Merge pull request #1 from rcoemans/rcoemans-patch-1
Backup and Restore scripts with logging and notificationpull/21/head
commit
08b8ae41b8
|
@ -0,0 +1,209 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: backup.sh
|
||||
# Description: Backup important data on SharkJack, zip it and optionally exfiltrate
|
||||
# Execute with: bash ./backup.sh (e.g. "bash ./backup.sh")
|
||||
# Author: Robert Coemans
|
||||
# Version: 1.0 (20-08-2020)
|
||||
# Category: Util
|
||||
#
|
||||
# Dependencies: this payload requires you to have the following packages already installed and configured via 'opkg install' (do 'opkg update' first):
|
||||
# - curl = E.g. to grab external IP address and to post notifications
|
||||
# - zip
|
||||
#
|
||||
# LED indications (https://docs.hak5.org/hc/en-us/articles/360010554653-LED)
|
||||
# - Setting up = Magenta solid [LED SETUP]
|
||||
# - Backing up = Yellow single blink [LED ATTACK]
|
||||
# - Finishing up = Yellow double blink [LED STAGE2]
|
||||
# - Finished = Green very fast blinking followed by solid [LED FINISH]
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Configuration
|
||||
# ****************************************************************************************************
|
||||
|
||||
# Setup toggles
|
||||
NOTIFY_PUSHOVER=true
|
||||
START_CLOUD_C2_CLIENT=false
|
||||
|
||||
# Finish toggles
|
||||
EXFIL_TO_CLOUD_C2=true
|
||||
EXFIL_TO_SCP=false
|
||||
|
||||
# Setup variables
|
||||
BACKUP_DIR_ROOT="/root/backup"
|
||||
TODAY=$(date +%Y%m%d)
|
||||
START_TIME=$(date)
|
||||
BATTERY_STATUS=$(BATTERY)
|
||||
CLOUD_C2_PROVISION="/etc/device.config"
|
||||
|
||||
# Backup variables
|
||||
BACKUP_FOLDERS=( "/root/payload" "/root/loot" "/usr/share/arp-scan" ) # Add folders to be backed up here!
|
||||
BACKUP_FILES=( "/etc/device.config" ) # Add files to be backed up here!
|
||||
BACKUP_DESTINATION_USER="{username}" # Generate a ssh key (ssh-keygen) on the destination host and copy it (~/.ssh/id_rsa_pub) to the SharkJack (~/.ssh/authorized/keys) in order to bypass password!
|
||||
BACKUP_DESTINATION_HOST="192.168.10.1"
|
||||
BACKUP_DESTINATION_DIR_ROOT="/some/destination/folder/for/backup"
|
||||
|
||||
# Exfiltrate and notification variables
|
||||
PUSHOVER_API_POST_URL="https://api.pushover.net/1/messages.json"
|
||||
PUSHOVER_APPLICATION_TOKEN="{your-application-token}"
|
||||
PUSHOVER_USER_TOKEN="{your-user-token}"
|
||||
PUSHOVER_PRIORITY="1" # send as -2 to generate no notification/alert, -1 to always send as a quiet notification or 1 to display as high-priority and bypass the user's quiet hours!
|
||||
PUSHOVER_DEVICE="{your-device}" # Multiple devices may be separated by a comma!
