Hidden browser window payload

[Dleet]

I just received my BB and it’s sooo cool! Been a big fan of Hak5 and happy to finally support them.

 

So...I’m trying to write my first payload on an idea I had but was wondering what the best approach was. I’m very new to writing code but I have no problem understanding what’s going on in the already made payloads on the hit but, writing from scratch is still an issue for me conceptually.

 

Payload: Load or call a web page with a hidden browser window. Would also want to set this to run on each startup.

 

I feel like this would be super easy to write but, since I am new I’m having probs thinking about the flow of how the payload would execute. Would this be a combination of duckyscript and bash?

 

Not asking for free code, just looking for help to understand what’s going on. Can someone help with sample code as a starting point or explainer or link me to a great resource on bash bunny basics?

Thanks!!

[RazerBlade]

Autostarting may be hard to achive if you don't have admin privileges. In powershell, you can call websites, check this out: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-5.1

[C1PH3R]

On 12/16/2017 at 10:14 AM, RazerBlade said:

Autostarting may be hard to achive if you don't have admin privileges. In powershell, you can call websites, check this out: https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/invoke-webrequest?view=powershell-5.1

Autostarting without Admin privileges is not hard. if you look at my payload on GitHub:

https://github.com/CIPH3R0/bashbunny-payloads

You can see that you can achieve it by adding it to the shell:startup folder. Just look at the copy-reverse.txt in payloads/library/USB PWNR/

C1PH3R

"Don't look at the branch of the problem, look at the root(C1PH3R)"

[Dave-ee Jones]

You can create website traffic with a Python script as well.

https://docs.python.org/2/howto/urllib2.html

[Dleet]

Thank you everyone, this is really helpful!

[PoSHMagiC0de]

Actually, in Windows there are different ways to do web traffic programmically depending on what you are trying to do.  I have been experimenting using iexplorer as a communication transport for an agent.  Instead of using invoke-webrequest or WebClient.DownloadString() I use Internet Explorer I access as a COM and have hidden in the background to get my payloads for me and read them from there.  Keep in mind using COM objects are usually asynchronous so when you have it do something, you usually have to create a loop to keep checking its status to see when it is done.

Now you do not have tell-tale signs of agents on your machine with Downloadstring and invoke-webrequest.  There is also the tcpclient too but unless you know how to use netcat to have a  conversation with your webserver or what not you will have issues and it will add more code since you have to format the requests and data all by hand, raw communications.

If your goal is to just start a hidden browser on a webpage with no interactivity between the browser and the program then you can just use powershell to fire off the process as hidden with the arguments pointing to whatever url you want.