Merge pull request #1 from rcoemans/rcoemans-patch-1

Backup and Restore scripts with logging and notification
pull/21/head
rcoemans 2020-08-20 21:28:25 +02:00 committed by GitHub
commit 08b8ae41b8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 546 additions and 0 deletions

View File

@ -0,0 +1,209 @@
#!/bin/bash
#
# Title: backup.sh
# Description: Backup important data on SharkJack, zip it and optionally exfiltrate
# Execute with: bash ./backup.sh (e.g. "bash ./backup.sh")
# Author: Robert Coemans
# Version: 1.0 (20-08-2020)
# Category: Util
#
# Dependencies: this payload requires you to have the following packages already installed and configured via 'opkg install' (do 'opkg update' first):
# - curl = E.g. to grab external IP address and to post notifications
# - zip
#
# LED indications (https://docs.hak5.org/hc/en-us/articles/360010554653-LED)
# - Setting up = Magenta solid [LED SETUP]
# - Backing up = Yellow single blink [LED ATTACK]
# - Finishing up = Yellow double blink [LED STAGE2]
# - Finished = Green very fast blinking followed by solid [LED FINISH]
# ****************************************************************************************************
# Configuration
# ****************************************************************************************************
# Setup toggles
NOTIFY_PUSHOVER=true
START_CLOUD_C2_CLIENT=false
# Finish toggles
EXFIL_TO_CLOUD_C2=true
EXFIL_TO_SCP=false
# Setup variables
BACKUP_DIR_ROOT="/root/backup"
TODAY=$(date +%Y%m%d)
START_TIME=$(date)
BATTERY_STATUS=$(BATTERY)
CLOUD_C2_PROVISION="/etc/device.config"
# Backup variables
BACKUP_FOLDERS=( "/root/payload" "/root/loot" "/usr/share/arp-scan" ) # Add folders to be backed up here!
BACKUP_FILES=( "/etc/device.config" ) # Add files to be backed up here!
BACKUP_DESTINATION_USER="{username}" # Generate a ssh key (ssh-keygen) on the destination host and copy it (~/.ssh/id_rsa_pub) to the SharkJack (~/.ssh/authorized/keys) in order to bypass password!
BACKUP_DESTINATION_HOST="192.168.10.1"
BACKUP_DESTINATION_DIR_ROOT="/some/destination/folder/for/backup"
# Exfiltrate and notification variables
PUSHOVER_API_POST_URL="https://api.pushover.net/1/messages.json"
PUSHOVER_APPLICATION_TOKEN="{your-application-token}"
PUSHOVER_USER_TOKEN="{your-user-token}"
PUSHOVER_PRIORITY="1" # send as -2 to generate no notification/alert, -1 to always send as a quiet notification or 1 to display as high-priority and bypass the user's quiet hours!
PUSHOVER_DEVICE="{your-device}" # Multiple devices may be separated by a comma!
