hak5
/
sharkjack-payloads
mirror of https://github.com/hak5/sharkjack-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated payload for SJC

pull/43/head
Darren Kitchen 2021-08-24 08:43:21 -05:00 committed by GitHub
parent 1302d2cda7
commit e768c62a84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
payloads/library/recon/Sample-Nmap-Payload/payload.sh
View File

@ -2,10 +2,10 @@
# #
# Title: Sample Nmap Payload for Shark Jack # Title: Sample Nmap Payload for Shark Jack
# Author: Hak5 # Author: Hak5
# Version: 1.1 # Version: 1.2
# #
# Scans target subnet with Nmap using specified options. Saves each scan result # Scans target subnet with Nmap using specified options. Saves each scan result
# to loot storage folder. # to loot storage folder. Includes SERIAL_WRITE commands for Shark Jack Cable.
# #
# LED SETUP ... Obtaining IP address from DHCP # LED SETUP ... Obtaining IP address from DHCP
# LED ATTACK ... Scanning # LED ATTACK ... Scanning
@ -14,20 +14,29 @@
# See nmap --help for options. Default "-sP" ping scans the address space for # See nmap --help for options. Default "-sP" ping scans the address space for
# fast host discovery. # fast host discovery.
echo "started payload" > /tmp/payload-debug.log
NMAP_OPTIONS="-sP --host-timeout 30s --max-retries 3" NMAP_OPTIONS="-sP --host-timeout 30s --max-retries 3"
LOOT_DIR=/root/loot/nmap LOOT_DIR=/root/loot/nmap
# Setup loot directory, DHCP client, and determine subnet # Setup loot directory, DHCP client, and determine subnet
LED SETUP SERIAL_WRITE [*] Setting up payload
mkdir -p $LOOT_DIR LED SETUP
mkdir -p $LOOT_DIR
COUNT=$(($(ls -l $LOOT_DIR/*.txt | wc -l)+1)) COUNT=$(($(ls -l $LOOT_DIR/*.txt | wc -l)+1))
NETMODE DHCP_CLIENT NETMODE DHCP_CLIENT
while [ -z "$SUBNET" ]; do SERIAL_WRITE [*] Waiting for IP from DHCP
while [ -z "$SUBNET" ]; do
sleep 1 && SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//') sleep 1 && SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//')
done done
echo "Recieved IP address from DHCP" >> /tmp/payload-debug.log
# Scan network
LED ATTACK
# Scan network
LED ATTACK
SERIAL_WRITE [*] Starting nmap scan...
nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$COUNT.txt nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$COUNT.txt
LED FINISH echo "scanned network" >> /tmp/payload-debug.log
sleep 2 && halt LED FINISH
SERIAL_WRITE [*] Payload complete!
sleep 2 && sync