Added WAKE UP! payload (#30)

2018-03-05 01:42:54 +00:00 · 2018-03-05 01:42:54 +00:00 · 43ce94be0b
parent 5243fe675b
commit 43ce94be0b
3 changed files with 139 additions and 0 deletions
--- a/payloads/library/general/Wake-On-Lan/README.md
+++ b/payloads/library/general/Wake-On-Lan/README.md
@ -0,0 +1,30 @@
+
+|                 |                                                                                                    |
+|:----------------|:---------------------------------------------------------------------------------------------------|
+| **Title**	  |Wake UP!							       |
+| **Description** | Sends a wake on lan packet to a single device or a range of IPs in a subnet. This script will take the local interface IP and netmask, calculate the broadcast address (making it plug and play on all network), find the mac address of the targets (can be noisy but its only a single ping to each)  and finally send a magic packet (if mac is found) to wake the device from slumber so you can run other scripts on newly awakened devices.       |
+ **Author**	  | TheDragonkeeper                                                   |
+| **Version**	  | 1.0												      |
+| **Category**	  | General											      |
+| **Target** 	  | Any												      |
+
+| LED MODE             | Description                 |
+|:-----------------:|:----------------------------|
+| SETUP       | setting network to nat   |  
+| FAIL       | Script had a fault      |
+| ATTACK       | Loading python script      |
+| FINISH      | Completed   |
+
+
+| Options | Result  | Type |
+|:----------|:----------|:----------|
+| Set a single target or range of targets  | Options line 5 in payload.sh | |
+|INTERFACE='eth0' | interface of the outgoing interface | str |
+|SINGLE='0' |  single target or range ( 1 or 0 ) | int |
+|TARGET='192.168.1.2' |  single target | str |
+|STARTRANGE='1'   |  ip range start | int |
+|ENDRANGE='255'   |  ip range end | int |
+
+If Option SINGLE is set to 1 then the value of TARGET is used
+if Option SINGLE is set to 0 then STARTRANGE and ENDRANGE is used 
+Give all Options a value regardless of the value of SINGLE
--- a/payloads/library/general/Wake-On-Lan/payload.sh
+++ b/payloads/library/general/Wake-On-Lan/payload.sh
@ -0,0 +1,20 @@
+#!/bin/bash 
+LED STAGE1
+NETMODE NAT
+
+#### OPTIONS
+INTERFACE='eth0'                #interface of the outgoing interface
+SINGLE='0'                   # single target or range ( 1 or 0 )
+TARGET='192.168.1.2'         # single target 
+STARTRANGE='1'                  # ip range start
+ENDRANGE='255'                # ip range end
+####
+
+function failedpy() {
+    LED FAIL
+    exit
+}
+
+LED ATTACK
+python /root/payloads/$(SWITCH)/wol.py $INTERFACE $SINGLE $TARGET $STARTRANGE $ENDRANGE || failedpy
+LED FINISH
--- a/payloads/library/general/Wake-On-Lan/wol.py
+++ b/payloads/library/general/Wake-On-Lan/wol.py
@ -0,0 +1,89 @@
+import socket
+import struct
+import os
+import sys
+from subprocess import Popen, PIPE
+import fcntl
+
+#### OPTIONS
+interface = str(sys.argv[1])
+SINGLETARGET = int(sys.argv[2])
+       ##########  if SINGLETARGET is 1  WAKETARGET is used
+WAKETARGET = str(sys.argv[3])
+       ########## if SINGLETARGET is 0  ranges are used
+startrange = int(sys.argv[4])
+endrange = int(sys.argv[5])
+####
+
+def wake_on_lan(host, broad):
+    if host == '00:00:00:00:00:00':
+      return False
+    try:
+      macaddress = host
+    except:
+      return False
+    if len(macaddress) == 12:
+        pass
+    elif len(macaddress) == 12 + 5:
+        sep = macaddress[2]
+        macaddress = macaddress.replace(sep, '')
+    else:
+        raise ValueError('Incorrect MAC address format')
+    data = ''.join(['FFFFFFFFFFFF', macaddress * 20])
+    send_data = b''
+    for i in range(0, len(data), 2):
+        send_data = b''.join([send_data,
+                             struct.pack('B', int(data[i: i + 2], 16))])
+    sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
+    sock.sendto(send_data, (broad,9))
+    print('sent to '+host)
+    return True
+
+def get_mac(IP):
+    try:
+        Popen(["ping", "-c1", IP], stdout = PIPE)
+        pid = Popen(["cat", "/proc/net/arp"], stdout = PIPE )
+        mac = str(pid.communicate()[0]).split()
+        mac = mac[int(mac.index(IP)+3)]
+    except:
+        pass
+    return mac
+
+def get_ip_address(ifname):
+    s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
+    return socket.inet_ntoa(fcntl.ioctl(
+        s.fileno(),
+        0x8915,
+        struct.pack('256s', ifname)
+    )[20:24])
+
+ip = str(get_ip_address(interface))
+submask = socket.inet_ntoa(struct.pack(">L", (1<<32) - (1<<32>>24)))
+addr = ip.split('.')
+cidr = int(sum([bin(int(x)).count('1') for x in submask.split('.')]))
+mask = submask.split('.')
+net = []
+for i in range(4):
+        net.append(int(addr[i]) & int(mask[i]))
+for i in range(int(32 - cidr)):
+        net[3 - i/8] = net[3 - i/8] + (1 << (i % 8))
+
+if SINGLETARGET == 0:
+    ip = ip.split('.')
+    exclude = str(ip[3])
+    del ip[3]
+    ip.append('x')
+    ip = ".".join(map(str, ip))
+    for num in range(startrange, endrange):
+        if str(num) != exclude:
+            wakeip = ip.replace('x', str(num))
+            try:
+                wake_on_lan(get_mac(str(wakeip)), str(".".join(map(str, net))))
+            except:
+                pass
+else:
+    try:
+        wake_on_lan(get_mac(str(WAKETARGET)), str(".".join(map(str, net))))
+    except:
+        pass