Indeserpen Posted April 24, 2022 Posted April 24, 2022 Hello! I was wondering, instead download execute payload from internet, is it possible to run executable directly from bash bunny payloads switch? Payload itself is C2 clientย Thanks for answering in this topic
dark_pyrro Posted April 25, 2022 Posted April 25, 2022 Just to answer what I believe is a general question about executing something from the Bunny storage, then my answer would be; yes. However, there's always an "it depends" linked to such an answer. So, it depends on your target machine and if it allows things to be executed from external storage. If that is blocked, then you can't do it. You could try to copy the executable from Bunny storage to the target box and execute it there, but this also depends on the settings and what is allowed (app whitelisting, etc.). Then, a more specific answer to the fact that you are trying to execute a C2 client from the Bunny; I'm not sure how you are going to do that on a target machine.
NoExecute Posted May 9, 2022 Posted May 9, 2022 As Dark_pyrro suggested you can copy it from BashBunny storage to the target and execute it from the payload, there's a template in the payloads script that does this. But, it also depends on the target settings, what the payload is, or if it's a internet connected system or a standalone. So the answer is not as simple as you might want ๐ Have a look into LolBins for Windows, since some of those can be used for downloading and executing of payloads, if you have a C2, spin up a webserver / webdav for hosting of payloads, and while you're at it, make yourself a nice FTP server, and use Powershell to steal user files and Wifi creds ๐ (It's about fifty lines of powershell code ๐ ) So, kick into research mode, make a lab, try stuff out and most of all, have fun ๐
Indeserpen Posted May 10, 2022 Author Posted May 10, 2022 Thanks all to answer! I am playing around with it, have build lab and there is lot fun!ย Thanks for answers! Cheers!
Recommended Posts
Archived
This topic is now archived and is closed to further replies.