hitem Posted July 25, 2021 Share Posted July 25, 2021 HiveNightmare for Bush Bunny Author: hitem Version: 1.0 Description Leverages the following exploit CVE-2021–36934 dubbed "SeriousSam". It uses a PoC-Tool by GosiTheDog. Targets Windows 10 Deploys in roughly 8-10 sec from plugin to execution completed Now you have SAM, SYSTEM and SECURITY in your loot folder! It clears some basic traces! (run/folder) Requirements Bash Bunny \o/ STATUS LED STATUS Purple Initializing Blue (blinking) Installing and running scripts Green Finished Installation and Execution Plug in Bash Bunny in arming mode Move files to the switch you want em to be executed from (dont forget the *.exe from GossiTheDogs repository) Edit the Scripts to fit your deployment (*.ps1 switch path as an example) Eject the Bash Bunny and go ahead! Only known mitigation in my limited testing is "folder protection"-On by Windows Defender. I have also attached the /Mitigation/ possibility in the repository below for those who want to remedy this exploit via Bash Bunny. Download Click here to go to my github and downloadNote and Creds: I have owned a Bash Bunny MKII for 1 week, im completly new to this. SeriousSam however is "get it while its fresh" exploit and i wrote a simple Bash Bunny script and a powershellscript to leverage the GossiTheDog's PoC-tool. More info in the scripts! Quote Link to comment Share on other sites More sharing options...
hitem Posted July 25, 2021 Author Share Posted July 25, 2021 Hi guys! I just wanted to add that i did a PR to github and a few hours after me this gentleman did a *.exe-less version. Im posting it here to incase someone is interested! 🙂 Only reason for me to actually keep the *.exe in mine is purely to give credit where credit was due . Now you have both! Enjoy! 1 Quote Link to comment Share on other sites More sharing options...
9o3 Posted July 26, 2021 Share Posted July 26, 2021 Hi Hitem, First off awesome that you also made a BB payload for the SeriousSAM vulnerability! If I had known you were also working on it I wouldn't have submitted my own payload. My apologies for that. I look forward to seeing what other payloads you'll create. ~9o3 1 Quote Link to comment Share on other sites More sharing options...
hitem Posted July 26, 2021 Author Share Posted July 26, 2021 No worries good sir, its all my pleasure - i enjoyed your code (it was handsome) so i wanted to include it in this thread as well! Its good to have different versions and approaches, that's how we improve! 🙂 (exe can run in cmd incase ps is blocked as an example). Your code teach me a lot so keep up the good stuff! Same to you! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.