link to Github page

I will be updating this quite a bit in the background, so stay tuned if you are interested in keeping this up-to-date. I will only upload versions that are working properly.
 

Usage:

When you create a .ps1 script, you can drag it into the payload folder and open the 'payload.txt' file. Once you've opened the file, you can edit the MODE option near the top ([OPTION] Mode). Here you can specify the name of the script (mode). E.g. If I wanted to run the 'recon.ps1' script I would set MODE to "recon" (make sure it is a string!).

It's as easy as that.
 

Okay, that's cool, but how is it different to other Powershell 'agents'?

It's not really, it's just an easy solution for those who want to get some Powershell scripts going as soon as they have their Bunny (many people having issues getting their own to work).
 

Update log:

- Updated to 1.2 at 11:50AM on 19/05/17

Feel free to give me lots of constructive feedback!

If you find any bugs, comment below - I'll check this post most days.

This payload is open-source and editable as you like, but please do not post a copy of this as your own work, as it isn't nice and it isn't your own work!

Edited by Dave-ee Jones
Link to post
Share on other sites
7 hours ago, rottingsun said:

Nice. I got mine in recently. My first payload was running procdump from the bunny and then saving the dump file onto the bunny for later mimikatz analysis. 

Noice.

Link to post
Share on other sites
  • 1 year later...

Looks good! I was trying to search for more meaningful bugs but could only find one small one.🤷‍♂️

On line 29 of file "payload.txt"

echo "- Can't find mode script" >> $LOG_PATH

I am not sure if you did this on purpose but I believe you meant to type:

echo "- Can't find $MODE script" >> $LOG_PATH

 

Thanks for sharing your code I really liked it! 👍

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...