This repository has been archived by the owner on Dec 25, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
upload v1.0 beta binary + web interface stuff
- Loading branch information
Showing
8 changed files
with
116 additions
and
153 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,44 +1,27 @@ | ||
| # RubberNugget USB Attack Tool | ||
| The RubberNugget is a USB attack tool that lets you hack computers in seconds with keystroke injection! | ||
| # RubberNugget: USB Attack Platform | ||
| A versatile USB attack platform that lets you hack computers in seconds using a [WiFi Nugget](https://wifinugget.com)! | ||
| More documentation coming soon. | ||
|
|
||
| ### Beta v1.0 Feature List | ||
| - [x] Directory Traversal | ||
| - [x] Defaults / Checks | ||
| - [x] File IO | ||
| - [x] DuckyScript Parsing | ||
| - [x] Web Access | ||
| ## Creating Payloads | ||
| To upload a payload, you can save a `.txt` file to the RubberNugget flash drive. Payloads must be saved under an operating system, then category type. (OS->Category->Payload.txt) | ||
|
|
||
| ### Priority Features v1.0 release | ||
| - [x] Single level navigation | ||
| - [x] Responsive Web UI | ||
| - [x] Web close button | ||
| - [x] duckyscript min delay | ||
| - [x] file name truncation | ||
| - [x] update graphics - arrow indicators, nugget | ||
| ## Accessing the Web Interface | ||
| To access the web interface, connect to the `RubberNugget` AP with the password `password`. In a web browser, navigate to `192.168.4.1` to access the payload deployment system. At the moment, the web interface can only edit / run payloads. | ||
|
|
||
| ### Future Features | ||
| - [ ] DuckyScript Aliasing | ||
| - [ ] Proper FS mounting / USB | ||
| - [ ] Overhaul / Implement OOP Graphic Library | ||
| - [ ] Scrolling full file path | ||
| - [ ] Web portal password config | ||
| - [ ] Graphic differentiation - files vs folders | ||
| - [ ] Edit web files from file system | ||
| ## Current Features - v1.0 (beta) | ||
|
|
||
| ## Bugs | ||
| ### Critical | ||
| - [x] File names collide w/ Nugget graphic | ||
| - [x] Recursive payload selection w/ no exit clause | ||
| - [x] Responsive web interface | ||
| - [x] Can't access web UI after running payload | ||
| - [x] web UI shows doesn't subfolder files - follows OS/Type paradigm | ||
| - [x] crash after exit payload / clear screen delaying | ||
|
|
||
| ### Meh / Edge Cases | ||
| - [ ] Folders named `*txt` trigger payloadRun | ||
| - [ ] Files named `BACK` trigger backwards navigation | ||
| - [ ] Files parsed as folder for extensions that arent `.txt` | ||
| - [ ] Shouldn't run empty files | ||
| - [ ] Keypress debouncing / key features | ||
| - [ ] Proper input sanitation for filepaths | ||
| - [ ] Can't rename files / folders | ||
| - DuckyScript Compatible | ||
| - Basic syntax: `STRING`, `DELAY`, keypress combos | ||
| - Basic colors: `R` `G` `B` `C` `Y` `M` `W` | ||
| - Web Interface | ||
| - Deploy Payloads | ||
| - Edit Payloads | ||
| - USB Flash Drive | ||
| - FAT filesystem | ||
| - Create default OS folders | ||
| - Follows Hak5 naming convention (OS->Category->Payload) | ||
| - Nugget Interface | ||
| - Custom graphics | ||
| - Live command preview | ||
| - Deploy payloads in 3 clicks | ||
| - Reactive RGB NeoPixel |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| # RubberNugget USB Attack Tool | ||
