From d094d2c6e098627a3a735365b45831095e583f51 Mon Sep 17 00:00:00 2001 From: Mathew Fleisch Date: Tue, 14 Mar 2017 21:43:53 -0700 Subject: [PATCH 1/4] Payload to automatically set up/update git repo This payload was made in collaboration with audibleblink through irc. We both came up with the same idea, but I took it a step further, by adding a git-pull/update after the first payload execution. Original repo at https://github.com/mathew-fleisch/Git-Bunny-Git --- payloads/library/GitBunnyGit/README.md | 36 ++++++++++ payloads/library/GitBunnyGit/payload.txt | 83 ++++++++++++++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 payloads/library/GitBunnyGit/README.md create mode 100644 payloads/library/GitBunnyGit/payload.txt diff --git a/payloads/library/GitBunnyGit/README.md b/payloads/library/GitBunnyGit/README.md new file mode 100644 index 00000000..5f83fd06 --- /dev/null +++ b/payloads/library/GitBunnyGit/README.md @@ -0,0 +1,36 @@ +# Git-Bunny-Git + +Author: Draxiom & audibleblink +Version: 1.0 + +## Description + +Clones the bashbunny-payloads repository and also will update an existing repository. +If you modify your payloads from the library folder, they will be overwritten. +For now, I recommend either renaming modifiied payloads +or storing them in your own forked repo and using your link/branch in the payload. + +## Configuration + +Configured for *nix by default. Swap RNDIS_ETHERNET with ECM_ETHERNET on Windows + +## Requirements + +Target must be sharing internet. + + 1. Run bb.sh (pause at main menu) + 2. Plug in da bunny + 3. Connect (type 'c') 5 seconds after the white light + 4. You can now ssh into the bunny (Run `tail -f /tmp/git` to montior progress) + +## Status + +| LED | Status | +| ---------------- | ------------------------------------- | +| White | Ready (to share internet connection) | +| Red | Failed (no internet) | +| Red (blinking) | Failed (could not mount filesystem) | +| Amber | Running | +| Purple | Cleaning Up | +| Green (blinking) | Finished (git pull) | +| Green | Finished (git clone) | diff --git a/payloads/library/GitBunnyGit/payload.txt b/payloads/library/GitBunnyGit/payload.txt new file mode 100644 index 00000000..efbde0f3 --- /dev/null +++ b/payloads/library/GitBunnyGit/payload.txt @@ -0,0 +1,83 @@ +#!/bin/bash + +# Title: Git Bunny Git +# Author: Draxiom && audibleblink +# Target: any +# Version: 1.0 +# +# Update payloads from Github +# +# White | Ready (to run bb.sh on the host computer) +# Red | No Internet +# Red (blinking) | Could not mount filesystem +# Amber | Running +# Green (blinking) | Git Pull Finished +# Green | Git Clone Finished + +LED R G B +ATTACKMODE RNDIS_ETHERNET +#ATTACKMODE ECM_ETHERNET + +# Set your desired repo url and branch if you're not looking to update from mainline +git_repo="https://github.com/hak5/bashbunny-payloads.git" +git_branch="master" +payloads_dir="/root/udisk" +touch /tmp/git +echo "Git Bunny Git" >> /tmp/git + +# Test for internet connection +wget -q --tries=15 --timeout=5 --spider http://example.com +[[ "$?" -ne 0 ]] && { LED R; exit 1; } + +# Let's go (`tail -f /tmp/git` to monitor progress) +LED R G +cd $payloads_dir + +# Paranoid mount +if [ `ls $payloads_dir | wc -l` -eq 0 ]; then + mount -o sync /dev/nandf $payloads_dir + cd $payloads_dir + if [ `ls $payloads_dir | wc -l` -eq 0 ]; then + LED R 200 + exit 1 + fi +fi + +# Cannot verify ca certificate... skip it +export GIT_SSL_NO_VERIFY=1 +if [ -d ".git" ]; then + # Get the newest payloads + git pull origin $git_branch >> /tmp/git 2>> /tmp/git + LED G 200 + exit 1 +else + # Move the existing payloads directory, in case hackers be hackin' + mv payloads payloads-orig + # Initialize Repository + git init >> /tmp/git 2>> /tmp/git + # Let's pick the hak5 github repo + git remote add origin $git_repo >> /tmp/git 2>> /tmp/git + # Instead of cloning the whole repo, + git config core.sparsecheckout true + # isolate the payloads directory + echo "payloads" >> .git/info/sparse-checkout + # "git clone" + git pull origin $git_branch >> /tmp/git 2>> /tmp/git + + # Ignore any existing directories or files, so git status is pretty + LED R B + for ignore_existing in *; do + if [[ "${ignore_existing}" =~ [^payloads$] ]]; then + echo "${ignore_existing}" >> .gitignore + fi + done + + # Put the existing payloads back + cp -r payloads-orig/switch* payloads/. + + # Show Purple... cause + sleep 1 + + # Git 'er done + LED G +fi \ No newline at end of file From a30bd9795460b110caed915d15a464c15cb1d336 Mon Sep 17 00:00:00 2001 From: Mathew Fleisch Date: Wed, 15 Mar 2017 08:29:28 -0700 Subject: [PATCH 2/4] Made some changes based on audibleblink's suggestions/comments --- payloads/library/GitBunnyGit/README.md | 5 +---- payloads/library/GitBunnyGit/payload.txt | 8 ++++---- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/payloads/library/GitBunnyGit/README.md b/payloads/library/GitBunnyGit/README.md index 5f83fd06..26f2e31c 100644 --- a/payloads/library/GitBunnyGit/README.md +++ b/payloads/library/GitBunnyGit/README.md @@ -6,13 +6,10 @@ Version: 1.0 ## Description Clones the bashbunny-payloads repository and also will update an existing repository. -If you modify your payloads from the library folder, they will be overwritten. -For now, I recommend either renaming modifiied payloads -or storing them in your own forked repo and using your link/branch in the payload. ## Configuration -Configured for *nix by default. Swap RNDIS_ETHERNET with ECM_ETHERNET on Windows +Configured for nix by default. Swap RNDIS_ETHERNET with ECM_ETHERNET on Windows ## Requirements diff --git a/payloads/library/GitBunnyGit/payload.txt b/payloads/library/GitBunnyGit/payload.txt index efbde0f3..3f536441 100644 --- a/payloads/library/GitBunnyGit/payload.txt +++ b/payloads/library/GitBunnyGit/payload.txt @@ -47,22 +47,22 @@ fi export GIT_SSL_NO_VERIFY=1 if [ -d ".git" ]; then # Get the newest payloads - git pull origin $git_branch >> /tmp/git 2>> /tmp/git + git pull origin $git_branch &>> /tmp/git LED G 200 exit 1 else # Move the existing payloads directory, in case hackers be hackin' mv payloads payloads-orig # Initialize Repository - git init >> /tmp/git 2>> /tmp/git + git init &>> /tmp/git # Let's pick the hak5 github repo - git remote add origin $git_repo >> /tmp/git 2>> /tmp/git + git remote add origin $git_repo &>> /tmp/git # Instead of cloning the whole repo, git config core.sparsecheckout true # isolate the payloads directory echo "payloads" >> .git/info/sparse-checkout # "git clone" - git pull origin $git_branch >> /tmp/git 2>> /tmp/git + git pull origin $git_branch &>> /tmp/git # Ignore any existing directories or files, so git status is pretty LED R B From d1598208c299e857e956a45d95c603acd7df1f37 Mon Sep 17 00:00:00 2001 From: Mathew Fleisch Date: Wed, 15 Mar 2017 08:47:09 -0700 Subject: [PATCH 3/4] Minor changes and cleanup --- payloads/library/GitBunnyGit/payload.