# ****************************************************************************************************
# Setup functions
# ****************************************************************************************************
function CREATE_BACKUP_FOLDER() {
if [ ! -d $BACKUP_DIR_ROOT ]; then
mkdir -p $BACKUP_DIR_ROOT > /dev/null
fi
if [ "ls $BACKUP_DIR_ROOT -l | grep "^d" | wc -l" = "0" ]; then
SCAN_COUNT=1
else
SCAN_COUNT=$(ls $BACKUP_DIR_ROOT -l | grep "^d" | awk {'print $9'} | sort -n | awk 'END{print}' | awk -F'-' '{print $1}')
((SCAN_COUNT++))
fi
BACKUP_DIR=$BACKUP_DIR_ROOT/$SCAN_COUNT-$TODAY-SharkJack-backup
mkdir $BACKUP_DIR > /dev/null
return
}
function INITIALIZE_LOG_FILE() {
LOG_FILE=$BACKUP_DIR_ROOT/$SCAN_COUNT-$TODAY-SharkJack-backup.log
touch $LOG_FILE
echo "****************************************************************************************************" >> $LOG_FILE
echo "Backup executed at: $START_TIME" >> $LOG_FILE
echo "SharkJack battery status: $BATTERY_STATUS" >> $LOG_FILE
echo "****************************************************************************************************" >> $LOG_FILE
echo >> $LOG_FILE
echo "Free diskspace before actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
echo "Backup directory has been created: $BACKUP_DIR" >> $LOG_FILE
return
}
function BACKUP_STARTED_NOTIFICATION() {
if [ "$NOTIFY_PUSHOVER" = "true" ]; then
curl -s --form-string token="$PUSHOVER_APPLICATION_TOKEN" --form-string user="$PUSHOVER_USER_TOKEN" --form-string priority="$PUSHOVER_PRIORITY" --form-string device="$PUSHOVER_DEVICE" --form-string title="SharkJack backup started on date: $(date '+%d-%m-%Y'), time: $(date '+%H:%M') $(date '+%Z %z')" --form-string message="Backup identifier: $SCAN_COUNT-$TODAY" $PUSHOVER_API_POST_URL > /dev/null && echo "Backup started notification has been sent to Pushover" >> $LOG_FILE || echo "Backup started notification has NOT been sent to Pushover as something went wrong" >> $LOG_FILE
fi
return
}
function START_CLOUD_C2_CLIENT() {
if [ "$START_CLOUD_C2_CLIENT" = "true" ]; then
if [[ -f "$CLOUD_C2_PROVISION" ]]; then
C2CONNECT
while ! pgrep cc-client; do sleep 1; done
echo "Connected to Cloud C2" >> $LOG_FILE
else
echo "Cloud C2 client configuration file ($CLOUD_C2_PROVISION) does not exists" >> $LOG_FILE
fi
fi
return
}
# ****************************************************************************************************
# Backup functions
# ****************************************************************************************************
function BACKUP_FOLDERS() {
for BACKUP_FOLDER in ${BACKUP_FOLDERS[@]}; do
mkdir -p $BACKUP_DIR/$BACKUP_FOLDER
cp -r $BACKUP_FOLDER/* $BACKUP_DIR/$BACKUP_FOLDER
echo "Folder $BACKUP_FOLDER has been copied to backup destination" >> $LOG_FILE
done
return
}
function BACKUP_FILES() {
for BACKUP_FILE in ${BACKUP_FILES[@]}; do
mkdir -p $(dirname $BACKUP_DIR/$BACKUP_FILE)
cp $BACKUP_FILE $BACKUP_DIR/$BACKUP_FILE
echo "File $BACKUP_FILE has been copied to backup destination" >> $LOG_FILE
done
return
}
function CREATE_ZIP_FILE() {
# Including removing backup files and moving zip file and log file to backup folder
ZIP_FILE=$BACKUP_DIR_ROOT/$SCAN_COUNT-$TODAY-SharkJack-backup.zip
cd $BACKUP_DIR
zip -r $ZIP_FILE ./* > /dev/null
echo "Backup has been zipped into the file $ZIP_FILE" >> $LOG_FILE
rm -rf $BACKUP_DIR/*
echo "Contents from folder $BACKUP_DIR has been removed" >> $LOG_FILE
mv $LOG_FILE $BACKUP_DIR/
LOG_FILE=$BACKUP_DIR/$SCAN_COUNT-$TODAY-SharkJack-backup.log
echo "Log file has been moved to backup destination" >> $LOG_FILE
mv $ZIP_FILE $BACKUP_DIR/