| The RubberNugget is a USB attack tool that lets you hack computers in seconds with keystroke injection! | ||
|
|
||
| ## Features | ||
|
|
||
| ### Beta v1.0 Feature List | ||
| - [x] Directory Traversal | ||
| - [x] Defaults / Checks | ||
| - [x] File IO | ||
| - [x] DuckyScript Parsing | ||
| - [x] Web Access | ||
|
|
||
| ### Priority Features v1.0 release | ||
| - [x] Single level navigation | ||
| - [x] Responsive Web UI | ||
| - [x] Web close button | ||
| - [x] duckyscript min delay | ||
| - [x] file name truncation | ||
| - [x] update graphics - arrow indicators, nugget | ||
|
|
||
| ### Future Features | ||
| - [ ] DuckyScript Aliasing | ||
| - [ ] Proper FS mounting / USB | ||
| - [ ] Overhaul / Implement OOP Graphic Library | ||
| - [ ] Scrolling full file path | ||
| - [ ] Web portal password config | ||
| - [ ] Graphic differentiation - files vs folders | ||
| - [ ] Edit web files from file system | ||
|
|
||
| ## Bugs | ||
| ### Critical | ||
| - [x] File names collide w/ Nugget graphic | ||
| - [x] Recursive payload selection w/ no exit clause | ||
| - [x] Responsive web interface | ||
| - [x] Can't access web UI after running payload | ||
| - [x] web UI shows doesn't subfolder files - follows OS/Type paradigm | ||
| - [x] crash after exit payload / clear screen delaying | ||
|
|
||
| ### Meh / Edge Cases | ||
| - [ ] Folders named `*txt` trigger payloadRun | ||
| - [ ] Files named `BACK` trigger backwards navigation | ||
| - [ ] Files parsed as folder for extensions that arent `.txt` | ||
| - [ ] Shouldn't run empty files | ||
| - [ ] Keypress debouncing / key features | ||
| - [ ] Proper input sanitation for filepaths | ||
| - [ ] Can't rename files / folders |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,120 +1,47 @@ | ||
| <!DOCTYPE html> | ||
| <html> | ||
|
|
||
| <head> | ||
| <!--Import Google Icon Font--> | ||
| <link href="https://fonts.googleapis.com/icon?family=Material+Icons" rel="stylesheet"> | ||
| <style> | ||
| @import url('https://fonts.googleapis.com/css2?family=Karla:wght@400;500&family=Lato:wght@700&family=Open+Sans:wght@500&family=Roboto&display=swap'); | ||
| </style> | ||
| <style> | ||
| @import url('https://fonts.googleapis.com/css2?family=Karla&family=Lato:wght@700&family=Roboto&display=swap'); | ||
|
|
||
| * { | ||
| font-family: "Karla"; | ||
| } | ||
| </style> | ||
|
|
||
| <!--Import materialize.css--> | ||
| <link type="text/css" rel="stylesheet" href="materialize.min.css" media="screen,projection" /> | ||
|
|
||
| <meta name="viewport" content="width=device-width, initial-scale=1.0" /> | ||
| <meta charset="UTF-8"> | ||
| <link rel="stylesheet" href="style.css" type="text/css"> | ||
| </head> | ||
|
|
||
| <body onload="loadPayloadTables()"> | ||
| <div> | ||
| <nav> | ||
| <div class="nav-wrapper grey darken-3"> | ||
| <div class="container"> | ||
| <a href="#!" class="brand-logo">RubberNugget</a> | ||
| <a href="#" data-target="mobile-demo" class="sidenav-trigger"><i class="material-icons">menu</i></a> | ||
| <ul class="right hide-on-med-and-down"> | ||
| <li><a href="run.html">Run</a></li> | ||
| <li><a href="create.html">Create</a></li> | ||
| <!-- <li><a href="about.html">About</a></li> --> | ||
| </ul> | ||
| </div> | ||
| </div> | ||
| </nav> | ||
|
|
||
| <ul class="sidenav" id="mobile-demo"> | ||
| <li><a href="sass.html">Sass</a></li> | ||
| <li><a href="badges.html">Components</a></li> | ||
| <li><a href="collapsible.html">Javascript</a></li> | ||