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Setup functions
|
||||
# ****************************************************************************************************
|
||||
|
||||
function CREATE_BACKUP_FOLDER() {
|
||||
if [ ! -d $BACKUP_DIR_ROOT ]; then
|
||||
mkdir -p $BACKUP_DIR_ROOT > /dev/null
|
||||
fi
|
||||
if [ "ls $BACKUP_DIR_ROOT -l | grep "^d" | wc -l" = "0" ]; then
|
||||
SCAN_COUNT=1
|
||||
else
|
||||
SCAN_COUNT=$(ls $BACKUP_DIR_ROOT -l | grep "^d" | awk {'print $9'} | sort -n | awk 'END{print}' | awk -F'-' '{print $1}')
|
||||
((SCAN_COUNT++))
|
||||
fi
|
||||
BACKUP_DIR=$BACKUP_DIR_ROOT/$SCAN_COUNT-$TODAY-SharkJack-backup
|
||||
mkdir $BACKUP_DIR > /dev/null
|
||||
return
|
||||
}
|
||||
|
||||
function INITIALIZE_LOG_FILE() {
|
||||
LOG_FILE=$BACKUP_DIR_ROOT/$SCAN_COUNT-$TODAY-SharkJack-backup.log
|
||||
touch $LOG_FILE
|
||||
echo "****************************************************************************************************" >> $LOG_FILE
|
||||
echo "Backup executed at: $START_TIME" >> $LOG_FILE
|
||||
echo "SharkJack battery status: $BATTERY_STATUS" >> $LOG_FILE
|
||||
echo "****************************************************************************************************" >> $LOG_FILE
|
||||
echo >> $LOG_FILE
|
||||
echo "Free diskspace before actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
|
||||
echo "Backup directory has been created: $BACKUP_DIR" >> $LOG_FILE
|
||||
return
|
||||
}
|
||||
|
||||
function BACKUP_STARTED_NOTIFICATION() {
|
||||
if [ "$NOTIFY_PUSHOVER" = "true" ]; then
|
||||
curl -s --form-string token="$PUSHOVER_APPLICATION_TOKEN" --form-string user="$PUSHOVER_USER_TOKEN" --form-string priority="$PUSHOVER_PRIORITY" --form-string device="$PUSHOVER_DEVICE" --form-string title="SharkJack backup started on date: $(date '+%d-%m-%Y'), time: $(date '+%H:%M') $(date '+%Z %z')" --form-string message="Backup identifier: $SCAN_COUNT-$TODAY" $PUSHOVER_API_POST_URL > /dev/null && echo "Backup started notification has been sent to Pushover" >> $LOG_FILE || echo "Backup started notification has NOT been sent to Pushover as something went wrong" >> $LOG_FILE
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
function START_CLOUD_C2_CLIENT() {
|
||||
if [ "$START_CLOUD_C2_CLIENT" = "true" ]; then
|
||||
if [[ -f "$CLOUD_C2_PROVISION" ]]; then
|
||||
C2CONNECT
|
||||
while ! pgrep cc-client; do sleep 1; done
|
||||
echo "Connected to Cloud C2" >> $LOG_FILE
|
||||
else
|
||||
echo "Cloud C2 client configuration file ($CLOUD_C2_PROVISION) does not exists" >> $LOG_FILE
|
||||
fi
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Backup functions
|
||||
# ****************************************************************************************************
|
||||
|
||||
function BACKUP_FOLDERS() {
|
||||
for BACKUP_FOLDER in ${BACKUP_FOLDERS[@]}; do
|
||||
mkdir -p $BACKUP_DIR/$BACKUP_FOLDER
|
||||
cp -r $BACKUP_FOLDER/* $BACKUP_DIR/$BACKUP_FOLDER
|
||||
echo "Folder $BACKUP_FOLDER has been copied to backup destination" >> $LOG_FILE
|
||||
done
|
||||
return
|
||||
}
|
||||
|
||||
function BACKUP_FILES() {
|
||||
for BACKUP_FILE in ${BACKUP_FILES[@]}; do
|
||||
mkdir -p $(dirname $BACKUP_DIR/$BACKUP_FILE)
|
||||
cp $BACKUP_FILE $BACKUP_DIR/$BACKUP_FILE
|
||||
echo "File $BACKUP_FILE has been copied to backup destination" >> $LOG_FILE
|
||||
done
|
||||
return
|
||||
}
|
||||
|
||||
function CREATE_ZIP_FILE() {
|
||||
# Including removing backup files and moving zip file and log file to backup folder
|
||||
ZIP_FILE=$BACKUP_DIR_ROOT/$SCAN_COUNT-$TODAY-SharkJack-backup.zip
|
||||
cd $BACKUP_DIR
|
||||
zip -r $ZIP_FILE ./* > /dev/null
|
||||
echo "Backup has been zipped into the file $ZIP_FILE" >> $LOG_FILE
|
||||
rm -rf $BACKUP_DIR/*
|
||||
echo "Contents from folder $BACKUP_DIR has been removed" >> $LOG_FILE
|
||||
mv $LOG_FILE $BACKUP_DIR/
|
||||
LOG_FILE=$BACKUP_DIR/$SCAN_COUNT-$TODAY-SharkJack-backup.log
|
||||
echo "Log file has been moved to backup destination" >> $LOG_FILE
|
||||
mv $ZIP_FILE $BACKUP_DIR/
|
||||
ZIP_FILE=$BACKUP_DIR/$SCAN_COUNT-$TODAY-SharkJack-backup.zip
|
||||
echo "Zip file has been moved to backup destination" >> $LOG_FILE
|
||||
return
|
||||
}
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Finish functions
|
||||
# ****************************************************************************************************
|
||||
|
||||
function EXFIL_TO_CLOUD_C2() {
|
||||
if [ "$EXFIL_TO_CLOUD_C2" = "true" ]; then
|
||||
if [[ $(pgrep cc-client) ]]; then
|
||||
LOG_FILE_DESC="$SCAN_COUNT-$TODAY-SharkJack-backup-log"
|
||||
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||
ZIP_FILE_DESC="$SCAN_COUNT-$TODAY-SharkJack-backup-zip"
|
||||
C2EXFIL $ZIP_FILE $ZIP_FILE_DESC && echo "Exfiltration of $ZIP_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $ZIP_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||
else
|
||||
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
|
||||
fi
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
function EXFIL_TO_SCP() {
|
||||
if [ "$EXFIL_TO_SCP" = "true" ]; then
|
||||
scp -pr "$BACKUP_DIR" "$BACKUP_DESTINATION_USER@$BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/" && echo "Backup has been copied to $BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/" >> $LOG_FILE || echo "Backup failed to copy to $BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/" >> $LOG_FILE
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
function BACKUP_COMPLETED_NOTIFICATION() {
|
||||
if [ "$NOTIFY_PUSHOVER" = "true" ]; then
|
||||
curl -s --form-string token="$PUSHOVER_APPLICATION_TOKEN" --form-string user="$PUSHOVER_USER_TOKEN" --form-string priority="$PUSHOVER_PRIORITY" --form-string device="$PUSHOVER_DEVICE" --form-string title="SharkJack backup completed message" --form-string message="Backup identifier: $SCAN_COUNT-$TODAY, Complete backup took $SECONDS seconds" $PUSHOVER_API_POST_URL > /dev/null && echo "Backup completed notification has been sent to Pushover" >> $LOG_FILE || echo "Backup completed notification has NOT been sent to Pushover as something went wrong" >> $LOG_FILE
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Execute payload
|
||||
# ****************************************************************************************************
|
||||
|
||||
# Setup
|
||||
LED SETUP
|
||||
CREATE_BACKUP_FOLDER # Checks backup folder with highest index number in backup root folder and creates the next backup folder for current scan
|
||||
INITIALIZE_LOG_FILE # Initialize the log file
|
||||
BACKUP_STARTED_NOTIFICATION
|
||||
START_CLOUD_C2_CLIENT
|
||||
|
||||
# Backup
|
||||
LED ATTACK
|
||||
BACKUP_FOLDERS
|
||||
BACKUP_FILES
|
||||
CREATE_ZIP_FILE
|
||||
|
||||
# Finish
|
||||
LED STAGE2
|
||||
echo "Free diskspace after actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
|
||||
echo "Backup script took $SECONDS seconds" >> $LOG_FILE
|
||||
EXFIL_TO_CLOUD_C2
|
||||
EXFIL_TO_SCP
|
||||
BACKUP_COMPLETED_NOTIFICATION
|
||||
sync # Sync filesystem in order to prevent data loss
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Prevent logging after this line!
|
||||
# ****************************************************************************************************
|
||||
|
||||
LED FINISH
|
||||
|
||||
echo
|
||||
cat $LOG_FILE
|
|
@ -0,0 +1,124 @@
|
|||
# Backup and Restore shell scripts for Shark Jack
|
||||
|
||||
---
|
||||
|
||||
Author: Robert Coemans
|
||||
Version: 1.0
|
||||
|
||||
## Description
|
||||
|
||||
---
|
||||
|
||||
Being tired of having to re-image your Shark Jack and going through the hassle of backing up and restoring the device? These shell scripts will help you to backup and restore all important data on your Shark Jack.