ZIP_FILE=$BACKUP_DIR/$SCAN_COUNT-$TODAY-SharkJack-backup.zip
echo "Zip file has been moved to backup destination" >> $LOG_FILE
return
}
# ****************************************************************************************************
# Finish functions
# ****************************************************************************************************
function EXFIL_TO_CLOUD_C2() {
if [ "$EXFIL_TO_CLOUD_C2" = "true" ]; then
if [[ $(pgrep cc-client) ]]; then
LOG_FILE_DESC="$SCAN_COUNT-$TODAY-SharkJack-backup-log"
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
ZIP_FILE_DESC="$SCAN_COUNT-$TODAY-SharkJack-backup-zip"
C2EXFIL $ZIP_FILE $ZIP_FILE_DESC && echo "Exfiltration of $ZIP_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $ZIP_FILE to Cloud C2 has failed" >> $LOG_FILE
else
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
fi
fi
return
}
function EXFIL_TO_SCP() {
if [ "$EXFIL_TO_SCP" = "true" ]; then
scp -pr "$BACKUP_DIR" "$BACKUP_DESTINATION_USER@$BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/" && echo "Backup has been copied to $BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/" >> $LOG_FILE || echo "Backup failed to copy to $BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/" >> $LOG_FILE
fi
return
}
function BACKUP_COMPLETED_NOTIFICATION() {
if [ "$NOTIFY_PUSHOVER" = "true" ]; then
curl -s --form-string token="$PUSHOVER_APPLICATION_TOKEN" --form-string user="$PUSHOVER_USER_TOKEN" --form-string priority="$PUSHOVER_PRIORITY" --form-string device="$PUSHOVER_DEVICE" --form-string title="SharkJack backup completed message" --form-string message="Backup identifier: $SCAN_COUNT-$TODAY, Complete backup took $SECONDS seconds" $PUSHOVER_API_POST_URL > /dev/null && echo "Backup completed notification has been sent to Pushover" >> $LOG_FILE || echo "Backup completed notification has NOT been sent to Pushover as something went wrong" >> $LOG_FILE
fi
return
}
# ****************************************************************************************************
# Execute payload
# ****************************************************************************************************
# Setup
LED SETUP
CREATE_BACKUP_FOLDER # Checks backup folder with highest index number in backup root folder and creates the next backup folder for current scan
INITIALIZE_LOG_FILE # Initialize the log file
BACKUP_STARTED_NOTIFICATION
START_CLOUD_C2_CLIENT
# Backup
LED ATTACK
BACKUP_FOLDERS
BACKUP_FILES
CREATE_ZIP_FILE
# Finish
LED STAGE2
echo "Free diskspace after actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
echo "Backup script took $SECONDS seconds" >> $LOG_FILE
EXFIL_TO_CLOUD_C2
EXFIL_TO_SCP
BACKUP_COMPLETED_NOTIFICATION
sync # Sync filesystem in order to prevent data loss
# ****************************************************************************************************
# Prevent logging after this line!
# ****************************************************************************************************
LED FINISH
echo
cat $LOG_FILE

View File

@ -0,0 +1,124 @@
# Backup and Restore shell scripts for Shark Jack
---
Author: Robert Coemans
Version: 1.0
## Description
---
Being tired of having to re-image your Shark Jack and going through the hassle of backing up and restoring the device? These shell scripts will help you to backup and restore all important data on your Shark Jack.
The scripts has been created in a modular fashion which allows easy extending the scripts with new functions. The backup script (`backup.sh`) incorporates logic to determine already existing backup folders and create a new (unique) backup folder every time the script is executed.
