From a1299b1de7ad6e9232af7972af5af7d38805c9e8 Mon Sep 17 00:00:00 2001 From: Marc Date: Mon, 16 Aug 2021 19:50:14 +0100 Subject: [PATCH] Files: Add new helpers --- etc/banner | 8 ++- usr/bin/ACTIVATE | 74 +++++++++++++++++++++ usr/bin/ACTIVATE_PAYLOAD | 1 + usr/bin/CLEANUP | 6 ++ usr/bin/DO_A_BARREL_ROLL | 2 +- usr/bin/HELP | 20 ++++++ usr/bin/LIST | 43 ++++++++++++ usr/bin/LIST_PAYLOADS | 1 + usr/bin/RUN | 1 + usr/bin/SERIAL_WRITE | 3 + usr/bin/UPDATE_FIRMWARE | 138 +++++++++++++++++++++++++++++++++++++++ usr/bin/UPDATE_PAYLOADS | 38 +++++++++++ usr/bin/cleanup | 7 +- usr/bin/execute_payload | 1 + usr/bin/shark_framework | 2 +- 15 files changed, 334 insertions(+), 11 deletions(-) create mode 100755 usr/bin/ACTIVATE create mode 120000 usr/bin/ACTIVATE_PAYLOAD create mode 100755 usr/bin/CLEANUP create mode 100755 usr/bin/HELP create mode 100755 usr/bin/LIST create mode 120000 usr/bin/LIST_PAYLOADS create mode 120000 usr/bin/RUN create mode 100755 usr/bin/SERIAL_WRITE create mode 100755 usr/bin/UPDATE_FIRMWARE create mode 100755 usr/bin/UPDATE_PAYLOADS mode change 100755 => 120000 usr/bin/cleanup diff --git a/etc/banner b/etc/banner index afaf440..fbd4d7c 100644 --- a/etc/banner +++ b/etc/banner @@ -1,4 +1,6 @@ - \_____)\_____ Shark Jack _____/(_____/ - /--v____ __°< by Hak5 >°__ ____v--\ - )/ \( + \_____)\_____ Shark Jack + /--v____ __°< by Hak5 + )/ +=========================== + Type HELP for usage diff --git a/usr/bin/ACTIVATE b/usr/bin/ACTIVATE new file mode 100755 index 0000000..1c6b971 --- /dev/null +++ b/usr/bin/ACTIVATE @@ -0,0 +1,74 @@ +#!/bin/bash + +LIBRARY_DIR="/root/payload/library" + +ARG_COUNT=$# +SPECIFIED_PATH=$1 +PATH_TYPE="" +PAYLOAD_PATH="" + +usage() { + echo "Usage: $0 [payload]" + echo "Examples:" + echo " $0 recon/nmap (Use a payload inside the library)" + echo " $0 /tmp/payload.sh (Use a specific file as the payload)" + echo " " +} + +activate_payload() { + if [[ $PATH_TYPE == "ABSOLUTE" ]]; then + if [[ -f $PAYLOAD_PATH ]]; then + cp -r $PAYLOAD_PATH /root/payload.sh + chmod +x /root/payload.sh + echo "Activated $SPECIFIED_PATH successfully." + else + echo "The specified payload does not exist." + usage + exit 1 + fi + else + if [[ -d $PAYLOAD_PATH ]]; then + cp -r $PAYLOAD_PATH/payload.sh /root/payload/payload.sh + chmod +x /root/payload.sh + echo "Activated $SPECIFIED_PATH successfully." + else + echo "The specified payload does not exist. Make sure your library is up to date with UPDATE_PAYLOADS." + usage + exit 1 + fi + fi +} + +check_path_absolute() { + case $SPECIFIED_PATH in + "/"*) + PATH_TYPE="ABSOLUTE" + ;; + *) + PATH_TYPE="RELATIVE" + ;; + esac +} + +check_arguments() { + if [[ $ARG_COUNT -ne 1 ]]; then + echo "You must specify a payload to activate." + usage + exit 1 + fi +} + +main() { + check_arguments + + check_path_absolute + if [[ $PATH_TYPE == "RELATIVE" ]]; then + PAYLOAD_PATH=$LIBRARY_DIR/$SPECIFIED_PATH + else + PAYLOAD_PATH=$SPECIFIED_PATH + fi + + activate_payload +} + +main diff --git a/usr/bin/ACTIVATE_PAYLOAD b/usr/bin/ACTIVATE_PAYLOAD new file mode 120000 index 0000000..09ef2a4 --- /dev/null +++ b/usr/bin/ACTIVATE_PAYLOAD @@ -0,0 +1 @@ +ACTIVATE \ No newline at end of file diff --git a/usr/bin/CLEANUP b/usr/bin/CLEANUP new file mode 100755 index 0000000..3a2a146 --- /dev/null +++ b/usr/bin/CLEANUP @@ -0,0 +1,6 @@ +#!