diff --git a/payloads/library/prank/win93/README.md b/payloads/library/prank/win93/README.md new file mode 100644 index 00000000..099df81e --- /dev/null +++ b/payloads/library/prank/win93/README.md @@ -0,0 +1,35 @@ +# Win93 Prank +* Author: gled +* Version: Version 0.1 +* Target: Linux or MacOS ( tested on Linux only, with Chromium installed ), Windows planned + +## Description + +- First, uses a Ethernet Attack to run an OS detection via NMAP +- Second, uses a HID Attack to launch a fullscreen browser pointing to www.windows93.net +- leaves a log and the last nmap scan result in $LOOTDIR/win93 + +## Configuration + +None needed but: +- you can set the default OS if nmap scan fail to detect ( set DEFAULT_OS to MAC or LINUX ) + +## STATUS + +| LED | Status | +| ------------------ | ------------------------------------------------------- | +| Magenta (solid) | Setting up | +| Yellow (blinking1) | Nmap scan in progress,Ethernet Attack | +| Yellow (blinking2) | Os Detection running, remounted as HID | +| Yellow (blinking3) | HID attack in progress on the detected OS | +| Cyan (blinking) | HID attack in progress on the DEFAULT_OS, detect failed | +| White (blinking) | Cleaning up and syncin | +| Green (solid) | Finished, safe to remove the BB | +| Red (blinking) | Error, check the logs | + + +## Discussion +None yet + +## TODO +Relaunch the attack in RDNIS_ETHERNET if no ip has been found previously, to start supporting windows too. diff --git a/payloads/library/prank/win93/payload.txt b/payloads/library/prank/win93/payload.txt new file mode 100644 index 00000000..f57f475e --- /dev/null +++ b/payloads/library/prank/win93/payload.txt @@ -0,0 +1,96 @@ +# Title: Win93 +# Description: Open a new fullscreen navigator to windows93.net +# Author: gled +# Version: 0.1 +# Category: pranck +# Target: MacOs and Linux +# Attackmodes: Ethernet, HID + +# Config section +DEFAULT_OS='LINUX' +LOOTDIR='/root/udisk/loot/win93' + +# Script section, do not modify after that line +LED SETUP +mkdir -p $LOOTDIR +echo "Starting win93 prank" > $LOOTDIR/win93.log +DEFAULT=0 + +LED STAGE1 +ATTACKMODE ECM_ETHERNET +sleep 3 +GET TARGET_IP +if [ -z "${TARGET_IP}" ]; then + echo "No target IP, checking if it's a windows host" >> $LOOTDIR/win93.log + DEFAULT_OS='WIN' + LED SPECIAL + ATTACKMODE RDNIS_ETHERNET + sleep 3 + GET TARGET_IP + if [ -z "${TARGET_IP}" ]; then + LED FAIL + exit 1 + fi +fi +echo "Starting stage1, launching scan" >> $LOOTDIR/win93.log +nmap -O -sV --osscan-guess $TARGET_IP > $LOOTDIR/nmap_results.log + +LED STAGE2 +ATTACKMODE HID +echo "Starting stage2, checking nmap results" >> $LOOTDIR/win93.log +grep -i 'linux' $LOOTDIR/nmap_results.log +RES=$? +echo "After linux grep: $RES" >> $LOOTDIR/win93.log +if [ $RES -eq 0 ] +then + OS='LINUX' +else + grep -v 'MAC Address' $LOOTDIR/nmap_results.log | grep -i 'mac' + RES=$? + echo "After mac grep: $RES" >> $LOOTDIR/win93.log + if [ $RES -eq 0 ] + then + OS='MAC' + else + grep -i 'windows' $LOOTDIR/nmap_results.log + RES=$? + echo "After windows grep: $RES" >> $LOOTDIR/win93.log + if [ $RES -eq 0 ] + then + OS='WIN' + else + OS=$DEFAULT_OS + DEFAULT=1 + fi + fi +fi +echo "$OS Host detected" >> $LOOTDIR/win93.log + +if [ $DEFAULT -eq 0 ]; then +LED STAGE3 +else +LED SPECIAL +fi + +echo "Starting stage3, launching full screen browser on the website" >> $LOOTDIR/win93.log +if [ "$OS" = "MAC" ]; then + # May need csf instead of ccf for Chrome + RUN OSX "terminal" + QUACK STRING "open \"http://www.windows93.net\" && osascript -e \"sleep 3;ccf;\";" +elif [ "$OS" = "LINUX" ]; then + DUCKY_LANG fr + RUN UNITY "xterm" + QUACK STRING "chromium-browser --start-fullscreen --incognito --new-window http://www.windows93.net &; exit;" + QUACK ENTER + QUACK DELAY 1000 + QUACK F11 +elif [ "$OS" = "WIN" ]; then + LED FAIL + echo "Payload not supported on windows for now, exiting" >> $LOOTDIR/win93.log + exit 1 +fi + +LED CLEANUP +echo "Cleaning up now, syncing" >> $LOOTDIR/win93.log +sync +LED FINISH