## backup.sh
---
### Use
1. Execute the script with: `bash ./backup.sh`
### Toggles
Toggle | Description | Values
---------------------------- | -------------------------------------------------------------------------------- | ---
NOTIFY_PUSHOVER | Send start/stop notifications to [Pushover](https://pushover.net/) | true/false
START_CLOUD_C2_CLIENT | Have script start Cloud C2 client in case Cloud C2 client is not yet started | true/false
EXFIL_TO_CLOUD_C2 | Exfiltrate backup zip file and log file to Cloud C2 | true/false
EXFIL_TO_SCP | Exfiltrate backup zip file and log file to external host using `scp` | true/false
### Variables
Variable | Description | Values
---------------------------- | -------------------------------------------------------------------------------- | ---
BACKUP_DIR_ROOT | Folder on Shark Jack to store backup zip files and log files | {folder e.g. `/root/backup`}
BACKUP_FOLDERS | Array containing folders to be backed up | {array e.g. `( "/root/payload" "/root/loot" "/usr/share/arp-scan" )`}
BACKUP_FILES | Array containing files to be backed up | {array e.g. `( "/etc/device.config" )`}
BACKUP_DESTINATION_USER | Username for remote host for SCP exfiltration | {username e.g. `root`}
BACKUP_DESTINATION_HOST | Hostname or IP address for remote host for SCP exfiltration | {hostname/ip e.g. `192.168.10.1`}
BACKUP_DESTINATION_DIR_ROOT | Folder on remote host for storing back zip file and log file | {folder e.g. `/root/downloads/backup`}
PUSHOVER_API_POST_URL | Pushover post API url | https://api.pushover.net/1/messages.json
PUSHOVER_APPLICATION_TOKEN | Pushover application token | {your-application-token}
PUSHOVER_USER_TOKEN | Pushover user token | {your-user-token}
PUSHOVER_PRIORITY | Pushover priority | -2 no notification/alert, -1 send as a quiet notification, 1 high-priority and bypass the user's quiet hours
PUSHOVER_DEVICE | Pushover device, multiple devices may be separated by a comma | {your-device}
### Dependencies
This script depends on the following packages:
- curl
- zip
### Good to know
- Generate a ssh key (`ssh-keygen`) on the destination host and copy it (`~/.ssh/id_rsa_pub`) to the SharkJack (`~/.ssh/authorized/keys`) in order to bypass password for exfiltration to external host using `scp`!
### Status LED's
Color/Pattern | Meaning
------------- | ---
Setting up | Magenta solid [LED SETUP]
Backing up | Yellow single blink [LED ATTACK]
Finishing up | Yellow double blink [LED STAGE2]
Finished | Green very fast blinking followed by solid [LED FINISH]
## restore.sh
1. Copy a backup created with `backup.sh` to the Shark Jack with: `scp backup.zip root@172.16.24.1:/destination/folder/` example: `scp 1-20200101-SharkJack-backup.zip root@172.16.24.1:/tmp/`
1. Execute the script with: `bash ./restore.sh /path/to/backup.zip` example: `bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip`
### Toggles
Toggle | Description | Values
---------------------------- | -------------------------------------------------------------------------------- | ---
NOTIFY_PUSHOVER | Send start/stop notifications to [Pushover](https://pushover.net/) | true/false
START_CLOUD_C2_CLIENT | Have script start Cloud C2 client in case Cloud C2 client is not yet started | true/false
INSTALL_PACKAGES | Have script install packages defined in variable `OPKG_PACKAGES_TO_INSTALL` | true/false
RESTORE_ONLY_NEWER_FILES | Skip newer files on restore destination | true/false
EXFIL_TO_CLOUD_C2 | Exfiltrate backup zip file and log file to Cloud C2 | true/false
EXFIL_TO_SCP | Exfiltrate backup zip file and log file to external host using `scp` | true/false
### Variables
Variable | Description | Values
---------------------------- | -------------------------------------------------------------------------------- | ---
RESTORE_DIR_ROOT | Temporary folder on Shark Jack for unzipping back zip file and storing log file | {folder e.g. `/root/restore`}
RESTORE_DESTINATION_USER | Username for remote host for SCP exfiltration | {username e.g. `root`}
RESTORE_DESTINATION_HOST | Hostname or IP address for remote host for SCP exfiltration | {hostname/ip e.g. `192.168.10.1`}
RESTORE_DESTINATION_DIR_ROOT | Folder on remote host for storing log file | {folder e.g. `/root/downloads/backup`}
PUSHOVER_API_POST_URL | Pushover post API url | `https://api.pushover.net/1/messages.json`
PUSHOVER_APPLICATION_TOKEN | Pushover application token | {your-application-token}
PUSHOVER_USER_TOKEN | Pushover user token | {your-user-token}
PUSHOVER_PRIORITY | Pushover priority | `-2` no notification/alert, `-1` send as a quiet notification, `1` high-priority and bypass the user's quiet hours
PUSHOVER_DEVICE | Pushover device, multiple devices may be separated by a comma | {your-device}
### Dependencies
This script depends on the following packages:
- curl
- unzip
### Good to know
- Be careful with variable `RESTORE_DIR_ROOT`, this folder and all its contents including subfolders will be deleted during restore actions!