/bin/bash + +# Clean up each directory +for d in "${HOME}/.ssh" "/root/loot"; do + [ -d "${d}" ] && rm -rf "${d}" +done diff --git a/usr/bin/DO_A_BARREL_ROLL b/usr/bin/DO_A_BARREL_ROLL index fa99da8..9319600 100755 --- a/usr/bin/DO_A_BARREL_ROLL +++ b/usr/bin/DO_A_BARREL_ROLL @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash roll() { while true; do diff --git a/usr/bin/HELP b/usr/bin/HELP new file mode 100755 index 0000000..8f63d5e --- /dev/null +++ b/usr/bin/HELP @@ -0,0 +1,20 @@ +#!/bin/bash + +print_help() { + echo "Hak5 Shark Jack Help" + echo "====================" + + echo "HELP - List Shark Jack helpers and commands" + echo "ACTIVATE - Activate a payload" + echo "ACTIVATE_PAYLOAD - Alias for ACTIVATE" + echo "LIST - List the local payload library" + echo "LIST_PAYLOADS - Alias for LIST" + echo "UPDATE_PAYLOADS - Syncronize local payload library with remote library" + echo "UPDATE_FIRMWARE - Check for and install available firmware updates" + echo "SERIAL_WRITE - Write to the serial console" + echo "LED - Configure the LED" + + echo " " +} + +print_help diff --git a/usr/bin/LIST b/usr/bin/LIST new file mode 100755 index 0000000..935b922 --- /dev/null +++ b/usr/bin/LIST @@ -0,0 +1,43 @@ +#!/bin/bash + +LIBRARY_DIR="/root/payload/library" + +PAYLOAD_CATEGORIES=() + +list_payloads() { + if [[ ! -d $LIBRARY_DIR ]]; then + echo "Payload library is missing. Run UPDATE_PAYLOADS to sync the payload library." + exit 1 + fi + + if [[ -z "$(ls -A $LIBRARY_DIR)" ]]; then + echo "Payload library is empty. Run UPDATE_PAYLOADS to sync the payload library." + exit 1 + fi + + echo "Payloads" + echo "========" + echo " " + + for entry in $LIBRARY_DIR/*; do + if [[ -d $entry ]]; then + # Append discovered category to array + PAYLOAD_CATEGORIES+=($(basename $entry)) + fi + done + + for category in ${PAYLOAD_CATEGORIES[@]}; do + echo "$category" + echo "---------" + for payload in $LIBRARY_DIR/$category/*; do + echo " $(basename $payload)" + done + echo " " + done +} + +main() { + list_payloads +} + +main diff --git a/usr/bin/LIST_PAYLOADS b/usr/bin/LIST_PAYLOADS new file mode 120000 index 0000000..de88946 --- /dev/null +++ b/usr/bin/LIST_PAYLOADS @@ -0,0 +1 @@ +LIST \ No newline at end of file diff --git a/usr/bin/RUN b/usr/bin/RUN new file mode 120000 index 0000000..4903d43 --- /dev/null +++ b/usr/bin/RUN @@ -0,0 +1 @@ +execute_payload \ No newline at end of file diff --git a/usr/bin/SERIAL_WRITE b/usr/bin/SERIAL_WRITE new file mode 100755 index 0000000..1c35575 --- /dev/null +++ b/usr/bin/SERIAL_WRITE @@ -0,0 +1,3 @@ +#!