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/payloads/library/GitBunnyGit/payload.txt b/payloads/library/GitBunnyGit/payload.txt index 3f536441..5325bc1c 100644 --- a/payloads/library/GitBunnyGit/payload.txt +++ b/payloads/library/GitBunnyGit/payload.txt @@ -22,7 +22,6 @@ ATTACKMODE RNDIS_ETHERNET git_repo="https://github.com/hak5/bashbunny-payloads.git" git_branch="master" payloads_dir="/root/udisk" -touch /tmp/git echo "Git Bunny Git" >> /tmp/git # Test for internet connection @@ -75,9 +74,6 @@ else # Put the existing payloads back cp -r payloads-orig/switch* payloads/. - # Show Purple... cause - sleep 1 - # Git 'er done LED G fi \ No newline at end of file From da987207f692da5f4da2c4e1eb2ffd0797ffe073 Mon Sep 17 00:00:00 2001 From: Alex Flores Date: Wed, 15 Mar 2017 15:02:47 -0400 Subject: [PATCH 4/4] made some edits * removed the paranoia mount. we don't need to test that the kernel is doing it's job when mount fstab * log to a persistent location * edited ignore loop to include hidden directories --- payloads/library/GitBunnyGit/payload.txt | 36 +++++++++--------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/payloads/library/GitBunnyGit/payload.txt b/payloads/library/GitBunnyGit/payload.txt index 5325bc1c..5150f8e6 100644 --- a/payloads/library/GitBunnyGit/payload.txt +++ b/payloads/library/GitBunnyGit/payload.txt @@ -18,62 +18,54 @@ LED R G B ATTACKMODE RNDIS_ETHERNET #ATTACKMODE ECM_ETHERNET +source bunny_helpers.sh + # Set your desired repo url and branch if you're not looking to update from mainline git_repo="https://github.com/hak5/bashbunny-payloads.git" git_branch="master" payloads_dir="/root/udisk" -echo "Git Bunny Git" >> /tmp/git +log_file="/root/udisk/payloads/$SWITCH_POSITION/git.log" + +echo "Git Bunny Git" > $log_file # Test for internet connection wget -q --tries=15 --timeout=5 --spider http://example.com [[ "$?" -ne 0 ]] && { LED R; exit 1; } -# Let's go (`tail -f /tmp/git` to monitor progress) +# Let's go LED R G cd $payloads_dir -# Paranoid mount -if [ `ls $payloads_dir | wc -l` -eq 0 ]; then - mount -o sync /dev/nandf $payloads_dir - cd $payloads_dir - if [ `ls $payloads_dir | wc -l` -eq 0 ]; then - LED R 200 - exit 1 - fi -fi - # Cannot verify ca certificate... skip it export GIT_SSL_NO_VERIFY=1 if [ -d ".git" ]; then # Get the newest payloads - git pull origin $git_branch &>> /tmp/git + git pull origin $git_branch &>> $log_file LED G 200 exit 1 else # Move the existing payloads directory, in case hackers be hackin' mv payloads payloads-orig # Initialize Repository - git init &>> /tmp/git + git init &>> $log_file # Let's pick the hak5 github repo - git remote add origin $git_repo &>> /tmp/git + git remote add origin $git_repo &>> $log_file # Instead of cloning the whole repo, git config core.sparsecheckout true # isolate the payloads directory echo "payloads" >> .git/info/sparse-checkout # "git clone" - git pull origin $git_branch &>> /tmp/git + git pull origin $git_branch &>> $log_file # Ignore any existing directories or files, so git status is pretty LED R B - for ignore_existing in *; do - if [[ "${ignore_existing}" =~ [^payloads$] ]]; then - echo "${ignore_existing}" >> .gitignore - fi + for file in $(ls -A); do + [[ "${file}" =~ [^payloads$] ]] && echo "${file}" >> .gitignore done - # Put the existing payloads back + # Put the existing switch directories back cp -r payloads-orig/switch* payloads/. # Git 'er done LED G -fi \ No newline at end of file +fi