- Generate a ssh key (`ssh-keygen`) on the destination host and copy it (`~/.ssh/id_rsa_pub`) to the SharkJack (`~/.ssh/authorized/keys`) in order to bypass password for exfiltration to external host using `scp`!
### Status LED's
Color/Pattern | Meaning
------------- | ---
Setting up | Magenta solid [LED SETUP]
Restoring | Yellow single blink [LED ATTACK]
Finishing up | Yellow double blink [LED STAGE2]
Finished | Green very fast blinking followed by solid [LED FINISH]
## Discussion
---
[Hak5 Forum Thread to be added]()

View File

@ -0,0 +1,213 @@
#!/bin/bash
#
# Title: restore.sh
# Description: Restore backed-up date and install packages on SharkJack
# Execute with: bash ./restore.sh /path/to/backup.zip (e.g. "bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip")
# Copy the backup file to the Shark Jack's /tmp directory via SCP (e.g. "scp 1-20200101-SharkJack-backup.zip root@172.16.24.1:/tmp/")
# Author: Robert Coemans
# Version: 1.0 (20-08-2020)
# Category: Util
#
# Dependencies: this payload requires you to have the following packages already installed and configured via 'opkg install' (do 'opkg update' first):
# - curl = E.g. to grab external IP address and to post notifications
# - unzip
#
# LED indications (https://docs.hak5.org/hc/en-us/articles/360010554653-LED)
# - Setting up = Magenta solid [LED SETUP]
# - Restoring = Yellow single blink [LED ATTACK]
# - Finishing up = Yellow double blink [LED STAGE2]
# - Finished = Green very fast blinking followed by solid [LED FINISH]
# ****************************************************************************************************
# Configuration
# ****************************************************************************************************
# Setup toggles
NOTIFY_PUSHOVER=true
START_CLOUD_C2_CLIENT=false
# Restore toggles
INSTALL_PACKAGES=false
RESTORE_ONLY_NEWER_FILES=false # If set to false all files from backup will be restored even older files!
# Finish toggles
EXFIL_TO_CLOUD_C2=true
EXFIL_TO_SCP=false
# Setup variables
RESTORE_DIR_ROOT="/root/restore" # Be careful, this folder and all its contents including subfolders will be deleted!
TODAY=$(date +%Y%m%d)
START_TIME=$(date)
BATTERY_STATUS=$(BATTERY)
CLOUD_C2_PROVISION="/etc/device.config"
# Restore variables
OPKG_PACKAGES_TO_INSTALL=( "unzip" "zip" "nano" "curl" "lldpd" "bind-dig" "bind-host" "libustream-openssl" )
RESTORE_DESTINATION_USER="{username}" # Generate a ssh key (ssh-keygen) on the destination host and copy it (~/.ssh/id_rsa_pub) to the SharkJack (~/.ssh/authorized/keys) in order to bypass password!
RESTORE_DESTINATION_HOST="192.168.10.1"
RESTORE_DESTINATION_DIR_ROOT="/some/destination/folder/for/log_file"
# Exfiltrate and notification variables
PUSHOVER_API_POST_URL="https://api.pushover.net/1/messages.json"
PUSHOVER_APPLICATION_TOKEN="{your-application-token}"
PUSHOVER_USER_TOKEN="{your-user-token}"
PUSHOVER_PRIORITY="1" # send as -2 to generate no notification/alert, -1 to always send as a quiet notification or 1 to display as high-priority and bypass the user's quiet hours!
PUSHOVER_DEVICE="{your-device}" # Multiple devices may be separated by a comma!
