mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-12-20 03:58:25 +00:00
Windows Persistent Reverse Shell for Bash Bunny
- Author: 0dyss3us (KeenanV)
- Version: 1.1
Description
Opens a persistent reverse shell through NetCat on victim's Windows machine and connects it back to host attacker.
- Targets Windows 10 (working on support for older versions)
- Connection can be closed and reconnected at any time
- Deploys in roughly 15-20 sec
- Works with NetCat
Requirements
Have a working Bash Bunny :)
STATUS
| LED | STATUS |
|---|---|
| Purple | Setup |
| Amber (Single Blink) | Installing and running scripts |
| Green | Finished |
Installation and Execution
- Plug in Bash Bunny in arming mode
- Move files from WindowsPersistentReverseShell to either switch folder
- Download ncat from http://nmap.org/dist/ncat-portable-5.59BETA1.zip and place the downloaded ncat.exe file in the same switch folder.
- Edit the persistence.vbs file and replace
ATTACKER_IPwith attacker's IP andPORTwith whichever port you like to use (I use 1337 😉) - Edit the run.ps1 file and replace
BashBunnywith the volume name of your Bash Bunny - Save the persistence.vbs file
- Unplug Bash Bunny and switch it to the position the payload is loaded on
- Plug the Bash Bunny into your victim's Windows machine and wait until the final light turns green (about 15-20 sec)
- Unplug the Bash Bunny and go to attacker's machine
- Listen on the port you chose in the persistence.vbs file on NetCat
- Run the command
nc -nlvp 1337(replace the port with the port in persistence.vbs) * If using Windows as the attacker machine, you must move the same ncat.exe file downloaded in step 3 to any directory and use the commandncatinstead ofncfrom that directory.
- Wait for connection (Should take no longer than 1 minute as the powershell command runs every minute)
- Once a Windows cmd prompt appears...YOU'RE DONE!! 😃 and you can disconnect and reconnect at any time as long as the user is logged in
Discussion
Click here for forum discussion