| <li><a href="mobile.html">Mobile</a></li> | ||
| </ul> | ||
| </div> | ||
| <script src="run.js"> | ||
| </script> | ||
|
|
||
| <div class="status"></div> | ||
|
|
||
| <div class="container"> | ||
| <div style="padding-top: 3em"> | ||
| <h5>Upload Payloads</h5> | ||
| <div style="padding-top: 2em"> | ||
| <form action="#"> | ||
| <div class="file-field input-field"> | ||
| <div class="btn teal darken-2"> | ||
| <span><i class="material-icons right">upload</i>Select File</span> | ||
| <input type="file"> | ||
| </div> | ||
| <div class="file-path-wrapper"> | ||
| <input class="file-path validate" type="text"> | ||
| </div> | ||
| </div> | ||
| </form> | ||
| </div> | ||
| <nav> | ||
| <div class="container"> | ||
| <a href="run.html">Run</a> | ||
| <a href="create.html">Create</a> | ||
| </div> | ||
| <div style="padding-top: 3em"> | ||
| <h5>Payload Creator</h5> | ||
| </nav> | ||
|
|
||
| <div style="padding-top: 2em"> | ||
| <div class="row"> | ||
|
|
||
| <div class="input-field col l6 s12"> | ||
| <i class="material-icons prefix">create</i> | ||
| <input id="payload_name" type="text" class="validate"> | ||
| <label for="payload_name">Payload Name</label> | ||
| </div> | ||
|
|
||
| <div class="input-field col l3 s12"> | ||
| <i class="material-icons prefix">info</i> | ||
| <input id="payload_category" type="text" class="validate"> | ||
| <label for="caf">Payload Category</label> | ||
| </div> | ||
|
|
||
| <div class="input-field col l3 s12"> | ||
| <i class="material-icons prefix">computer</i> | ||
| <input id="target_os" type="text" class="validate"> | ||
| <label for="fsdf">Target OS</label> | ||
| </div> | ||
|
|
||
| <div class="input-field col s12"> | ||
| <i class="material-icons prefix">code</i> | ||
| <textarea id="textarea1" class="materialize-textarea"></textarea> | ||
| <label for="textarea1">Payload Content</label> | ||
| </div> | ||
|
|
||
| </div> | ||
| <div class="container" style="margin-top: 5em"> | ||
|
|
||
| <div class="payloadTable"> | ||
| <h2>Create a payload</h2> | ||
| <div> | ||
| <input type="text" id="fname" name="fname" placeholder="Payload Name"> | ||
| <input type="text" id="lname" name="lname" placeholder="Payload Category"> | ||
| </div> | ||
| <a class="waves-effect waves-light btn red darken-2"><i class="material-icons right">flash_on</i>Run | ||
| Live</a> | ||
| <a class="waves-effect waves-light btn teal darken-2"><i class="material-icons right">save</i>Save</a> | ||
| <!-- <input type="submit" value="Submit"> --> | ||
|
|
||
| <script> | ||
| document.addEventListener('DOMContentLoaded', function () { | ||
| var elems = document.querySelectorAll('.modal'); | ||
| var options = { | ||
| <textarea id="w3review" name="w3review" rows="10" placeholder="Start writing payload here!"></textarea> | ||
| <span> | ||
| <button class="edit">Save</button> | ||
| <button class="run">Run Live</button> | ||
| </span> | ||
| </div> | ||
|
|
||
| }; | ||
| var instances = M.Modal.init(elems, options); | ||
| }); | ||
| </script> | ||
|
|
||
| <div style="text-align: center; margin-top: 10em"> | ||
| <p><b>Copyright 2022, HakCat Hardware</b></p> | ||
| <p>Beta v1.0</p> | ||
| </div> | ||
| </div> | ||
|
|
||
| <script type="text/javascript" src="materialize.min.js"></script> | ||
| <script type="text/javascript" src="index.js"></script> | ||
| </body> | ||
|
|
||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters