hak5
/
omg-payloads
mirror of https://github.com/hak5/omg-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
omg-payloads/payloads/library/exfiltration/Exfil-to-Plug
History
kalanihelekunihi 4a0fdf22c3 Fixing misc execution or formatting errors 
There are many payloads in the repo that do not run due to compiler errors (mostly typos, but a few commands that do not exist on O.MG devices).

Fixing those errors, along with implementing minor changes such as using STRINGLN in place of STRING and ENTER, or DEFAULT_DELAY in place of DELAY 200 on every other line for improved readability.

No content of these scripts has been altered, and I do not intend to run them to validate that they work as intended on their target operating systems.
 		2023-06-05 12:29:42 -04:00
..
README.md Typo 2022-09-24 08:27:49 +10:00
payload.txt Fixing misc execution or formatting errors 2023-06-05 12:29:42 -04:00

README.md

Exfil-to-Plug

Local exfiltration for O.MG Plug Basic

The Basic version of the Plug cannot do stuff like sharing a local storage device (at least at the time of writing), so this code does local exfil by connecting the target to the O.MG Plug's own WiFi and using WebSockets to save data to a setting. This assumes a WiFi-enabled target of course.

Demo

https://user-images.githubusercontent.com/116893/192064207-ab2ee10e-a0d7-4e64-9f43-6e9dbe442f21.mp4

YouTube link if the embed doesn't work

Requirements

This is built specifically for the O.MG Plug "Basic" edition (I don't know if there will be other Plug versions, but the firmware says the one I have is the Basic version) running the v2.5-220322 firmware. I suspect it will work with Basic edition of the O.MG Cable too, but I haven't tested that.

The Plus/Elite versions of the O.MG Plug might also allow some more sly version of this behaviour, but this is how to do it on this version of the O.MG Plug.

Configuration

This currently uses the default configuration for the O.MG Plug's wifi, you'll need to change that (in the XML generation) if you've secured yours more.

Retrieving data

Send the custom command CTList to the O.MG Plug via the Debug menu.

Exfil options

This is just a proof-of-concept, and only exfiltrates the words "Secret password", but there are 1000s of things you could exfiltrate via PowerShell or other means, that's up to you! :)

I don't know how much you can fit in settings but I'd err towards less over more.

Credits

https://gist.github.com/byt3bl33d3r/910b3161d54c2d6a3d5e1050c4e1013e

https://github.com/O-MG/O.MG-Firmware/wiki/WebSocket-API