/bin/bash + +echo $@ > /dev/ttyS0 diff --git a/usr/bin/UPDATE_FIRMWARE b/usr/bin/UPDATE_FIRMWARE new file mode 100755 index 0000000..5a01b0b --- /dev/null +++ b/usr/bin/UPDATE_FIRMWARE @@ -0,0 +1,138 @@ +#!/bin/bash + +export LOG="logger -t Shark [*]" +export LOG_ERR="logger -t Shark -p 3 [!]" + +upgrade_leds() { + /usr/bin/LED OFF + while true + do + echo 1 > /sys/class/leds/shark:red:system/brightness + sleep 0.2 + echo 0 > /sys/class/leds/shark:red:system/brightness + echo 1 > /sys/class/leds/shark:blue:system/brightness + sleep 0.2 + echo 0 > /sys/class/leds/shark:blue:system/brightness + done +} + +# $1: Upgrade file +# $2: MD5 file +# $3: Upgrade file size in bytes +extract_md5() { + dd if="${1}" of="${2}" skip="${3}" bs=1 count=33 +} + +# $1: Upgrade file +# $2: MD5 file +verify_md5() { + expected=$(cat "${2}") + checksum=$(md5sum "${1}" | awk '{print $1}') + [ "${expected}" = "${checksum}" ] && { + return 0 + } + return 1 +} + +# $1: Upgrade file +# $2: Upgrade file size in bytes +truncate_upgrade() { + dd if=/dev/null of="${1}" bs=1 seek="${2}" +} + +execute_upgrade() { + # Check for upgrade file in default location + upgrade_file=$(find /tmp/upgrade-* -type f 2>/dev/null | tail -n1) + + if [ -f "${upgrade_file}" ]; then + # Upgrade file found + $LOG "Firmware upgrade found" + + $LOG "Verifying firmware upgrade" + upgrade_file_size=$(( $(wc -c "${upgrade_file}" | awk '{print $1}') - 33 )) + + # Extract md5sum from upgrade file + echo "extracting md5" + extract_md5 "${upgrade_file}" /tmp/upgrade.md5 "${upgrade_file_size}" + + cp "${upgrade_file}" /tmp/upgrade.bin + echo "truncating" + truncate_upgrade /tmp/upgrade.bin "${upgrade_file_size}" + + # Verify upgrade file + if ! verify_md5 /tmp/upgrade.bin /tmp/upgrade.md5; then + # Upgrade file not verified; exit + $LOG "Firmware upgrade not verified. File may be corrupt" + LED FAIL & + return 1 + fi + $LOG "Firmware upgrade verified" + LED OFF && LED G SUCCESS + + # Check battery state first + $LOG "Checking device power state" + battery_state=$(/usr/bin/BATTERY) + if [ "${battery_state}" = "discharging" && -f "/etc/shark/cable" ]; then + # Device is not plugged in + $LOG "Device is not powered. Do not attempt firmware upgrade" + return 1 + fi + $LOG "Device is powered" + + # Remove upgrade file + rm -rf "${upgrade_file}" + sync + + # Upgrade file verified; run upgrade + $LOG "Executing UPGRADE" + sleep 2 && upgrade_leds & + echo "sysupgrade -n /tmp/upgrade.bin" | at now + + exit + else + # Upgrade file not found; enter arming mode + echo "Firmware update file is missing. Exiting." + exit 1 + fi +} + +check_for_internet() { + if ! ping -q -c 1 -W 1 8.8.8.8 &>/dev/null 2>&1; then + echo "You must have an internet connection to check for updates." + exit 0 + fi +} + +check_for_upgrade() { + echo "Checking for updates" + wget https://downloads.hak5.org/api/devices/sharkjack/firmwares -qO /tmp/firmware_check + remote_version=$(cat /tmp/firmware_check | jq -c '.