|
||||
|
||||
The scripts has been created in a modular fashion which allows easy extending the scripts with new functions. The backup script (`backup.sh`) incorporates logic to determine already existing backup folders and create a new (unique) backup folder every time the script is executed.
|
||||
|
||||
## backup.sh
|
||||
|
||||
---
|
||||
|
||||
### Use
|
||||
|
||||
1. Execute the script with: `bash ./backup.sh`
|
||||
|
||||
### Toggles
|
||||
|
||||
Toggle | Description | Values
|
||||
---------------------------- | -------------------------------------------------------------------------------- | ---
|
||||
NOTIFY_PUSHOVER | Send start/stop notifications to [Pushover](https://pushover.net/) | true/false
|
||||
START_CLOUD_C2_CLIENT | Have script start Cloud C2 client in case Cloud C2 client is not yet started | true/false
|
||||
EXFIL_TO_CLOUD_C2 | Exfiltrate backup zip file and log file to Cloud C2 | true/false
|
||||
EXFIL_TO_SCP | Exfiltrate backup zip file and log file to external host using `scp` | true/false
|
||||
|
||||
### Variables
|
||||
|
||||
Variable | Description | Values
|
||||
---------------------------- | -------------------------------------------------------------------------------- | ---
|
||||
BACKUP_DIR_ROOT | Folder on Shark Jack to store backup zip files and log files | {folder e.g. `/root/backup`}
|
||||
BACKUP_FOLDERS | Array containing folders to be backed up | {array e.g. `( "/root/payload" "/root/loot" "/usr/share/arp-scan" )`}
|
||||
BACKUP_FILES | Array containing files to be backed up | {array e.g. `( "/etc/device.config" )`}
|
||||
BACKUP_DESTINATION_USER | Username for remote host for SCP exfiltration | {username e.g. `root`}
|
||||
BACKUP_DESTINATION_HOST | Hostname or IP address for remote host for SCP exfiltration | {hostname/ip e.g. `192.168.10.1`}
|
||||
BACKUP_DESTINATION_DIR_ROOT | Folder on remote host for storing back zip file and log file | {folder e.g. `/root/downloads/backup`}
|
||||
PUSHOVER_API_POST_URL | Pushover post API url | https://api.pushover.net/1/messages.json
|
||||
PUSHOVER_APPLICATION_TOKEN | Pushover application token | {your-application-token}
|
||||
PUSHOVER_USER_TOKEN | Pushover user token | {your-user-token}
|
||||
PUSHOVER_PRIORITY | Pushover priority | -2 no notification/alert, -1 send as a quiet notification, 1 high-priority and bypass the user's quiet hours
|
||||
PUSHOVER_DEVICE | Pushover device, multiple devices may be separated by a comma | {your-device}
|
||||
|
||||
### Dependencies
|
||||
|
||||
This script depends on the following packages:
|
||||
|
||||
- curl
|
||||
- zip
|
||||
|
||||
### Good to know
|
||||
|
||||
- Generate a ssh key (`ssh-keygen`) on the destination host and copy it (`~/.ssh/id_rsa_pub`) to the SharkJack (`~/.ssh/authorized/keys`) in order to bypass password for exfiltration to external host using `scp`!
