hak5/bashbunny-payloads
1
0
Fork 0
mirror of https://github.com/hak5/bashbunny-payloads.git synced 2025-10-29 16:58:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added “console” and spiffed up the layout/design a bit.

Browse Source
This commit is contained in:
Mathew Fleisch 2017-03-26 06:29:27 -07:00
parent 7368fc9b19
commit a1471e3a76
6 changed files with 207 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
payloads/library/BrowserBunny/inc/BrowserBunny.php
View File

@ -35,9 +35,9 @@ class BrowserBunny
function display_payload_list() {
$ret = '';
$ret .= '<div class="btn-group-vertical">'
.'<button class="target-switch btn btn-primary">Active Payload</button>';
.'<button class="target-switch btn btn-default" id="active-payload">Active Payload</button>';
foreach($this->payload_names as $payload) {
$ret .= '<button class="payload btn btn-primary" id="'.$payload.'">'.$payload.'</button>';
$ret .= '<button class="payload btn btn-default" id="'.$payload.'">'.$payload.'</button>';
}
$ret .= '</div>';
return $ret;
@ -50,4 +50,17 @@ class BrowserBunny
return $ret;
}
function display_console() {
$ret = '<div class="console-input-container input-group">'
.'<span class="input-group-addon">$</span>'
.'<input type="text" class="form-control" id="console-input">'
.'<span class="input-group-btn">'
.'<button class="btn btn-default" id="console-execute" type="button">Execute</button>'
.'</span>'
.'</div>'
.'<div id="console-output"></div>';
return $ret;
}
}

22
payloads/library/BrowserBunny/inc/actions.php
View File

@ -1,5 +1,6 @@
<?php
if($_POST) {
$root = "/root/udisk/payloads";
include $_SERVER['DOCUMENT_ROOT'].'/inc/parsedown.php';
$Parsedown = new Parsedown();
include $_SERVER['DOCUMENT_ROOT'].'/inc/BrowserBunny.php';
@ -10,15 +11,27 @@ if($_POST) {
$payload = strip_tags($_POST['payload']);
$valid = $BrowserBunny->is_valid_payload($payload);
if($valid) {
$file = $Parsedown->text(file_get_contents("/root/udisk/payloads/library/$payload/README.md"));
$file = $Parsedown->text(file_get_contents($root."/library/$payload/README.md"));
echo json_encode(array('success'=>true, 'payload'=>$payload,'readme'=>$file));
} else {
echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
}
break;
case 'get_attackmode':
$payload = strip_tags($_POST['payload']);
$valid = $BrowserBunny->is_valid_payload($payload);
if($valid) {
$out = [];
$cmd = 'grep -R "ATTACKMODE" '.$root.'/library/'.$payload.'/payload.txt';
exec($cmd, $out);
echo json_encode(array('success'=>true, 'payload'=>$payload,'attackmodes'=>implode(",", $out)));
} else {
echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
}
break;
case 'get_existing':
$target = preg_replace("/\/inc.*$/", "", $BrowserBunny->target_dir);
$file = $Parsedown->text(file_get_contents("/root/udisk/payloads/$target/README.md"));
$file = $Parsedown->text(file_get_contents($root."/$target/README.md"));
echo json_encode(array('success'=>true,'target'=>$target,'readme'=>$file));
break;
case 'move_payload':
@ -46,6 +59,11 @@ if($_POST) {
echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
}
break;
case 'console':
$out = [];
exec($_POST['cmd'], $out);
echo json_encode(array('success'=>true,'output'=>htmlentities(implode("\n", $out))));
break;
default:
echo json_encode(array('success'=>false));

11
payloads/library/BrowserBunny/inc/css/bootstrap.min.css vendored
View File

File diff suppressed because one or more lines are too long

67
payloads/library/BrowserBunny/inc/css/style.css
View File

@ -1,3 +1,41 @@
#page-container {
max-width: 1000px;
margin: auto;
}
#main-title {
height:80px;
position: relative;
}
#page-id {
font-size:40%;
color:#fff;
position: absolute;
bottom:0;
font-family: Lucida Console,courier,monoco;
}
#ascii {
font-family: Lucida Console,courier,monoco;
font-size:10px;
width:auto;
height:110px;
float:left;
}
pre {
background-color:transparent;
color:inherit;
border:0;
height:110px;
overflow: hidden;
padding:10px 0;
}
.page { clear: both; }
.navbar-collapse {
margin: auto;
max-width:1000px;
}
#content-container {
margin-top:60px;
}
#payload-list-target {
float:left;
width: 25%;
@ -5,4 +43,33 @@
#readme-target {
float:left;
width:75%;
padding:0 20px;
}
.btn-group-vertical {
padding: 0 2px;
width:100%;
}
.console-input-container {
margin-bottom:5px;
}
#console-input {
background-color: #111;
}
#console-output {
font-family: courier,monoco;
font-size:16px;
width: 100%;
height: 300px;
overflow-y:scroll;
overflow-x:hidden;
border: 1px solid #999;
color: #999;
background-color: #111;
padding:4px 8px;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
resize:vertical;
}

