From c8447375ea3864cda00db705344aca400f2ea4ab Mon Sep 17 00:00:00 2001
From: Mathew Fleisch <mathew.fleisch@gmail.com>
Date: Sun, 26 Mar 2017 13:35:48 -0700
Subject: [PATCH] =?UTF-8?q?Add=20concept=20of=20=E2=80=9Cquick=20commands?=
 =?UTF-8?q?=E2=80=9D=20and=20remove=20git=20from=20main=20menu?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../library/BrowserBunny/inc/BrowserBunny.php | 14 +++-
 payloads/library/BrowserBunny/inc/actions.php | 12 +++-
 .../library/BrowserBunny/inc/css/style.css    |  5 +-
 .../library/BrowserBunny/inc/js/script.js     | 65 +++++++++++++++++++
 payloads/library/BrowserBunny/index.php       |  6 --
 payloads/library/BrowserBunny/payload.txt     |  1 +
 6 files changed, 91 insertions(+), 12 deletions(-)

diff --git a/payloads/library/BrowserBunny/inc/BrowserBunny.php b/payloads/library/BrowserBunny/inc/BrowserBunny.php
index 2400992c..a600566d 100644
--- a/payloads/library/BrowserBunny/inc/BrowserBunny.php
+++ b/payloads/library/BrowserBunny/inc/BrowserBunny.php
@@ -50,9 +50,17 @@ class BrowserBunny
 		return $ret;
 	}
 
-	function display_console() { 
-		$ret = '<div class="console-input-container input-group">'
-			.'<span class="input-group-addon">$</span>'
+	function display_console() {
+		$ret = '<div class="panel panel-default">'
+				.'<div class="panel-body">'
+					.'<fieldset>'
+						.'<legend>Quick Commands</legend>'
+					.'<div id="qc-container"></div>'
+					.'</fieldset>'
+				.'</div>'
+			.'</div>'
+			.'<div class="console-input-container input-group">'
+			.'<span class="input-group-addon" id="console-clear">$</span>'
 			.'<input type="text" class="form-control" id="console-input">'
 			.'<span class="input-group-btn">'
 				.'<button class="btn btn-default" id="console-execute" type="button">Execute</button>'
diff --git a/payloads/library/BrowserBunny/inc/actions.php b/payloads/library/BrowserBunny/inc/actions.php
index 1f6cb013..20fd951b 100644
--- a/payloads/library/BrowserBunny/inc/actions.php
+++ b/payloads/library/BrowserBunny/inc/actions.php
@@ -8,6 +8,7 @@ if($_POST) {
 
 	switch($_POST['action']) {
 		case 'get_payload':
+			
 			$payload = strip_tags($_POST['payload']);
 			$valid = $BrowserBunny->is_valid_payload($payload);
 			if($valid) {
@@ -16,8 +17,10 @@ if($_POST) {
 			} else {
 				echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
 			}
+			
 		break;
 		case 'get_attackmode':
+			
 			$payload = strip_tags($_POST['payload']);
 			$valid = $BrowserBunny->is_valid_payload($payload);
 			if($valid) {
@@ -28,13 +31,17 @@ if($_POST) {
 			} else {
 				echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
 			}
+			
 		break;
 		case 'get_existing':
+			
 			$target = preg_replace("/\/inc.*$/", "", $BrowserBunny->target_dir);
 			$file = $Parsedown->text(file_get_contents($root."/$target/README.md"));
 			echo json_encode(array('success'=>true,'target'=>$target,'readme'=>$file));
+			
 		break;
 		case 'move_payload':
+			
 			$payload = strip_tags($_POST['payload']);
 			$valid = $BrowserBunny->is_valid_payload($payload);
 			if($valid) {
@@ -58,11 +65,14 @@ if($_POST) {
 			} else {				
 				echo json_encode(array('success'=>false,'payload'=>$payload,'message'=>'Payload not found...'));
 			}
+			
 		break;
 		case 'console':
+			
 			$out = [];
-			exec($_POST['cmd'], $out);
+			exec(urldecode($_POST['cmd']), $out);
 			echo json_encode(array('success'=>true,'output'=>htmlentities(implode("\n", $out))));
+			
 		break;
 
 		default:
diff --git a/payloads/library/BrowserBunny/inc/css/style.css b/payloads/library/BrowserBunny/inc/css/style.css
index 2169c712..4943d650 100644
--- a/payloads/library/BrowserBunny/inc/css/style.css
+++ b/payloads/library/BrowserBunny/inc/css/style.css
@@ -50,7 +50,7 @@ pre {
 	width:100%;
 }
 
