Topknot Posted November 3, 2019 Posted November 3, 2019 This is a based on MonsieurMarc's Sample Nmap Payload with Patebin exfiltration script, which was based on the original HAK5 sample payload. This payload: Performs an nmap ping scan of the local subnet and logs it to a text file Pulls LLDP neighbor and switch information and logs it to a text file Performs an IFconfig and ip addr show and logs it to a text file Performs a traceroute to 8.8.8.8 and logs it to a text file Performs a public IP address lookup via curl and icanhazip.com and logs it to a text file Sends all of the created text files via email to the address set with MAIL_RCPT This payload requires you to have curl, lldpd, and msmtp mutt already installed and configured via opkg https://github.com/Topknot-AR/Network-Recon-with-email-exfil/blob/master/payload.sh
Darren Kitchen Posted November 3, 2019 Posted November 3, 2019 Awesome! Would like to host this on the Hak5 repo if you'd like to submit a pull request 🙂
Topknot Posted November 4, 2019 Author Posted November 4, 2019 19 hours ago, Darren Kitchen said: Awesome! Would like to host this on the Hak5 repo if you'd like to submit a pull request 🙂 Just attempted to submit it. This is my first time using github so I might have done it wrong. Let me know if anything needs to be done differently. Thanks! Happy to have it hosted on the Hak5 Repo!!
Darren Kitchen Posted November 4, 2019 Posted November 4, 2019 Thanks! PR accepted 🙂 I will note that this payload overwrites the nameserver in the /etc/resolv.conf file to 1.1.1.1. If I were to recommend any change - it would be to make that configurable in the variables at the top of the payload. Otherwise, fantastic work - and I'll see if we can't get some of those dependencies baked into the next official release so it's even easier to use out of the box.
rdub Posted November 4, 2019 Posted November 4, 2019 This is a million times better that the crap I put together for lldp info, thanks!
DinkDink Posted November 12, 2019 Posted November 12, 2019 This is great! I’ve been working on something like this since I saw the SharkJack a month or two ago. Amazing work!
chill-dwsec Posted December 5, 2019 Posted December 5, 2019 Make sure to download latest from HAK5 repository, as it has a change to make it work w/firmware 1.1.0.
monsieurmarc Posted May 27, 2020 Posted May 27, 2020 Looks good. It's nice that my script which was based on the sample payload has been taken and itself evolved in something else :)
Recommended Posts
Archived
This topic is now archived and is closed to further replies.