# ****************************************************************************************************
# Setup functions
# ****************************************************************************************************
function CHECK_INPUT_PARAM() {
if [ "$1" == "" ]; then
echo "Please specify the backup.zip file to be restored (e.g. "bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip")."
exit
elif [ ! -f "$1" ]; then
echo "$1 is not an existing file, please specify a backup.zip file to be restored (e.g. "bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip")."
exit
elif [ "${1##*.}" == "zip" ]; then
BACKUP_FILENAME=$(basename $1)
BACKUP_FILENAME=${BACKUP_FILENAME%.*}
else
echo "$1 is not an zip file, please specify a backup.zip file to be restored (e.g. "bash ./restore.sh /tmp/1-20200101-SharkJack-backup.zip")."
exit
fi
return
}
function CREATE_RESTORE_FOLDER() {
if [ -d "$RESTORE_DIR_ROOT" ]; then
rm -r "$RESTORE_DIR_ROOT"
fi
mkdir -p "$RESTORE_DIR_ROOT" > /dev/null
RESTORE_DIR="$RESTORE_DIR_ROOT/$BACKUP_FILENAME"
mkdir -p "$RESTORE_DIR" > /dev/null
return
}
function INITIALIZE_LOG_FILE() {
LOG_FILE=$RESTORE_DIR_ROOT/$BACKUP_FILENAME-restore.log
touch $LOG_FILE
echo "****************************************************************************************************" >> $LOG_FILE
echo "Restore executed at: $START_TIME" >> $LOG_FILE
echo "SharkJack battery status: $BATTERY_STATUS" >> $LOG_FILE
echo "****************************************************************************************************" >> $LOG_FILE
echo >> $LOG_FILE
echo "Free diskspace before actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
echo "Restore directory has been created: $RESTORE_DIR" >> $LOG_FILE
return
}
function RESTORE_STARTED_NOTIFICATION() {
if [ "$NOTIFY_PUSHOVER" = "true" ]; then
curl -s --form-string token="$PUSHOVER_APPLICATION_TOKEN" --form-string user="$PUSHOVER_USER_TOKEN" --form-string priority="$PUSHOVER_PRIORITY" --form-string device="$PUSHOVER_DEVICE" --form-string title="SharkJack restore started on date: $(date '+%d-%m-%Y'), time: $(date '+%H:%M') $(date '+%Z %z')" --form-string message="Restore identifier: $BACKUP_FILENAME" $PUSHOVER_API_POST_URL > /dev/null && echo "Restore started notification has been sent to Pushover" >> $LOG_FILE || echo "Restore started notification has NOT been sent to Pushover as something went wrong" >> $LOG_FILE
fi
return
}
function START_CLOUD_C2_CLIENT() {
if [ "$START_CLOUD_C2_CLIENT" = "true" ]; then
if [[ -f "$CLOUD_C2_PROVISION" ]]; then
C2CONNECT
while ! pgrep cc-client; do sleep 1; done
echo "Connected to Cloud C2" >> $LOG_FILE
else
echo "Cloud C2 client configuration file ($CLOUD_C2_PROVISION) does not exists" >> $LOG_FILE
fi
fi
return
}
# ****************************************************************************************************
# Restore functions
# ****************************************************************************************************
function INSTALL_PACKAGES() {
if [ "$INSTALL_PACKAGES" = "true" ]; then
echo "INSTALL_PACKAGES function to be implemented!"
