MuAlphaChi_ Posted June 23, 2017 Posted June 23, 2017 Hi there, I'm very new to the bash bunny and I was hoping someone could help me create a payload that runs a java file in the same folder as the payload. Cheers Quote
MuAlphaChi_ Posted June 23, 2017 Author Posted June 23, 2017 Forgot to mention it's for use on windows 7 & 10 Quote
Fang_Shadow Posted June 23, 2017 Posted June 23, 2017 On the bashbunny itself or the host computer the bashbunny is plugged into, please note that not all computers come with the jre installed and would likely not work because of this. Quote
Dave-ee Jones Posted June 23, 2017 Posted June 23, 2017 (edited) Well you could have the JRE/JDK/JDE on your Bunny, and then compile Java with that. But because not every PC has Java all the scripts would have to be run on your Bunny (unless of course the PC has Java in which case you can run it on there, yes). Also keep in mind that even though some PCs have Java, they are not always up to date (quite the opposite), so running a Java script in a CMD prompt you have to call on Java and then use the file as a parameter, but how do you know what version they have and therefore how do you know where Java is? You might have to select it by doing something like: (For Windows) cd C:\Program Files\Java\jdk* # the '*' saying "look for a folder with 'jdk' as the start cd jre <call on Java exe here> Also, sometimes Java sets up a PATH environmental variable. Edited June 23, 2017 by Dave-ee Jones 1 Quote
MuAlphaChi_ Posted June 23, 2017 Author Posted June 23, 2017 6 hours ago, Fang_Shadow said: On the bashbunny itself or the host computer the bashbunny is plugged into, please note that not all computers come with the jre installed and would likely not work because of this. 3 hours ago, Dave-ee Jones said: Well you could have the JRE/JDK/JDE on your Bunny, and then compile Java with that. But because not every PC has Java all the scripts would have to be run on your Bunny (unless of course the PC has Java in which case you can run it on there, yes). Also keep in mind that even though some PCs have Java, they are not always up to date (quite the opposite), so running a Java script in a CMD prompt you have to call on Java and then use the file as a parameter, but how do you know what version they have and therefore how do you know where Java is? You might have to select it by doing something like: (For Windows) cd C:\Program Files\Java\jdk* # the '*' saying "look for a folder with 'jdk' as the start cd jre <call on Java exe here> Also, sometimes Java sets up a PATH environmental variable. I know the computers I'm going to use it on have the latest version installed. I just need a payload that can run a file in the same folder as the payload despite the drive the bunny is plugged into and which switch the payload is on. Quote
dbum Posted June 27, 2017 Posted June 27, 2017 Here is one that I modified (original credit to RalphyZ). This is mad to run "ms.bat" stored in the payloads dir. I think this what you're looking for? # Magenta solid LED SETUP # Set the attack mode ATTACKMODE HID STORAGE # Get the switch position GET SWITCH_POSITION Check if ms.bat is present if [ ! -f "/root/udisk/payloads/${SWITCH_POSITION}/ms.bat" ] ; then LED FAIL exit 1 fi # Start the attack - yellow single blink LED ATTACK # Run the Batch File QUACK GUI r QUACK DELAY 100 QUACK STRING powershell -WindowStyle Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\ms.bat') -e cmd.exe" QUACK ENTER # Green 1000ms VERYFAST blink followed by SOLID LED FINISH exit 0 Quote
Dave-ee Jones Posted June 27, 2017 Posted June 27, 2017 You know, my payload, Slydoor, is made to do this (with Admin privileges as well if the PC is logged in as a local Administrator). Quote
PoSHMagiC0de Posted June 28, 2017 Posted June 28, 2017 Hmm, so you want to run jar files. Well, if you know the java command line here is how you can always get the path to the java executable. it seems it is installed in programdata but to make sure you can do this. $javapath = $env:Path -split ";" | where {$_ -match "Oracle" -and $_ -match "java"} if([string]::IsNullOrEmpty($javapath)) { Write-Error "Java JRE seems to not be installed on this system" exit; } else { $javaapp = $javapath + "\\java.exe" } $null = Start-Process $javaapp -WindowStyle "<You can hide the window or completely leave WindowStyle Parameter out.>" -ArgumentList "<Your java arguments go here>" If you did not run the script as admin and want to run the jar as admin then you will need to add the parameter: -verb "runas" to run java as admin but it will prompt. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.