hitem Posted July 25, 2021 Share Posted July 25, 2021 HiveNightmare for Bush Bunny Author: hitem Version: 1.0 Description Leverages the following exploit CVE-2021–36934 dubbed "SeriousSam". It uses a PoC-Tool by GosiTheDog. Targets Windows 10 Deploys in roughly 8-10 sec from plugin to execution completed Now you have SAM, SYSTEM and SECURITY in your loot folder! It clears some basic traces! (run/folder) Requirements Bash Bunny \o/ STATUS LED STATUS Purple Initializing Blue (blinking) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files to the switch you want em to be executed from (dont forget the *.exe from GossiTheDogs repository) Edit the Scripts to fit your deployment (*.ps1 switch path as an example) Eject the Bash Bunny and go ahead! Only known mitigation in my limited testing is "folder protection"-On by Windows Defender. I have also attached the /Mitigation/ possibility in the repository below for those who want to remedy this exploit via Bash Bunny. Download Click here to go to my github and downloadNote and Creds: I have owned a Bash Bunny MKII for 1 week, im completly new to this. SeriousSam however is "get it while its fresh" exploit and i wrote a simple Bash Bunny script and a powershellscript to leverage the GossiTheDog's PoC-tool. More info in the scripts! Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.