Jump to content

Recommended Posts

Posted

I decided to put together a payload to get myself familiar with the bunny.  This was inspired by SudoBackdoor and borrows heavily from it, but uses python because I'm more fluent in that than bash.

I'm hoping to have this thing completed by the end of this week or possibly the weekend.

The code under development is on my github at https://github.com/michael-weinstein/bashbunny-payloads/tree/darkCharlie/payloads/library/credentials/darkCharlie

Posted

Looks great.

It's a shame you're installing pip packages on the victim computer, maybe you can try and bundle those packages together to avoid having to rely on a external internet connexion.

  • 3 weeks later...
Posted

oXis, I was debating about that one.  Truth be told, it's generally not installing packages.  The packages it tries to install usually come standard (except for sometimes paramiko) and if it can find them, it won't try to install them.  The main package it depends on is getpass to give a proper password prompt, but I think that's a standard python package now.  It's worked pretty well in testing, although I put it aside for a bit because I got another interesting idea.

JediMasterX... check it out at the link.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...