Michael Weinstein Posted September 20, 2017 Posted September 20, 2017 I decided to put together a payload to get myself familiar with the bunny. This was inspired by SudoBackdoor and borrows heavily from it, but uses python because I'm more fluent in that than bash. I'm hoping to have this thing completed by the end of this week or possibly the weekend. The code under development is on my github at https://github.com/michael-weinstein/bashbunny-payloads/tree/darkCharlie/payloads/library/credentials/darkCharlie Quote
oXis Posted September 20, 2017 Posted September 20, 2017 Looks great. It's a shame you're installing pip packages on the victim computer, maybe you can try and bundle those packages together to avoid having to rely on a external internet connexion. Quote
Michael Weinstein Posted October 12, 2017 Author Posted October 12, 2017 oXis, I was debating about that one. Truth be told, it's generally not installing packages. The packages it tries to install usually come standard (except for sometimes paramiko) and if it can find them, it won't try to install them. The main package it depends on is getpass to give a proper password prompt, but I think that's a standard python package now. It's worked pretty well in testing, although I put it aside for a bit because I got another interesting idea. JediMasterX... check it out at the link. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.