|
||||
|
||||
### Status LED's
|
||||
|
||||
Color/Pattern | Meaning
|
||||
------------- | ---
|
||||
Setting up | Magenta solid [LED SETUP]
|
||||
Backing up | Yellow single blink [LED ATTACK]
|
||||
Finishing up | Yellow double blink [LED STAGE2]
|
||||
Finished | Green very fast blinking followed by solid [LED FINISH]
|
||||
|
||||
## restore.sh
|
||||
|
||||
1. Copy a backup created with `backup.sh` to the Shark Jack with: `scp backup.zip root@172.16.24.1:/destination/folder/` example: `scp 1-20200101-SharkJack-backup.zip root@172.16.24.1:/tmp/`
|
||||
1. Execute the script with: `bash ./restore.sh /path/to/backup.zip` example: `bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip`
|
||||
|
||||
### Toggles
|
||||
|
||||
Toggle | Description | Values
|
||||
---------------------------- | -------------------------------------------------------------------------------- | ---
|
||||
NOTIFY_PUSHOVER | Send start/stop notifications to [Pushover](https://pushover.net/) | true/false
|
||||
START_CLOUD_C2_CLIENT | Have script start Cloud C2 client in case Cloud C2 client is not yet started | true/false
|
||||
INSTALL_PACKAGES | Have script install packages defined in variable `OPKG_PACKAGES_TO_INSTALL` | true/false
|
||||
RESTORE_ONLY_NEWER_FILES | Skip newer files on restore destination | true/false
|
||||
EXFIL_TO_CLOUD_C2 | Exfiltrate backup zip file and log file to Cloud C2 | true/false
|
||||
EXFIL_TO_SCP | Exfiltrate backup zip file and log file to external host using `scp` | true/false
|
||||
|
||||
### Variables
|
||||
|
||||
Variable | Description | Values
|
||||
---------------------------- | -------------------------------------------------------------------------------- | ---
|
||||
RESTORE_DIR_ROOT | Temporary folder on Shark Jack for unzipping back zip file and storing log file | {folder e.g. `/root/restore`}
|
||||
RESTORE_DESTINATION_USER | Username for remote host for SCP exfiltration | {username e.g. `root`}
|
||||
RESTORE_DESTINATION_HOST | Hostname or IP address for remote host for SCP exfiltration | {hostname/ip e.g. `192.168.10.1`}
|
||||
RESTORE_DESTINATION_DIR_ROOT | Folder on remote host for storing log file | {folder e.g. `/root/downloads/backup`}
|
||||
PUSHOVER_API_POST_URL | Pushover post API url | `https://api.pushover.net/1/messages.json`
|
||||
PUSHOVER_APPLICATION_TOKEN | Pushover application token | {your-application-token}
|
||||
PUSHOVER_USER_TOKEN | Pushover user token | {your-user-token}
|
||||
PUSHOVER_PRIORITY | Pushover priority | `-2` no notification/alert, `-1` send as a quiet notification, `1` high-priority and bypass the user's quiet hours
|
||||
PUSHOVER_DEVICE | Pushover device, multiple devices may be separated by a comma | {your-device}
|
||||
|
||||
### Dependencies
|
||||
|
||||
This script depends on the following packages:
|
||||
|
||||
- curl
|
||||
- unzip
|
||||
|
||||
### Good to know
|
||||
|
||||
- Be careful with variable `RESTORE_DIR_ROOT`, this folder and all its contents including subfolders will be deleted during restore actions!
|
||||
- Generate a ssh key (`ssh-keygen`) on the destination host and copy it (`~/.ssh/id_rsa_pub`) to the SharkJack (`~/.ssh/authorized/keys`) in order to bypass password for exfiltration to external host using `scp`!
|
||||
|
||||
### Status LED's
|
||||
|
||||
Color/Pattern | Meaning
|
||||
------------- | ---
|
||||
Setting up | Magenta solid [LED SETUP]
|
||||
Restoring | Yellow single blink [LED ATTACK]
|
||||
Finishing up | Yellow double blink [LED STAGE2]
|
||||
Finished | Green very fast blinking followed by solid [LED FINISH]
|
||||
|
||||
## Discussion
|
||||
|
||||
---
|
||||
|
||||
[Hak5 Forum Thread to be added]()
|
|
@ -0,0 +1,213 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: restore.sh
|
||||
# Description: Restore backed-up date and install packages on SharkJack
|
||||
# Execute with: bash ./restore.sh /path/to/backup.zip (e.g. "bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip")
|
||||
# Copy the backup file to the Shark Jack's /tmp directory via SCP (e.g. "scp 1-20200101-SharkJack-backup.zip root@172.16.24.1:/tmp/")
|
||||
# Author: Robert Coemans
|
||||
# Version: 1.0 (20-08-2020)
|
||||
# Category: Util
|
||||
#
|
||||
# Dependencies: this payload requires you to have the following packages already installed and configured via 'opkg install' (do 'opkg update' first):
|
||||
# - curl = E.g. to grab external IP address and to post notifications
|
||||
# - unzip
|
||||
#
|
||||
# LED indications (https://docs.hak5.org/hc/en-us/articles/360010554653-LED)
|
||||
# - Setting up = Magenta solid [LED SETUP]
|
||||
# - Restoring = Yellow single blink [LED ATTACK]
|
||||
# - Finishing up = Yellow double blink [LED STAGE2]
|
||||
# - Finished = Green very fast blinking followed by solid [LED FINISH]
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Configuration
|
||||
# ****************************************************************************************************
|
||||
|
||||
# Setup toggles
|
||||
NOTIFY_PUSHOVER=true
|
||||
START_CLOUD_C2_CLIENT=false
|
||||
|
||||
# Restore toggles
|
||||
INSTALL_PACKAGES=false
|
||||
RESTORE_ONLY_NEWER_FILES=false # If set to false all files from backup will be restored even older files!
