hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added Win93 prank payload (#231) 

* win93 payload initial release

* readme.md: added TODO

* payload.txt: corrected the command, no need to escape everything

* initial windows support
pull/232/head
Tristan Mahé 2017-07-09 14:28:11 -07:00 committed by Sebastian Kinne
parent 0f83db10f5
commit 80d622e16e
2 changed files with 131 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
payloads/library/prank/win93/README.md Normal file
View File

@ -0,0 +1,35 @@
# Win93 Prank
* Author: gled
* Version: Version 0.1
* Target: Linux or MacOS ( tested on Linux only, with Chromium installed ), Windows planned
## Description
- First, uses a Ethernet Attack to run an OS detection via NMAP
- Second, uses a HID Attack to launch a fullscreen browser pointing to www.windows93.net
- leaves a log and the last nmap scan result in $LOOTDIR/win93
## Configuration
None needed but:
- you can set the default OS if nmap scan fail to detect ( set DEFAULT_OS to MAC or LINUX )
## STATUS
| LED | Status |
| ------------------ | ------------------------------------------------------- |
| Magenta (solid) | Setting up |
| Yellow (blinking1) | Nmap scan in progress,Ethernet Attack |
| Yellow (blinking2) | Os Detection running, remounted as HID |
| Yellow (blinking3) | HID attack in progress on the detected OS |
| Cyan (blinking) | HID attack in progress on the DEFAULT_OS, detect failed |
| White (blinking) | Cleaning up and syncin |
| Green (solid) | Finished, safe to remove the BB |
| Red (blinking) | Error, check the logs |
## Discussion
None yet
## TODO
Relaunch the attack in RDNIS_ETHERNET if no ip has been found previously, to start supporting windows too.

96
payloads/library/prank/win93/payload.txt Normal file
View File

@ -0,0 +1,96 @@
# Title: Win93
# Description: Open a new fullscreen navigator to windows93.net
# Author: gled
# Version: 0.1
# Category: pranck
# Target: MacOs and Linux
# Attackmodes: Ethernet, HID
# Config section
DEFAULT_OS='LINUX'
LOOTDIR='/root/udisk/loot/win93'
# Script section, do not modify after that line
LED SETUP
mkdir -p $LOOTDIR
echo "Starting win93 prank" > $LOOTDIR/win93.log
DEFAULT=0
LED STAGE1
ATTACKMODE ECM_ETHERNET
sleep 3
GET TARGET_IP
if [ -z "${TARGET_IP}" ]; then
echo "No target IP, checking if it's a windows host" >> $LOOTDIR/win93.log
DEFAULT_OS='WIN'
LED SPECIAL
ATTACKMODE RDNIS_ETHERNET
sleep 3
GET TARGET_IP
if [ -z "${TARGET_IP}" ]; then
LED FAIL
exit 1
fi
fi
echo "Starting stage1, launching scan" >> $LOOTDIR/win93.log
nmap -O -sV --osscan-guess $TARGET_IP > $LOOTDIR/nmap_results.log
LED STAGE2
ATTACKMODE HID
echo "Starting stage2, checking nmap results" >> $LOOTDIR/win93.log
grep -i 'linux' $LOOTDIR/nmap_results.log
RES=$?
echo "After linux grep: $RES" >> $LOOTDIR/win93.log
if [ $RES -eq 0 ]
then
OS='LINUX'
else
grep -v 'MAC Address' $LOOTDIR/nmap_results.log | grep -i 'mac'
RES=$?
echo "After mac grep: $RES" >> $LOOTDIR/win93.log
if [ $RES -eq 0 ]
then
OS='MAC'
else
grep -i 'windows' $LOOTDIR/nmap_results.log
RES=$?
echo "After windows grep: $RES" >> $LOOTDIR/win93.log
if [ $RES -eq 0 ]
then
OS='WIN'
else
OS=$DEFAULT_OS
DEFAULT=1
fi
fi
fi
echo "$OS Host detected" >> $LOOTDIR/win93.log
if [ $DEFAULT -eq 0 ]; then
LED STAGE3
else
LED SPECIAL
fi
echo "Starting stage3, launching full screen browser on the website" >> $LOOTDIR/win93.log
if [ "$OS" = "MAC" ]; then
# May need csf instead of ccf for Chrome
RUN OSX "terminal"
QUACK STRING "open \"http://www.windows93.net\" && osascript -e \"sleep 3;ccf;\";"
elif [ "$OS" = "LINUX" ]; then
DUCKY_LANG fr
RUN UNITY "xterm"
QUACK STRING "chromium-browser --start-fullscreen --incognito --new-window http://www.windows93.net &; exit;"
QUACK ENTER
QUACK DELAY 1000
QUACK F11
elif [ "$OS" = "WIN" ]; then
LED FAIL
echo "Payload not supported on windows for now, exiting" >> $LOOTDIR/win93.log
exit 1
fi
LED CLEANUP
echo "Cleaning up now, syncing" >> $LOOTDIR/win93.log
sync
LED FINISH