-
+.quick-command { margin-right:3px; }
 .console-input-container { 
 	margin-bottom:5px;
 }
@@ -72,4 +72,5 @@ pre {
 	-moz-border-radius: 5px;
 	border-radius: 5px;
 	resize:vertical;
-}
\ No newline at end of file
+}
+#console-clear { cursor: pointer; }
\ No newline at end of file
diff --git a/payloads/library/BrowserBunny/inc/js/script.js b/payloads/library/BrowserBunny/inc/js/script.js
index b3243140..599bb301 100644
--- a/payloads/library/BrowserBunny/inc/js/script.js
+++ b/payloads/library/BrowserBunny/inc/js/script.js
@@ -1,4 +1,50 @@
 $(document).ready(function() {
+    
+    var git_repo = 'https://github.com/hak5/bashbunny-payloads.git';
+    var git_log = '/var/log/git.log';
+    var quick_commands = [
+        {
+            name:"Clone git repository",
+            command:'if [ ! -d /root/udisk/.git ]; then '  
+                        +'cd /root/udisk; '
+                        +'echo ""; '
+                        +'pwd; '
+                        +'mv /root/udisk/payloads /root/udisk/orig-payloads; '
+                        +'echo "Clone Git Repo..."; '
+                        +'git init; '
+                        +'echo "payloads/switch*" >> .gitignore; '
+                        +'git remote add origin '+git_repo+';  '
+                        +'echo "Git repository selected: '+git_repo+';"; '
+                        +'git config core.sparsecheckout true; '
+                        +'echo "Git configuration change: sparse-checkout=true."; '
+                        +'echo "payloads" >> /root/udisk/.git/info/sparse-checkout; '
+                        +'echo "Sparse checkout: payloads directory selected"; '
+                        +'git pull origin master; '
+                        +'echo "Git repository cloned."; '
+                        +'cp -fr /root/udisk/orig-payloads/switch* /root/udisk/payloads/.; '
+                    +'else '
+                        +'echo "Repository already exists..."; '
+                    +'fi',
+        },{
+            name:"Update git repository",
+            command:'if [ -d /root/udisk/.git ]; '
+                        +'then cd /root/udisk/payloads/; '
+                        +'echo ""; '
+                        +'pwd; '
+                        +'echo "Update Git Repo..."; '
+                        +'git pull origin master; '
+                    +'else '
+                        +'echo "Repository does not exist..."; '
+                    +'fi'
+        }
+    ];
+
+    for(var id in quick_commands) { 
+        $('#qc-container').html($('#qc-container').html()
+            +'<button class="btn btn-default quick-command" id="qc-'+id+'">'+quick_commands[id].name+'</button>'
+        );
+    }
+
     $(document).on('click', '.nav-btn', function() {
         var page = $(this).attr("id").replace(/nb-/, '');
         var pageuc = "&nbsp;| "+page.charAt(0).toUpperCase() + page.slice(1);
@@ -73,6 +119,12 @@ $(document).ready(function() {
     });
 
 
+    $(document).on('click', '.quick-command', function() {
+        var id = $(this).attr("id").replace(/qc-/, '');
+        console.log(quick_commands[id]);
+        $('#console-input').val(quick_commands[id].command);
+    });
+
     $(document).on('click', '#console-execute', function() {
         var cmd = $('#console-input').val();
         $.ajax({
@@ -94,6 +146,19 @@ $(document).ready(function() {
         });
     });
 
+    $(document).on('keyup', '#console-input', function(e) {
+        var code = e.which;
+        e.preventDefault();
+        if(code==32||code==13||code==188||code==186){
+            $('#console-execute').click();
+        }
+
+    });
+
+    $(document).on('click', '#console-clear', function() {
+         $('#console-output').html("");
+    });
+
 
     $('.target-switch,#nb-payloads').click();
 });
\ No newline at end of file
diff --git a/payloads/library/BrowserBunny/index.php b/payloads/library/BrowserBunny/index.php
index c8ec22c8..6c9c5568 100644
--- a/payloads/library/BrowserBunny/index.php
+++ b/payloads/library/BrowserBunny/index.php
@@ -16,7 +16,6 @@
             <ul class="nav navbar-nav">
                 <li><a href="javascript:;" class="nav-btn" id="nb-payloads">Payloads</a></li>
                 <li><a href="javascript:;" class="nav-btn" id="nb-console">Console</a></li>
-                <li><a href="javascript:;" class="nav-btn" id="nb-git">Git</a></li>
                 <li><a href="javascript:;" class="nav-btn" id="nb-help">Help</a></li>
             </ul>
         </div>
@@ -48,11 +47,6 @@
         <div class="page" id="page-console"><?php echo $BrowserBunny->display_console(); ?></div>
 
 
-        <!-- Page - Git -->
-        <div class="page" id="page-git">
-        </div>
-
-
         <!-- Page - Help -->
         <div class="page" id="page-help">Go fuck yourself. (coming soon)</div>
 
diff --git a/payloads/library/BrowserBunny/payload.txt b/payloads/library/BrowserBunny/payload.txt
index e8d97f30..88f25da6 100644
--- a/payloads/library/BrowserBunny/payload.txt
+++ b/payloads/library/BrowserBunny/payload.txt
@@ -16,6 +16,7 @@
 
 LED R G B
 ATTACKMODE RNDIS_ETHERNET 
+SWITCH_POSITION="switch1"
 source bunny_helpers.sh
 
 log_file="/var/log/BrowserBunny.log"