|
||||
|
||||
# Finish toggles
|
||||
EXFIL_TO_CLOUD_C2=true
|
||||
EXFIL_TO_SCP=false
|
||||
|
||||
# Setup variables
|
||||
RESTORE_DIR_ROOT="/root/restore" # Be careful, this folder and all its contents including subfolders will be deleted!
|
||||
TODAY=$(date +%Y%m%d)
|
||||
START_TIME=$(date)
|
||||
BATTERY_STATUS=$(BATTERY)
|
||||
CLOUD_C2_PROVISION="/etc/device.config"
|
||||
|
||||
# Restore variables
|
||||
OPKG_PACKAGES_TO_INSTALL=( "unzip" "zip" "nano" "curl" "lldpd" "bind-dig" "bind-host" "libustream-openssl" )
|
||||
RESTORE_DESTINATION_USER="{username}" # Generate a ssh key (ssh-keygen) on the destination host and copy it (~/.ssh/id_rsa_pub) to the SharkJack (~/.ssh/authorized/keys) in order to bypass password!
|
||||
RESTORE_DESTINATION_HOST="192.168.10.1"
|
||||
RESTORE_DESTINATION_DIR_ROOT="/some/destination/folder/for/log_file"
|
||||
|
||||
# Exfiltrate and notification variables
|
||||
PUSHOVER_API_POST_URL="https://api.pushover.net/1/messages.json"
|
||||
PUSHOVER_APPLICATION_TOKEN="{your-application-token}"
|
||||
PUSHOVER_USER_TOKEN="{your-user-token}"
|
||||
PUSHOVER_PRIORITY="1" # send as -2 to generate no notification/alert, -1 to always send as a quiet notification or 1 to display as high-priority and bypass the user's quiet hours!
|
||||
PUSHOVER_DEVICE="{your-device}" # Multiple devices may be separated by a comma!
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Setup functions
|
||||
# ****************************************************************************************************
|
||||
|
||||
function CHECK_INPUT_PARAM() {
|
||||
if [ "$1" == "" ]; then
|
||||
echo "Please specify the backup.zip file to be restored (e.g. "bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip")."
|
||||
exit
|
||||
elif [ ! -f "$1" ]; then
|
||||
echo "$1 is not an existing file, please specify a backup.zip file to be restored (e.g. "bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip")."
|
||||
exit
|
||||
elif [ "${1##*.}" == "zip" ]; then
|
||||
BACKUP_FILENAME=$(basename $1)
|
||||
BACKUP_FILENAME=${BACKUP_FILENAME%.*}
|
||||
else
|
||||
echo "$1 is not an zip file, please specify a backup.zip file to be restored (e.g. "bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip")."
