Jump to content

how to run cmd with Drive and the Switch position?

Manta

By Manta
in Bash Bunny

Recommended Posts

Manta Newbie

Manta

Posted
Posted

I'm trying to just display a BMP to the user when they plug in a USB. Its basically for Security awareness to accompany a Video I made about a found USB in the parking lot that someone plugged in and got all kind of things happen to them. 

I found this to determine the Drive letter using a WMIC command (Note: PS wont work because of security but WMIC will. ) how do I assign this variable to open a BMP? inside the ducky script. 

 for /f %%D in ('wmic volume get DriveLetter^, Label ^| find "yourLabel"') do set usb=%%D


 


I found this to determine the Drive letter using a WMIC command (note PS wont work because of security but WMIC will. ) how do I assign this variable to open a BMP? inside the ducky script. 

 for /f %%D in ('wmic volume get DriveLetter^, Label ^| find "BashBunny"') do set usb=%%D

Link to comment
Share on other sites
Manta Newbie

Manta

Posted
  • Author
Posted

found my own answer through Google and trial and error . 

Here is a super easy script for everyone.. it uses the Bunny helper script and a command line to determine the Drive letter and position of the usb.

This can probably be used with any command at this point. you could possibly combine this with any other script. Just put the background.bmp file 

in the payload section. This does not use Powershell. there are other examples of that. But with my systems  I have disabled the ability to run PS automatically unless a specific configuration is met. 

#!/bin/bash
#
# Title:         Security Awareness BMP script
# Author:        Manta0101    
# Version:       1.0
# Target:        Windows

#This one is used to show what is possible when someone takes a USB and connects it to their system. 
# Displays a background.bmp file using the default program. and then writes to notepad a warning, closes all the windows (including the 'open Drive Dialog' that seems to continually
# pop up when i was testing ) 
# LED 
# --------------------------------------------------------------------
# purple/yellow, working. 
# green Finished.

LED SETUP

DEFAULT_DELAY 50
ATTACKMODE HID STORAGE
# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
source bunny_helpers.sh
LED ATTACK
Q  GUI r
#Q DELAY 100
Q STRING "CMD"
Q ENTER
Q  DELAY 200
Q STRING \@echo off
Q ENTER
Q STRING "for /f %D in ('wmic volume get DriveLetter^, Label ^| findstr BashBunny') do set DRIVE=%D"
Q ENTER
Q DELAY 50
Q STRING %DRIVE%\\payloads\\$SWITCH_POSITION\\background.bmp
Q ENTER
Q DELAY 3000
Q GUI r
Q STRING "notepad.exe"
Q ENTER
Q STRING " This was not malicious but most times things happen in the background and you would never see it.."

Q ENTER
Q STRING "even the picture you see on screen was not necessary. This was just for demonstration purposes"
Q DELAY 10000
Q ENTER 
Q STRING "Closing this window"
Q ENTER
Q DELAY 2000
Q ALT F4
Q STRING n
Q ALT F4
Q DELAY 1000
Q STRING exit
Q ENTER
Q ALT F4
LED FINISH
 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...