Added Win93 prank payload (#231)
* win93 payload initial release * readme.md: added TODO * payload.txt: corrected the command, no need to escape everything * initial windows supportpull/232/head
parent
0f83db10f5
commit
80d622e16e
|
@ -0,0 +1,35 @@
|
|||
# Win93 Prank
|
||||
* Author: gled
|
||||
* Version: Version 0.1
|
||||
* Target: Linux or MacOS ( tested on Linux only, with Chromium installed ), Windows planned
|
||||
|
||||
## Description
|
||||
|
||||
- First, uses a Ethernet Attack to run an OS detection via NMAP
|
||||
- Second, uses a HID Attack to launch a fullscreen browser pointing to www.windows93.net
|
||||
- leaves a log and the last nmap scan result in $LOOTDIR/win93
|
||||
|
||||
## Configuration
|
||||
|
||||
None needed but:
|
||||
- you can set the default OS if nmap scan fail to detect ( set DEFAULT_OS to MAC or LINUX )
|
||||
|
||||
## STATUS
|
||||
|
||||
| LED | Status |
|
||||
| ------------------ | ------------------------------------------------------- |
|
||||
| Magenta (solid) | Setting up |
|
||||
| Yellow (blinking1) | Nmap scan in progress,Ethernet Attack |
|
||||
| Yellow (blinking2) | Os Detection running, remounted as HID |
|
||||
| Yellow (blinking3) | HID attack in progress on the detected OS |
|
||||
| Cyan (blinking) | HID attack in progress on the DEFAULT_OS, detect failed |
|
||||
| White (blinking) | Cleaning up and syncin |
|
||||
| Green (solid) | Finished, safe to remove the BB |
|
||||
| Red (blinking) | Error, check the logs |
|
||||
|
||||
|
||||
## Discussion
|
||||
None yet
|
||||
|
||||
## TODO
|
||||
Relaunch the attack in RDNIS_ETHERNET if no ip has been found previously, to start supporting windows too.
|
|
@ -0,0 +1,96 @@
|
|||
# Title: Win93
|
||||
# Description: Open a new fullscreen navigator to windows93.net
|
||||
# Author: gled
|
||||
# Version: 0.1
|
||||
# Category: pranck
|
||||
# Target: MacOs and Linux
|
||||
# Attackmodes: Ethernet, HID
|
||||
|
||||
# Config section
|
||||
DEFAULT_OS='LINUX'
|
||||
LOOTDIR='/root/udisk/loot/win93'
|
||||
|
||||
# Script section, do not modify after that line
|
||||
LED SETUP
|
||||
mkdir -p $LOOTDIR
|
||||
echo "Starting win93 prank" > $LOOTDIR/win93.log
|
||||
DEFAULT=0
|
||||
|
||||
LED STAGE1
|
||||
ATTACKMODE ECM_ETHERNET
|
||||
sleep 3
|
||||
GET TARGET_IP
|
||||
if [ -z "${TARGET_IP}" ]; then
|
||||
echo "No target IP, checking if it's a windows host" >> $LOOTDIR/win93.log
|
||||
DEFAULT_OS='WIN'
|
||||
LED SPECIAL
|
||||
ATTACKMODE RDNIS_ETHERNET
|
||||
sleep 3
|
||||
GET TARGET_IP
|
||||
if [ -z "${TARGET_IP}" ]; then
|
||||
LED FAIL
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
echo "Starting stage1, launching scan" >> $LOOTDIR/win93.log
|
||||
nmap -O -sV --osscan-guess $TARGET_IP > $LOOTDIR/nmap_results.log
|
||||
|
||||
LED STAGE2
|
||||
ATTACKMODE HID
|
||||
echo "Starting stage2, checking nmap results" >> $LOOTDIR/win93.log
|
||||
grep -i 'linux' $LOOTDIR/nmap_results.log
|
||||
RES=$?
|
||||
echo "After linux grep: $RES" >> $LOOTDIR/win93.log
|
||||
if [ $RES -eq 0 ]
|
||||
then
|
||||
OS='LINUX'
|
||||
else
|
||||
grep -v 'MAC Address' $LOOTDIR/nmap_results.log | grep -i 'mac'
|
||||
RES=$?
|
||||
echo "After mac grep: $RES" >> $LOOTDIR/win93.log
|
||||
if [ $RES -eq 0 ]
|
||||
then
|
||||
OS='MAC'
|
||||
else
|
||||
grep -i 'windows' $LOOTDIR/nmap_results.log
|
||||
RES=$?
|
||||
echo "After windows grep: $RES" >> $LOOTDIR/win93.log
|
||||
if [ $RES -eq 0 ]
|
||||
then
|
||||
OS='WIN'
|
||||
else
|
||||
OS=$DEFAULT_OS
|
||||
DEFAULT=1
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
echo "$OS Host detected" >> $LOOTDIR/win93.log
|
||||
|
||||
if [ $DEFAULT -eq 0 ]; then
|
||||
LED STAGE3
|
||||
else
|
||||
LED SPECIAL
|
||||
fi
|
||||
|
||||
echo "Starting stage3, launching full screen browser on the website" >> $LOOTDIR/win93.log
|
||||
if [ "$OS" = "MAC" ]; then
|
||||
# May need csf instead of ccf for Chrome
|
||||
RUN OSX "terminal"
|
||||
QUACK STRING "open \"http://www.windows93.net\" && osascript -e \"sleep 3;ccf;\";"
|
||||
elif [ "$OS" = "LINUX" ]; then
|
||||
DUCKY_LANG fr
|
||||
RUN UNITY "xterm"
|
||||
QUACK STRING "chromium-browser --start-fullscreen --incognito --new-window http://www.windows93.net &; exit;"
|
||||
QUACK ENTER
|
||||
QUACK DELAY 1000
|
||||
QUACK F11
|
||||
elif [ "$OS" = "WIN" ]; then
|
||||
LED FAIL
|
||||
echo "Payload not supported on windows for now, exiting" >> $LOOTDIR/win93.log
|
||||
exit 1
|
||||
fi
|
||||
|
||||
LED CLEANUP
|
||||
echo "Cleaning up now, syncing" >> $LOOTDIR/win93.log
|
||||
sync
|
||||
LED FINISH
|
Loading…
Reference in New Issue