|
||||
exit
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
function CREATE_RESTORE_FOLDER() {
|
||||
if [ -d "$RESTORE_DIR_ROOT" ]; then
|
||||
rm -r "$RESTORE_DIR_ROOT"
|
||||
fi
|
||||
mkdir -p "$RESTORE_DIR_ROOT" > /dev/null
|
||||
RESTORE_DIR="$RESTORE_DIR_ROOT/$BACKUP_FILENAME"
|
||||
mkdir -p "$RESTORE_DIR" > /dev/null
|
||||
return
|
||||
}
|
||||
|
||||
function INITIALIZE_LOG_FILE() {
|
||||
LOG_FILE=$RESTORE_DIR_ROOT/$BACKUP_FILENAME-restore.log
|
||||
touch $LOG_FILE
|
||||
echo "****************************************************************************************************" >> $LOG_FILE
|
||||
echo "Restore executed at: $START_TIME" >> $LOG_FILE
|
||||
echo "SharkJack battery status: $BATTERY_STATUS" >> $LOG_FILE
|
||||
echo "****************************************************************************************************" >> $LOG_FILE
|
||||
echo >> $LOG_FILE
|
||||
echo "Free diskspace before actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
|
||||
echo "Restore directory has been created: $RESTORE_DIR" >> $LOG_FILE
|
||||
return
|
||||
}
|
||||
|
||||
function RESTORE_STARTED_NOTIFICATION() {
|
||||
if [ "$NOTIFY_PUSHOVER" = "true" ]; then
|
||||
curl -s --form-string token="$PUSHOVER_APPLICATION_TOKEN" --form-string user="$PUSHOVER_USER_TOKEN" --form-string priority="$PUSHOVER_PRIORITY" --form-string device="$PUSHOVER_DEVICE" --form-string title="SharkJack restore started on date: $(date '+%d-%m-%Y'), time: $(date '+%H:%M') $(date '+%Z %z')" --form-string message="Restore identifier: $BACKUP_FILENAME" $PUSHOVER_API_POST_URL > /dev/null && echo "Restore started notification has been sent to Pushover" >> $LOG_FILE || echo "Restore started notification has NOT been sent to Pushover as something went wrong" >> $LOG_FILE
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
function START_CLOUD_C2_CLIENT() {
|
||||
if [ "$START_CLOUD_C2_CLIENT" = "true" ]; then
|
||||
if [[ -f "$CLOUD_C2_PROVISION" ]]; then
|
||||
C2CONNECT
|
||||
while ! pgrep cc-client; do sleep 1; done
|
||||
echo "Connected to Cloud C2" >> $LOG_FILE
|
||||
else
|
||||
echo "Cloud C2 client configuration file ($CLOUD_C2_PROVISION) does not exists" >> $LOG_FILE
|
||||
fi
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Restore functions
|
||||
# ****************************************************************************************************
|
||||
|
||||
function INSTALL_PACKAGES() {
|
||||
if [ "$INSTALL_PACKAGES" = "true" ]; then
|
||||
echo "INSTALL_PACKAGES function to be implemented!"
|
||||
# Wait until Shark Jack has an IP address
|
||||
while [ -z "$IPADDR" ]; do sleep 1 && IPADDR=$(ifconfig eth0 | grep "inet addr"); done
|
||||
#opkg update >> $LOG_FILE 2>&1 && echo "opkg (open package management) has been updated succesfully" >> $LOG_FILE || echo "opkg (open package management) has not been (fully) updated" >> $LOG_FILE
|
||||
opkg update && echo "opkg (open package management) has been updated succesfully" >> $LOG_FILE || echo "opkg (open package management) has not been (fully) updated" >> $LOG_FILE
|
||||
for OPKG_PACKAGE_TO_INSTALL in ${OPKG_PACKAGES_TO_INSTALL[@]}; do
|
||||
#opkg install $OPKG_PACKAGE_TO_INSTALL >> $LOG_FILE 2>&1 && echo "Package $OPKG_PACKAGE_TO_INSTALL has been installed succesfully" >> $LOG_FILE || echo "Package $OPKG_PACKAGE_TO_INSTALL has not been installed" >> $LOG_FILE
|
||||
opkg install $OPKG_PACKAGE_TO_INSTALL && echo "Package $OPKG_PACKAGE_TO_INSTALL has been installed succesfully" >> $LOG_FILE || echo "Package $OPKG_PACKAGE_TO_INSTALL has not been installed" >> $LOG_FILE
|
||||
done
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
function RESTORE_DATA() {
|
||||
unzip $1 -d $RESTORE_DIR && echo "Backup file $1 has been extracted" >> $LOG_FILE || echo "Backup file $1 has NOT been extracted" >> $LOG_FILE
