bashbunny-payloads/ScreenGrab at 9bc2a0312d68545e39124cf46e133e2939036519 - bashbunny-payloads - The Red Team

History

drapl0n bd4ec90d04 Changing systemd Unit (#514 ) * Uploaded BunnyLogger * uploading payload intel * Create README.md * Update README.md * uploaded LinuxPreter * uploaded FileRipper Faster executing version * Update README.md * fixing typo * uploaded sudoSnatch * Update README.md * deleting sudoSnatch * uploading payload * Delete payload.sh * Delete shell * Delete systemBus * Delete camPeek directory * Update payload.sh * Update payload.sh * Delete payloads/library/execution/FileRipper directory * Update payload.sh * Update payload.sh * Update payload.sh * Update payload.sh		2022-04-14 16:09:21 -05:00
..
screenGrab	Changing systemd Unit (#514 )	2022-04-14 16:09:21 -05:00
switch1	Uploading ScreenGrab (#511 )	2022-04-08 09:31:30 -05:00
switch2	Uploading ScreenGrab (#511 )	2022-04-08 09:31:30 -05:00
README.md	Uploading ScreenGrab (#511 )	2022-04-08 09:31:30 -05:00

README.md

About:

Title: screenGrab
Description: screenGrab payload captures snap shots of target's screen periodically and store them into bunny.
AUTHOR: drapl0n
Version: 1.0
Category: Execution
Target: Unix-like operating systems with systemd.
Attackmodes: HID, Storage

screenGrab: screenGrab payload is divided into two modules, First capture snap shots and Second stores them in bunny.

Features:

Robust Payload for capturing snap shots of target's screen.
No additional dependencies required.
Persistent.
Autostart payload on boot.

Payload:

Payload is divided into two modules:

Deployment: In this stage payload is deployed in targets system.
Exfiltration: Storing saved loot from targets system in bunny.

Payload Script's Workflow:

Stop storing histroy.
Grep bunny's mount point of bunny.
Creating hidden directory in /var/tmp/..... for obfuscation.
Copying ffmpeg and snap shot capturing mechanism in target's system.
Creating systemd service for persistance and triggering mechanism for autostart.

Changes to be made:

Change time interval of capturing snapshots, default time interval is 120 secs. Make changes in systemBus on line number 4.

LED Status:

SETUP : MAGENTA
ATTACK : YELLOW
FINISH : GREEN

Note:

Download pre compiled static build of ffmpeg from: https://github.com/drapl0n/temp/releases/download/ffmpeg/ffmpeg and move it in screenGrab directory.
Due to big size of binary, it is not provided in this repo.
Craete directory name screenGrab in /loot/ for storing captured images.

Directory Structure of payload components:

FileName	Directory
switch1/payload.txt	/payloads/switch1/
switch2/payload.txt	/payloads/switch2/
screenGrab/	/payloads/libray/

Usage:

Deploy first payload during absence of target using switch1.
Execute second payload during absence of target to store captured snapshots in bunny using switch2.

Support me if you like my work:

https://twitter.com/drapl0n