Spinning Around

Spinning Around

by Cribbit December 21, 2021

Bash Bunny Prank

Spinning Ascii Hak5 Logo in a powershell window. Props to TW-D for the inspiration, audibleblink for python server code "execution/ShellExec/payload.txt" and...
Revolver

Revolver

by saintcrossbow December 21, 2021

Bash Bunny General

This payload was made in the style of Q Branch: it provides multiple options for attack and getting out of bad situations. Switching into this payload will p...

Smart Data Thief

Smart Data Thief

by saintcrossbow December 21, 2021

Bash Bunny Exfiltration

Make your Bash Bunny into the perfect data thief. This payload is ideal for demonstrating the need to lock workstations: using it, you can stroll through a f...
Extroot Configuration

Extroot Configuration

by jrwimmer December 21, 2021

General LAN Turtle

Simplified SD card storage. Based off this guide (https://openwrt.org/docs/guide-user/additional-software/extroot_configuration) from the OpenWRT documenta...

Exfiltrate WiFi names & PSK over DNS, now with AES-256 encryption in transit

Exfiltrate WiFi names & PSK over DNS, now with AES-256 encryption in transit

by Keld Norman October 17, 2021

Exfiltration OMG

Building upon the earlier WiFi2DNS payload that uses stealthy DNS exfiltration, Keld Norman has applied AES-256 encryption for a much more secure transit of ...
Exfiltrate WiFi names and PSKs over DNS

Exfiltrate WiFi names and PSKs over DNS

by @keld_norman October 12, 2021

Exfiltration OMG

WiFi names and PSK are exfiltrated over DNS.

DumpCreds

DumpCreds

by cerebro11 October 05, 2021

Bash Bunny Credentials

Dumps the usernames & plaintext passwords from, Browsers (Chrome, FireFox), Windows Vault, Wi-Fi, sam, system, security from Registry => SAM Hashes (o...
Link File Analysis

Link File Analysis

by Paul Murton October 05, 2021

Bash Bunny Incident Response

In an incident where a user is suspected of exfiltrating data to a USB storage device, CD/DVD etc, its possible that the user may subsequently open an exfilt...

Hidden Images

Hidden Images

by Paul Murton October 05, 2021

Bash Bunny Incident Response

A (naive) user may attempt to hide image(picture) files by simply renaming them to appear to be other filetypes (i.e. Word documents etc). This payload uses ...
Network Recon Payload with email exfiltration

Network Recon Payload with email exfiltration

by Topknot October 05, 2021

Recon Shark Jack

Performs an nmap ping scan of the local subnet and logs it to a text file. Pulls LLDP neighbor and switch information and logs it to a text file. Performs an...

Hak5 ASCII Art

Hak5 ASCII Art

by Cribbit October 05, 2021

General Key Croc

Replaces hak5 with ascii art version.
Active netdiscover Payload

Active netdiscover Payload

by Charles BLANC ROLIN October 05, 2021

Recon Shark Jack

Broadcast ARP with netdiscover using specified options. Saves each scan result to loot storage folder.

Passive netdiscover Payload

Passive netdiscover Payload

🏆   by Charles BLANC ROLIN October 05, 2021

Recon Shark Jack

Broadcast ARP with netdiscover using specified options. Saves each scan result to loot storage folder.
Keep Alive

Keep Alive

by Saint Crossbow October 05, 2021

General Key Croc

Don't let the PC fall asleep. Like having a mouse wiggler on for your Key Croc, except with keys! Unlike a regular mouse wiggler, this will constantly press ...

Croc Pot

Croc Pot

by Spywill October 05, 2021

General Key Croc

Send E-mail, Status of Key Croc, Basic Nmap, TCPdump, Install payload, SSH to HAK5 gear, Reverse ssh tunnel, and more. Will start OS detection scan to see wh...
Little Labyrinth

Little Labyrinth

by Cribbit October 05, 2021

General Key Croc

Quacking text adventure. Open a text editor, start the game and enjoy this basic text adventure.

Change Windows Wallpaper

Change Windows Wallpaper

by xhico October 05, 2021

Bash Bunny Prank

Changes the users wallpaper from the ${SWITCH_POSITION} folder in the payloads library of the Bash Bunny USB Disk partition.
Fake Win10 Update Extractor

Fake Win10 Update Extractor

by HackingMark September 30, 2021

Bash Bunny Exfiltration

A stupid easy to use file extractor leveraging the USB storage attack mode. Will stuff the found files in the /loot/USB-Exfiltration/Computername-Date folder...