|
||||
if [ "$RESTORE_ONLY_NEWER_FILES" = "true" ]; then
|
||||
cp -ru $RESTORE_DIR/* / && echo "Files from backup $BACKUP_FILENAME has been restored while skipping existing newer files" >> $LOG_FILE || echo "Something went wrong, no files have been restored" >> $LOG_FILE
|
||||
else
|
||||
cp -r "$RESTORE_DIR/*" "/" && echo "Files from backup $BACKUP_FILENAME has been restored while overwriting existing files" >> $LOG_FILE || echo "Something went wrong, no files have been restored" >> $LOG_FILE
|
||||
fi
|
||||
rm -r "$RESTORE_DIR" && echo "Extraction folder $RESTORE_DIR has been cleaned up" >> $LOG_FILE || echo "Extraction folder $RESTORE_DIR has NOT been cleaned up" >> $LOG_FILE
|
||||
}
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Finish functions
|
||||
# ****************************************************************************************************
|
||||
|
||||
function EXFIL_TO_CLOUD_C2() {
|
||||
if [ "$EXFIL_TO_CLOUD_C2" = "true" ]; then
|
||||
if [[ $(pgrep cc-client) ]]; then
|
||||
LOG_FILE_DESC="$BACKUP_FILENAME-restore-log"
|
||||
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||
else
|
||||
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
|
||||
fi
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
function EXFIL_TO_SCP() {
|
||||
if [ "$EXFIL_TO_SCP" = "true" ]; then
|
||||
scp "$LOG_FILE" "$RESTORE_DESTINATION_USER@$RESTORE_DESTINATION_HOST:$RESTORE_DESTINATION_DIR_ROOT" && echo "Exfiltration of $LOG_FILE to $BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/ has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to $BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/ has failed" >> $LOG_FILE
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
function RESTORE_COMPLETED_NOTIFICATION() {
|
||||
if [ "$NOTIFY_PUSHOVER" = "true" ]; then
|
||||
curl -s --form-string token="$PUSHOVER_APPLICATION_TOKEN" --form-string user="$PUSHOVER_USER_TOKEN" --form-string priority="$PUSHOVER_PRIORITY" --form-string device="$PUSHOVER_DEVICE" --form-string title="SharkJack restore completed message" --form-string message="Restore identifier: $BACKUP_FILENAME, Complete restore took $SECONDS seconds" $PUSHOVER_API_POST_URL > /dev/null && echo "Restore completed notification has been sent to Pushover" >> $LOG_FILE || echo "Restore completed notification has NOT been sent to Pushover as something went wrong" >> $LOG_FILE
|
||||
fi
|
||||
return
|
||||
}
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Execute payload
|
||||
# ****************************************************************************************************
|
||||
|
||||
# Setup
|
||||
LED SETUP
|
||||
CHECK_INPUT_PARAM $1 # Checks whether given paramerter is an existing zip file
|
||||
CREATE_RESTORE_FOLDER # Checks whether restore folder exists and creates or empties if required
|
||||
INITIALIZE_LOG_FILE # Initialize the log file
|
||||
RESTORE_STARTED_NOTIFICATION
|
||||
START_CLOUD_C2_CLIENT
|
||||
|
||||
# Restore
|
||||
LED ATTACK
|
||||
INSTALL_PACKAGES
|
||||
RESTORE_DATA $1
|
||||
|
||||
# Finish
|
||||
LED STAGE2
|
||||
echo "Free diskspace after actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
|
||||
echo "Restore script took $SECONDS seconds" >> $LOG_FILE
|
||||
EXFIL_TO_CLOUD_C2
|
||||
EXFIL_TO_SCP
|
||||
RESTORE_COMPLETED_NOTIFICATION
|
||||
sync # Sync filesystem in order to prevent data loss
|
||||
|
||||
# ****************************************************************************************************
|
||||
# Prevent logging after this line!
|
||||
# ****************************************************************************************************
|
||||
|
||||
LED FINISH
|
||||
|
||||
echo
|
||||
cat $LOG_FILE
|
Loading…
Reference in New Issue