HAK5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-12-24 14:08:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
bashbunny-payloads/payloads/library/remote_access/SSHhhhhh-(Linux)
History
WWVB 70eac91d25 Update payload.txt 
Implemented the $DRIVE_LABEL variable into the umount command, per @hak5peaks suggestion
2024-08-26 19:52:49 -04:00
..
boom.sh
Update boom.sh
2024-08-26 19:46:23 -04:00
payload.txt
Update payload.txt
2024-08-26 19:52:49 -04:00
readme.md
Renamed directory to remove space.
2019-06-27 20:20:28 -04:00

readme.md

SSHhhhhh

Author: WWVB

Version: Version 1.0

Description

Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS)

Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [nothing major])

Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..)

whoami

ip addr

arp data

route -n

/etc/passwd

/etc/shadow (on the off chance you get a root terminal)

uname -a

Two opportunites for persistence are injected:

Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)

Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later)

Configuration = HID STORAGE

Reference in New Issue View Git Blame Copy Permalink