From 23583addf59902c71616b9563d03b7ca212e4a07 Mon Sep 17 00:00:00 2001 From: Sebastian Kinne Date: Fri, 7 Apr 2017 12:40:00 +1000 Subject: [PATCH] Remove bunny_helpers.sh and add the new 1.1 extensions --- payloads/library/bunny_helpers.sh | 42 ------------------- payloads/library/extensions/ducky_lang.sh | 8 ++++ payloads/library/extensions/get.sh | 23 +++++++++++ payloads/library/extensions/requiretool.sh | 18 +++++++++ payloads/library/extensions/run.sh | 47 ++++++++++++++++++++++ 5 files changed, 96 insertions(+), 42 deletions(-) delete mode 100644 payloads/library/bunny_helpers.sh create mode 100755 payloads/library/extensions/ducky_lang.sh create mode 100755 payloads/library/extensions/get.sh create mode 100755 payloads/library/extensions/requiretool.sh create mode 100755 payloads/library/extensions/run.sh diff --git a/payloads/library/bunny_helpers.sh b/payloads/library/bunny_helpers.sh deleted file mode 100644 index acb2f9c3..00000000 --- a/payloads/library/bunny_helpers.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -################################################################################ -# Get target ip address and hostname from dhcp lease. -# This is for the attack mode of ETHERNET specified. -# Without ETHERNET specified, below environment variables will be empty. -# -# How this works? -# 1) ATTACKMODE waits until: -# a) target ip address is negotiated by dhcp -# b) time out -# 2) After ATTACKMODE, we can get target ip address and hostname. -################################################################################ -leasefile="/var/lib/dhcp/dhcpd.leases" -export TARGET_IP=$(cat $leasefile | grep ^lease | awk '{ print $2 }' | sort | uniq) -export TARGET_HOSTNAME=$(cat $leasefile | grep hostname | awk '{print $2 }' \ - | sort | uniq | tail -n1 | sed "s/^[ \t]*//" | sed 's/\"//g' | sed 's/;//') -export HOST_IP=$(cat /etc/network/interfaces.d/usb0 | grep address | awk {'print $2'}) - -################################################################################ -# Get switch position -# Taken from bash_bunny.sh -################################################################################ - -check_switch() { - switch1=`cat /sys/class/gpio_sw/PA8/data` - switch2=`cat /sys/class/gpio_sw/PL4/data` - switch3=`cat /sys/class/gpio_sw/PL3/data` - echo "--- switch1 = $switch1, switch2 = $switch2, switch3 = $switch3" - if [ "x$switch1" = "x0" ] && [ "x$switch2" = "x1" ] && [ "x$switch3" = "x1" ]; then - SWITCH_POSITION="switch1" - elif [ "x$switch1" = "x1" ] && [ "x$switch2" = "x0" ] && [ "x$switch3" = "x1" ]; then - SWITCH_POSITION="switch2" - elif [ "x$switch1" = "x1" ] && [ "x$switch2" = "x1" ] && [ "x$switch3" = "x0" ]; then - SWITCH_POSITION="switch3" - else - SWITCH_POSITION="invalid" - fi -} - -check_switch -export SWITCH_POSITION \ No newline at end of file diff --git a/payloads/library/extensions/ducky_lang.sh b/payloads/library/extensions/ducky_lang.sh new file mode 100755 index 00000000..22b40eba --- /dev/null +++ b/payloads/library/extensions/ducky_lang.sh @@ -0,0 +1,8 @@ +#!/bin/bash + +function DUCKY_LANG() { + [[ -z "$1" ]] && exit 1 # parameter must be set + + export DUCKY_LANG="$1" +} +export -f DUCKY_LANG diff --git a/payloads/library/extensions/get.sh b/payloads/library/extensions/get.sh new file mode 100755 index 00000000..4788f584 --- /dev/null +++ b/payloads/library/extensions/get.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +function GET() { + case $1 in + "TARGET_IP") + export TARGET_IP=$(cat /var/lib/dhcp/dhcpd.leases | grep ^lease | awk '{ print $2 }' | sort | uniq) + ;; + "TARGET_HOSTNAME") + export TARGET_HOSTNAME=$(cat /var/lib/dhcp/dhcpd.leases | grep hostname | awk '{print $2 }' | sort | uniq | tail -n1 | sed "s/^[ \t]*//" | sed 's/\"//g' | sed 's/;//') + ;; + "HOST_IP") + export HOST_IP=$(cat /etc/network/interfaces.d/usb0 | grep address | awk {'print $2'}) + ;; + "SWITCH_POSITION") + [[ "$(cat /sys/class/gpio_sw/PA8/data)" == "0" ]] && export SWITCH_POSITION="switch1" && return + [[ "$(cat /sys/class/gpio_sw/PL4/data)" == "0" ]] && export SWITCH_POSITION="switch2" && return + [[ "$(cat /sys/class/gpio_sw/PL3/data)" == "0" ]] && export SWITCH_POSITION="switch3" && return + export SWITCH_POSITION="invalid" + ;; + esac +} + +export -f GET \ No newline at end of file diff --git a/payloads/library/extensions/requiretool.sh b/payloads/library/extensions/requiretool.sh new file mode 100755 index 00000000..49d21e81 --- /dev/null +++ b/payloads/library/extensions/requiretool.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# +# REQUIRETOOL v1 by @Hak5Darren +# Checks for specified directory in /tools, exits with LED FAIL if not found +# Usage: REQUIRETOOL directory +# +# Examples: +# REQUIRETOOL impacket + +function REQUIRETOOL() { + [[ -z "$1" ]] && exit 1 # parameter must be set + + if [ ! -d /tools/$1/ ]; then + LED FAIL + exit 1 + fi +} +export -f REQUIRETOOL diff --git a/payloads/library/extensions/run.sh b/payloads/library/extensions/run.sh new file mode 100755 index 00000000..37043db2 --- /dev/null +++ b/payloads/library/extensions/run.sh @@ -0,0 +1,47 @@ +#!/bin/bash +# +# RUN v1 by @Hak5Darren +# Simplifies executing commands from HID attacks for various targets +# Usage: RUN [OS] [Command to execute] +# +# Examples: +# RUN WIN notepad.exe +# RUN WIN "powershell -Exec Bypass \"tree c:\\ > tree.txt; type tree.txt\" +# RUN OSX http://www.example.com +# RUN UNITY xterm + +function RUN() { + local os=$1 + shift + + [[ -z "$os" || -z "$*" ]] && exit 1 # Both OS and Command parameter must be set + + case "$os" in + WIN) + QUACK GUI r + QUACK DELAY 500 + QUACK STRING "$@" + QUACK ENTER + ;; + OSX) + QUACK GUI SPACE + QUACK DELAY 500 + QUACK STRING "$@" + QUACK DELAY 500 + QUACK ENTER + ;; + UNITY) + QUACK ALT F2 + QUACK DELAY 500 + QUACK STRING "$@" + QUACK DELAY 500 + QUACK ENTER + ;; + *) + # OS parameter must be one of the above + exit 1 + ;; + esac +} + +export -f RUN