mirror of https://github.com/hak5/shark-files.git
root: Update default payload
parent
1fe19cb021
commit
ed8d755436
|
@ -2,81 +2,41 @@
|
||||||
#
|
#
|
||||||
# Title: Sample Nmap Payload for Shark Jack
|
# Title: Sample Nmap Payload for Shark Jack
|
||||||
# Author: Hak5
|
# Author: Hak5
|
||||||
# Version: 1.0
|
# Version: 1.2
|
||||||
#
|
#
|
||||||
# Scans target subnet with Nmap using specified options. Saves each scan result
|
# Scans target subnet with Nmap using specified options. Saves each scan result
|
||||||
# to loot storage folder.
|
# to loot storage folder. Includes SERIAL_WRITE commands for Shark Jack Cable.
|
||||||
#
|
#
|
||||||
# Red ...........Setup
|
# LED SETUP ... Obtaining IP address from DHCP
|
||||||
# Amber..........Scanning
|
# LED ATTACK ... Scanning
|
||||||
# Green..........Finished
|
# LED FINISH ... Scan Complete
|
||||||
#
|
#
|
||||||
# See nmap --help for options. Default "-sP" ping scans the address space for
|
# See nmap --help for options. Default "-sP" ping scans the address space for
|
||||||
# fast host discovery.
|
# fast host discovery.
|
||||||
|
|
||||||
|
|
||||||
|
echo "started payload" > /tmp/payload-debug.log
|
||||||
NMAP_OPTIONS="-sP --host-timeout 30s --max-retries 3"
|
NMAP_OPTIONS="-sP --host-timeout 30s --max-retries 3"
|
||||||
LOOT_DIR=/root/loot/nmap
|
LOOT_DIR=/root/loot/nmap
|
||||||
SCAN_DIR=/etc/shark/nmap
|
|
||||||
|
|
||||||
|
# Setup loot directory, DHCP client, and determine subnet
|
||||||
function finish() {
|
SERIAL_WRITE [*] Setting up payload
|
||||||
LED CLEANUP
|
|
||||||
# Kill Nmap
|
|
||||||
wait $1
|
|
||||||
kill $1 &> /dev/null
|
|
||||||
|
|
||||||
# Sync filesystem
|
|
||||||
echo $SCAN_M > $SCAN_FILE
|
|
||||||
sync
|
|
||||||
sleep 1
|
|
||||||
|
|
||||||
LED FINISH
|
|
||||||
sleep 1
|
|
||||||
|
|
||||||
# Halt system
|
|
||||||
halt
|
|
||||||
}
|
|
||||||
|
|
||||||
function setup() {
|
|
||||||
LED SETUP
|
LED SETUP
|
||||||
# Create loot directory
|
mkdir -p $LOOT_DIR
|
||||||
mkdir -p $LOOT_DIR &> /dev/null
|
COUNT=$(($(ls -l $LOOT_DIR/*.txt | wc -l)+1))
|
||||||
|
|
||||||
# Create tmp scan directory
|
|
||||||
mkdir -p $SCAN_DIR &> /dev/null
|
|
||||||
|
|
||||||
# Create tmp scan file if it doesn't exist
|
|
||||||
SCAN_FILE=$SCAN_DIR/scan-count
|
|
||||||
if [ ! -f $SCAN_FILE ]; then
|
|
||||||
touch $SCAN_FILE && echo 0 > $SCAN_FILE
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Find IP address and subnet
|
|
||||||
NETMODE DHCP_CLIENT
|
NETMODE DHCP_CLIENT
|
||||||
|
SERIAL_WRITE [*] Waiting for IP from DHCP
|
||||||
while [ -z "$SUBNET" ]; do
|
while [ -z "$SUBNET" ]; do
|
||||||
sleep 1 && find_subnet
|
sleep 1 && SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//')
|
||||||
done
|
done
|
||||||
}
|
echo "Recieved IP address from DHCP" >> /tmp/payload-debug.log
|
||||||
|
|
||||||
function find_subnet() {
|
|
||||||
SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//')
|
|
||||||
}
|
|
||||||
|
|
||||||
function run() {
|
|
||||||
# Run setup
|
|
||||||
setup
|
|
||||||
|
|
||||||
SCAN_N=$(cat $SCAN_FILE)
|
|
||||||
SCAN_M=$(( $SCAN_N + 1 ))
|
|
||||||
|
|
||||||
|
# Scan network
|
||||||
LED ATTACK
|
LED ATTACK
|
||||||
# Start scan
|
SERIAL_WRITE [*] Starting nmap scan...
|
||||||
nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$SCAN_M.txt &>/dev/null &
|
nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$COUNT.txt
|
||||||
tpid=$!
|
echo "scanned network" >> /tmp/payload-debug.log
|
||||||
|
LED FINISH
|
||||||
finish $tpid
|
SERIAL_WRITE [*] Payload complete!
|
||||||
}
|
sleep 2 && sync
|
||||||
|
|
||||||
|
|
||||||
# Run payload
|
|
||||||
run &
|
|
||||||
|
|
Loading…
Reference in New Issue