Michael Weinstein Posted September 20, 2017 Share Posted September 20, 2017 I decided to put together a payload to get myself familiar with the bunny. This was inspired by SudoBackdoor and borrows heavily from it, but uses python because I'm more fluent in that than bash. I'm hoping to have this thing completed by the end of this week or possibly the weekend. The code under development is on my github at https://github.com/michael-weinstein/bashbunny-payloads/tree/darkCharlie/payloads/library/credentials/darkCharlie Quote Link to comment Share on other sites More sharing options...
oXis Posted September 20, 2017 Share Posted September 20, 2017 Looks great. It's a shame you're installing pip packages on the victim computer, maybe you can try and bundle those packages together to avoid having to rely on a external internet connexion. Quote Link to comment Share on other sites More sharing options...
JediMasterX Posted September 23, 2017 Share Posted September 23, 2017 Hmmm , well... Waiting :P Quote Link to comment Share on other sites More sharing options...
Michael Weinstein Posted October 12, 2017 Author Share Posted October 12, 2017 oXis, I was debating about that one. Truth be told, it's generally not installing packages. The packages it tries to install usually come standard (except for sometimes paramiko) and if it can find them, it won't try to install them. The main package it depends on is getpass to give a proper password prompt, but I think that's a standard python package now. It's worked pretty well in testing, although I put it aside for a bit because I got another interesting idea. JediMasterX... check it out at the link. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.