bg-wa Posted January 27, 2018 Share Posted January 27, 2018 https://github.com/hak5/bashbunny-payloads/tree/master/payloads/library/exfiltration/optical-exfiltration This payload uses HID ONLY to exfiltrate data! This code converts a selected file to base64, then chunks up the string based on the specified qr_string_size (Note: the larger the chunk size, the larger you'll need to set the qr_image_size, or you wont be able to read the QR Code). These Chunks are then converted into QR Codes and displayed in the browser and can be played back at a speed specified by the playback_delay setting. Settings can be configured in index.min.html Optional JavaScript URL Params: base64: Passing a base64 string to this command will auto-start processing the file. playback: Passing the string finish to this param will auto-play the results, when QR codes finish rendering. Example: index.html?playback=finish&base64=my_long_base64_string Big Buck Bunny (5.5mb) takes 6:30 minutes to process with the default settings, but I've gotten it to 3:57 by increasing the chunk size. Link to comment Share on other sites More sharing options...
bg-wa Posted January 27, 2018 Author Share Posted January 27, 2018 You Can Now pass a base64 string in the URL and Auto-start QR code processing. I envision maybe launching this at the end of another payload or on a cron job, to send loot over QR, maybe through a webcam... Link to comment Share on other sites More sharing options...
bg-wa Posted January 28, 2018 Author Share Posted January 28, 2018 Used with DROP, this could be used to playback gathered information at a later time and recorded with a webcam. Link to comment Share on other sites More sharing options...
bg-wa Posted February 8, 2018 Author Share Posted February 8, 2018 + This... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.