🏆 by drapl0n April 08, 2022
Bash Bunny Execution
screenGrab payload captures snapshots of target's screen periodically and store them into bunny.
by Kalani April 08, 2022
OMG Prank
On macOS, Launch terminal and use the command 'say' to read out a string. Requirements: Any DuckyScript Capable Device
by Kalani April 08, 2022
OMG Prank
On Windows, Launch Powershell and use the System.speech to read out a string. Requirements: Any DuckyScript Capable Device
by drapl0n April 08, 2022
Bash Bunny Execution
Taking advantaged of cached images, imagesOfYore is simple payload which exfiltrates every image that target ever had in his disk.
by drapl0n April 08, 2022
Bash Bunny Execution
bunnyDOS payload intelligently search target's network for open http(configurable for https) ports and executes DOS it.
by drapl0n April 01, 2022
Bash Bunny Execution
camPeek payload peeks through targets web cam and capture images and stores them in bunny.
by Kalani March 31, 2022
General OMG
On execution, this payload will cause the target
computer to launch the Calculator. This is tested working on Windows 2000 - Windows 11, and multiple Linux d...
🏆 by TW-D March 29, 2022
OMG Remote Access
1. Adds a user account (OMG_User:OMG_P@ssW0rD).
2. Adds this local user to local administrator group.
3. Shares "C:" directory (OMG_SHARE).
4. Adds a rule to...
by Angelina Tsuboi March 25, 2022
Prank USB Rubber Ducky
Opens a terminal window and produces a digital rain effect inspired by the Matrix using cmatrix.
🏆 by 0i41E March 23, 2022
General OMG
A small message box, telling the user that he violated the security policy. The hostname of the user will be send to a webhook to report the incident. Fill i...
by drapl0n March 23, 2022
Bash Bunny Execution
Exploit for a new Linux vulnerability known as 'Dirty Pipe(CVE-2022-0847)' allows local users to gain root privileges. The vulnerability is tracked as CVE-20...
by drapl0n March 23, 2022
Credentials USB Rubber Ducky
sudoSnatch payload grabs sudo password in plain text, immediately after target uses `sudo` command and sends it back to attacker remotely/locally..
by drapl0n March 22, 2022
Bash Bunny Credentials
sudoSnatch payload grabs sudo password in plain text, immediately after target uses sudo command and sends it back to attacker remotely/locally.
🏆 by Cribbit March 16, 2022
Bash Bunny General
Downloads a list of Hak5 vids from YouTube (about 15 in the rss feed).
Then pick one at random, then opens it in the browser.
by 0i41E March 14, 2022
Bash Bunny Credentials
MiniDumpBunny uses Powersploits Out-MiniDump script to dump lsass. The script was rewritten, adapted for BashBunny usage and obfuscated in multiple ways to e...
🏆 by Maker March 13, 2022
Credentials USB Rubber Ducky
A variant of Win_Pass_Grabber by makozort but not reliant on Internet potentially ignoring any server-side-issues with Downloading/Uploading Files and Logs.
by drapl0n March 12, 2022
Bash Bunny Remote Access
LinuxPreter injects meterpreter payload, make it persistent and triggers payload on launch of terminal/shell.
by drapl0n March 08, 2022
Bash Bunny Exfiltration
intel(intelligence) payload collects detailed information of victims machine.
1. Prevent storing history.
2. Fetching BashBunny's block device.
3. Mounting B...
Get Rewarded
Contribute
Collaborate
Caution
Disclaimer
Stats
Leaderboard