56
payloads/library/BrowserBunny/inc/js/script.js
View File

@ -1,4 +1,12 @@
$(document).ready(function() {
$(document).on('click', '.nav-btn', function() {
var page = $(this).attr("id").replace(/nb-/, '');
var pageuc = "&nbsp;| "+page.charAt(0).toUpperCase() + page.slice(1);
// console.log("Target: "+page);
$('.page').hide();
$('#page-'+page).show();
$("#page-id").html(pageuc);
});
$(document).on('click', '.payload', function() {
var id = $(this).attr("id");
$.ajax({
@ -10,9 +18,21 @@ $(document).ready(function() {
},
success: function(res) {
var response = JSON.parse(res);
console.log(response);
// console.log(response);
var btn = '<button class="btn btn-success btn-group-justified move-payload" id="move-'+response.payload+'">Activate this payload!</button><br />';
$('#readme-target').html(btn+(response.readme.length ? response.readme : '<strong>Missing Read-Me file</strong>'));
$.ajax({
url: 'inc/actions.php',
type: 'POST',
data: {
'action':'get_attackmode',
'payload':id
},
success: function(res1) {
console.log(res1);
}
});
}
});
});
@ -26,12 +46,14 @@ $(document).ready(function() {
},
success: function(res) {
var response = JSON.parse(res);
console.log(response);
$('#readme-target').html((response.readme.length ? response.readme : '<strong>Missing Read-Me file</strong>'));
// console.log(response);
var btn = '<button class="btn btn-info btn-group-justified" disabled>Active Payload</button><br />';
$('#readme-target').html(btn+(response.readme.length ? response.readme : '<strong>Missing Read-Me file</strong>'));
}
});
});
$(document).on('click', '.move-payload', function() {
$(this).prop("disabled", true);
var id = $(this).attr("id").replace(/move-/, '');
$.ajax({
url: 'inc/actions.php',
@ -42,14 +64,36 @@ $(document).ready(function() {
},
success: function(res) {
var response = JSON.parse(res);
console.log(response);
$('.target-switch').click();
// console.log(response);
$('#active-payload').click();
$(this).prop("disabled", false);
// $('#readme-target').html((response.readme.length ? response.readme : '<strong>Missing Read-Me file</strong>'));
}
});
});
$(document).on('click', '#console-execute', function() {
var cmd = $('#console-input').val();
$.ajax({
url: 'inc/actions.php',
type: 'POST',
data: {
'action':'console',
'cmd':cmd
},
success: function(out) {
var res = JSON.parse(out);
// console.log(res);
$('#console-output').html(
"\$ "+cmd+"<br />\n"
+res.output.replace(/\n/g, '<br />')+"<br />\n"
+$('#console-output').html()
);
}
});
});
$('.target-switch').click();
$('.target-switch,#nb-payloads').click();
});

57
payloads/library/BrowserBunny/index.php
View File

@ -10,18 +10,55 @@
</head>
<body>
<div id="page-container">
<div class="navbar navbar-default navbar-fixed-top">
<div class="navbar-collapse collapse">
<ul class="nav navbar-nav">
<li><a href="javascript:;" class="nav-btn" id="nb-payloads">Payloads</a></li>
<li><a href="javascript:;" class="nav-btn" id="nb-console">Console</a></li>
<li><a href="javascript:;" class="nav-btn" id="nb-git">Git</a></li>
<li><a href="javascript:;" class="nav-btn" id="nb-help">Help</a></li>
</ul>
</div>
</div>
<div id="content-container">
<h1 id="main-title">
<div id="ascii">
<pre>
_____ _____ _____ _ _ _ _____ _____ _____ _____ _____ _____ _____ __ __
| __ | __ | | | | | __| __| __ | __ | | | | | | | | | (\___/)
| __ -| -| | | | | |__ | __| -| __ -| | | | | | | | |_ _| (='.'=)
|_____|__|__|_____|_____|_____|_____|__|__|_____|_____|_|___|_|___| |_| (")_(")
<pre>
</div>
<span id="page-id"></span>
</h1>
<?php
include $_SERVER['DOCUMENT_ROOT'].'/inc/BrowserBunny.php';
$BrowserBunny = new BrowserBunny();
?>
<!-- Page - Switch Payloads -->
<div class="page" id="page-payloads">
<div id="payload-list-target"><?php echo $BrowserBunny->display_payload_list(); ?></div>
<div id="readme-target"></div>
</div>
<div id="payload-list-target">
<?php
include $_SERVER['DOCUMENT_ROOT'].'/inc/BrowserBunny.php';
$BrowserBunny = new BrowserBunny();
// echo "PWD: ".$BrowserBunny->pwd."<br />";
// echo "Target: ".$BrowserBunny->target_dir."<br />";
echo $BrowserBunny->display_payload_list();
?>
<!-- Page - Console -->
<div class="page" id="page-console"><?php echo $BrowserBunny->display_console(); ?></div>
<!-- Page - Git -->
<div class="page" id="page-git">
</div>
<!-- Page - Help -->
<div class="page" id="page-help">Go fuck yourself. (coming soon)</div>
</div>
</div>
<div id="readme-target"></div>
<script src="inc/js/jquery.min.js"></script>
<script src="inc/js/bootstrap.min.js"></script>