From 4d3431c2e4d681e2e92633796dbec683ccbbebda Mon Sep 17 00:00:00 2001
From: BuffBaby253 <153693228+BuffBaby253@users.noreply.github.com>
Date: Thu, 11 Jan 2024 21:27:04 -0800
Subject: [PATCH] Add files via upload

---
 .../library/Wireshark PCAP Capture/payload.sh | 41 +++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 payloads/library/Wireshark PCAP Capture/payload.sh

diff --git a/payloads/library/Wireshark PCAP Capture/payload.sh b/payloads/library/Wireshark PCAP Capture/payload.sh
new file mode 100644
index 0000000..7c0c1a0
--- /dev/null
+++ b/payloads/library/Wireshark PCAP Capture/payload.sh	
@@ -0,0 +1,41 @@
+#!/bin/bash
+#
+# Title: Wireshark PCAP Capture & Examine
+# Author: BuffBaby253
+# 
+# uses tcpdump to capture network traffic for 1 minute and saves pcaps
+# into loot storage folder for further analysis in Wireshark
+#
+# LED SETUP   making loot directory and waiting for an ip address from DHCP
+# LED ATTACK   capturing packets
+# LED FINISH   the Shark Jack is finished and you can now download saved pcaps to open in Wireshark
+
+LOOT_DIR=/root/loot/pcaps
+INTERFACE="eth0"
+
+# preparing for capture
+
+LED SETUP 
+
+# setting up loot directory
+mkdir -p $LOOT_DIR
+COUNT=$(($(ls -l $LOOT_DIR/*.txt | wc -l)+1))
+
+# waiting for ip address
+
+NETMODE DHCP_CLIENT
+while [ -z "$IPADDR" ]; do sleep 1 && IPADDR=$(ifconfig eth0 | grep "inet addr"); done
+
+LED ATTACK
+
+# using tcpdump to capture network traffic and save to loot directory
+tcpdump -i $INTERFACE -w $LOOT_DIR/net-traffic_$COUNT.txt &
+
+# sleep command will let it run for 1 minute
+sleep 60
+
+# end capture
+killall tcpdump
+
+# the work is done and you can unplug
+LED FINISH
\ No newline at end of file