# Wait until Shark Jack has an IP address
while [ -z "$IPADDR" ]; do sleep 1 && IPADDR=$(ifconfig eth0 | grep "inet addr"); done
#opkg update >> $LOG_FILE 2>&1 && echo "opkg (open package management) has been updated succesfully" >> $LOG_FILE || echo "opkg (open package management) has not been (fully) updated" >> $LOG_FILE
opkg update && echo "opkg (open package management) has been updated succesfully" >> $LOG_FILE || echo "opkg (open package management) has not been (fully) updated" >> $LOG_FILE
for OPKG_PACKAGE_TO_INSTALL in ${OPKG_PACKAGES_TO_INSTALL[@]}; do
#opkg install $OPKG_PACKAGE_TO_INSTALL >> $LOG_FILE 2>&1 && echo "Package $OPKG_PACKAGE_TO_INSTALL has been installed succesfully" >> $LOG_FILE || echo "Package $OPKG_PACKAGE_TO_INSTALL has not been installed" >> $LOG_FILE
opkg install $OPKG_PACKAGE_TO_INSTALL && echo "Package $OPKG_PACKAGE_TO_INSTALL has been installed succesfully" >> $LOG_FILE || echo "Package $OPKG_PACKAGE_TO_INSTALL has not been installed" >> $LOG_FILE
done
fi
return
}
function RESTORE_DATA() {
unzip $1 -d $RESTORE_DIR && echo "Backup file $1 has been extracted" >> $LOG_FILE || echo "Backup file $1 has NOT been extracted" >> $LOG_FILE
if [ "$RESTORE_ONLY_NEWER_FILES" = "true" ]; then
cp -ru $RESTORE_DIR/* / && echo "Files from backup $BACKUP_FILENAME has been restored while skipping existing newer files" >> $LOG_FILE || echo "Something went wrong, no files have been restored" >> $LOG_FILE
else
cp -r "$RESTORE_DIR/*" "/" && echo "Files from backup $BACKUP_FILENAME has been restored while overwriting existing files" >> $LOG_FILE || echo "Something went wrong, no files have been restored" >> $LOG_FILE
fi
rm -r "$RESTORE_DIR" && echo "Extraction folder $RESTORE_DIR has been cleaned up" >> $LOG_FILE || echo "Extraction folder $RESTORE_DIR has NOT been cleaned up" >> $LOG_FILE
}
# ****************************************************************************************************
# Finish functions
# ****************************************************************************************************
function EXFIL_TO_CLOUD_C2() {
if [ "$EXFIL_TO_CLOUD_C2" = "true" ]; then
if [[ $(pgrep cc-client) ]]; then
LOG_FILE_DESC="$BACKUP_FILENAME-restore-log"
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
else
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
fi
fi
return
}
function EXFIL_TO_SCP() {
if [ "$EXFIL_TO_SCP" = "true" ]; then
scp "$LOG_FILE" "$RESTORE_DESTINATION_USER@$RESTORE_DESTINATION_HOST:$RESTORE_DESTINATION_DIR_ROOT" && echo "Exfiltration of $LOG_FILE to $BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/ has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to $BACKUP_DESTINATION_HOST:$BACKUP_DESTINATION_DIR_ROOT/ has failed" >> $LOG_FILE
fi
return
}
function RESTORE_COMPLETED_NOTIFICATION() {
if [ "$NOTIFY_PUSHOVER" = "true" ]; then
curl -s --form-string token="$PUSHOVER_APPLICATION_TOKEN" --form-string user="$PUSHOVER_USER_TOKEN" --form-string priority="$PUSHOVER_PRIORITY" --form-string device="$PUSHOVER_DEVICE" --form-string title="SharkJack restore completed message" --form-string message="Restore identifier: $BACKUP_FILENAME, Complete restore took $SECONDS seconds" $PUSHOVER_API_POST_URL > /dev/null && echo "Restore completed notification has been sent to Pushover" >> $LOG_FILE || echo "Restore completed notification has NOT been sent to Pushover as something went wrong" >> $LOG_FILE
fi
return
}
# ****************************************************************************************************
# Execute payload
# ****************************************************************************************************
# Setup
LED SETUP
CHECK_INPUT_PARAM $1 # Checks whether given paramerter is an existing zip file
CREATE_RESTORE_FOLDER # Checks whether restore folder exists and creates or empties if required
INITIALIZE_LOG_FILE # Initialize the log file
RESTORE_STARTED_NOTIFICATION
START_CLOUD_C2_CLIENT
# Restore
LED ATTACK
INSTALL_PACKAGES
RESTORE_DATA $1
# Finish
LED STAGE2
echo "Free diskspace after actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
echo "Restore script took $SECONDS seconds" >> $LOG_FILE
EXFIL_TO_CLOUD_C2
EXFIL_TO_SCP
RESTORE_COMPLETED_NOTIFICATION
sync # Sync filesystem in order to prevent data loss
# ****************************************************************************************************
# Prevent logging after this line!
# ****************************************************************************************************
LED FINISH
echo
cat $LOG_FILE