Jump to content

[PAYLOAD-UPDATE] psh_DownloadExecSMB

LowValueTarget

By LowValueTarget
in Payloads

 Share

Recommended Posts

LowValueTarget Newbie

LowValueTarget

Posted
Posted

I've updated my psh_DownloadExecSMB payload to allow for exfiltration.

psh_DownloadExecSMB will take any powershell payload, execute it and alert via green LED when it's completed. All file transfers happens over SMB  to the Bash Bunny.

In order to exfil data, have your powershell payload upload to \\172.16.64.1\s\l\ -- this will be copied to the BB as loot.

Bonus: Because this payload uses SMB, any captured SMB credentials will be stored as loot.

My Repo: https://github.com/hink/bashbunny-payloads/tree/payload/pshExecFixes/payloads/library/execution/psh_DownloadExecSMB

Pull Request: https://github.com/hak5/bashbunny-payloads/pull/268

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...