[] | select( .latest_version == true ) | .version' | sed 's/-stable//' | sed 's/"//g') + local_version=$(cat /root/VERSION) + + if [[ $remote_version != $local_version ]]; then + echo "There is an update available!" + echo "Press CTRL+C within the next 10 seconds to cancel." + for i in {10..1}; do + echo -n "$i..." + sleep 1 + done + echo "" + echo "" + echo "Please do not power off the device!" + curl -sL https://downloads.hak5.org/api/devices/sharkjack/firmwares/$remote_version-stable -o "/tmp/upgrade-$remote_version.bin" + execute_upgrade + else + echo "Your device is up-to-date." + exit 0 + fi +} + +main() { + echo "Checking internet connection" + check_for_internet + + check_for_upgrade +} + +main + diff --git a/usr/bin/UPDATE_PAYLOADS b/usr/bin/UPDATE_PAYLOADS new file mode 100755 index 0000000..a8284a3 --- /dev/null +++ b/usr/bin/UPDATE_PAYLOADS @@ -0,0 +1,38 @@ +#!/bin/bash + +MASTER_URL="https://github.com/hak5/sharkjack-payloads/archive/refs/heads/master.tar.gz" + +check_for_internet() { + if ! ping -q -c 1 -W 1 8.8.8.8 >/dev/null 2>&1; then + echo "You must have an internet connection to sync the payload libraries." + exit 0 + fi +} + +cleanup_tmp() { + rm -rf /tmp/payloads-sync.tar.gz + rm -rf /tmp/payloads-sync +} + +update_payloads() { + cleanup_tmp + + echo "Downloading payloads repository..." + curl -sL $MASTER_URL -o /tmp/payloads-sync.tar.gz + + mkdir /tmp/payloads-sync + tar -xzf /tmp/payloads-sync.tar.gz -C /tmp/payloads-sync + + cp -r /tmp/payloads-sync/sharkjack-payloads-master/payloads/library /root/payload/ + + cleanup_tmp + + echo "Successfully syncronized payloads repository." +} + +main() { + check_for_internet + update_payloads +} + +main diff --git a/usr/bin/cleanup b/usr/bin/cleanup deleted file mode 100755 index 6756ed7..0000000 --- a/usr/bin/cleanup +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -# Clean up each directory -for d in "${HOME}/.ssh" "/root/loot"; do - [ -d "${d}" ] && rm -rf "${d}" -done diff --git a/usr/bin/cleanup b/usr/bin/cleanup new file mode 120000 index 0000000..79ee4a2 --- /dev/null +++ b/usr/bin/cleanup @@ -0,0 +1 @@ +CLEANUP \ No newline at end of file diff --git a/usr/bin/execute_payload b/usr/bin/execute_payload index c52251a..6857bda 100755 --- a/usr/bin/execute_payload +++ b/usr/bin/execute_payload @@ -1,4 +1,5 @@ #!/bin/bash + LOG="logger -t Shark [*]" $LOG "Prepping PAYLOAD environment" diff --git a/usr/bin/shark_framework b/usr/bin/shark_framework index 6157092..1b2cdaa 100755 --- a/usr/bin/shark_framework +++ b/usr/bin/shark_framework @@ -53,7 +53,7 @@ execute_upgrade() { $LOG "Firmware upgrade found" $LOG "Verifying firmware upgrade" - upgrade_file_size=$(( $(wc -c "${upgrade_file}") - 33 )) + upgrade_file_size=$(( $(wc -c "${upgrade_file}" | awk '{print $1}') - 33 )) # Extract md5sum from upgrade file extract_md5 "${upgrade_file}" /tmp/upgrade.md5 "${upgrade_file_size}"