InfoSecREDD Posted January 3, 2020 Share Posted January 3, 2020 (edited) GIve-Me-My-iP (GIMMP) This payload is used to force the SharkJack on to Static LAN's. Main Scenario - DHCP is disabled or not present on the LAN, only Static IP Devices. The Payload uses ARP-Scan to scan a Array of Subnets to determine if ANY devices are on those subnets. - If so connect to the last known network with devices and set the IP of the SharkJack to the Subnet and Last Digits you assign in the payload. Enjoy. NOTE: This payload requires the Router/LAN to have ARP Scanning enabled. Some Routers/LAN's do not have this feature enabled.The Code: #!/bin/bash # # Title: GIve-Me-My-iP! (GIMMP) # Author: REDD of Private-Locker # Version: 1.0 # # Description: This payload will determine if DHCP is enabled # on the LAN. - If not, it will scan a List of Common Network # Subnets for any Static IP Devices using ARP-scan. Once a valid # IP is found. It will set the SharkJack to the subnet of the last # detected Network in the log file with the ending IP digits. # # LED SETUP (Magenta) - Setting up Variables and enviroment # LED Yellow thru Magenta - Waiting to be plugged in # LED Cyan thru Magenta - Scanning Subnets for Static IP Devices # LED Green Blinking - DHCP found # LED Green SOLID - IP Address found and set to SharkJack # LED Red SOLID - Payload failed, No IP addresses detected # LED FINISH (Green) - Payload completed # # Ending IP digits of the SharkJack. SET_IP="250" # Source IP that the ARP-Scan will come from. FAKE_SRC="192.168.133.7" # Packet Rate for ARP-Scan. BANDWIDTH="100000" # Temp log file for output of script. TMP_LOG="temp.log" # Determine if SharkJack gets IP. while ! ifconfig eth0; do LED M SOLID;sleep .8;LED Y SOLID;sleep .2; done NETMODE DHCP_CLIENT; LED M SOLID; sleep 5; IP="$(ip route list dev eth0 | awk ' /^default/ {print $3}')" # Verify variable to compare SharkJack IP. VERIFY="^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$" function cleanup() { if [ -f "$TMP_LOG" ]; then rm -rf $TMP_LOG; fi } function scan_networks() { NETWORKS=( '192.168.0.0/24' '192.168.1.0/24' '192.168.2.0/24' '192.168.10.0/24' '192.168.100.0/24' '172.16.0.0/24' '172.16.1.0/24' '172.16.2.0/24' '172.16.10.0/24' '172.16.24.0/24' '10.0.0.0/24' '10.0.1.0/24' '10.0.2.0/24' '10.0.10.0/24' '10.10.0.0/24' '10.10.1.0/24' '10.10.2.0/24' '10.10.10.0/24' '10.100.0.0/24' '10.100.1.0/24' '10.100.2.0/24' '10.100.10.0/24' ) for i in "${NETWORKS[@]}"; do LED M SOLID; arp-scan --arpspa $FAKE_SRC -g -B $BANDWIDTH -I eth0 ${i} >> $TMP_LOG LED Y SOLID; sleep .2; done LED M FAST; LAST_IP=$(grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" $TMP_LOG | tail -1 | cut -d"." -f1-3) if [ "$LAST_IP" != "" ]; then SHARKJACK_IP="${LASTIP}.${SET_IP}" ifconfig eth0 ${SHARKJACK_IP}/24 up CURRENT_SUBNET="${LAST_IP}" CURRENT_GW=$(ip route list dev eth0 | awk ' /^default/ {print $3}') LED G SOLID; else # If no LAN detected, exit. LED R SOLID; exit 1; fi } # Start the script. If Valid IP, continue script. - If not lets scan some networks! if [ -f "$TMP_LOG" ]; then rm -rf $TMP_LOG; else touch $TMP_LOG; fi if [[ "$IP" =~ $VERIFY ]]; then # Gateway found. Continuing script. LED G FAST; sleep 1; elif [ -z "$IP" ]; then # No Gateway found (Blank Gateway Variable) NETMODE TRANSPARENT; scan_networks; elif [ "$IP" == "172.16.24.1" ]; then # Added to detect if the SharkJack remains on the current Arming Mode IP. NETMODE TRANSPARENT; scan_networks; else # Exiting with exit code 1. LED R SOLID; exit 1; fi # Final Cleanup. cleanup; # Run your SCAN's here.. OR ... if you have Internet Tester Payload backed up in SharkLib LED FINISH SHARKLIB="/root/payload/sharklib" PAYLOAD="${SHARKLIB}/'Internet Tester'/payload.sh" if [ -d "$SHARKLIB" ]; then source $PAYLOAD; fi Changelog: 1.1 - Initial Release Edited January 3, 2020 by REDD 1 Quote Link to comment Share on other sites More sharing options...
SKiZZ Posted February 16, 2020 Share Posted February 16, 2020 Does this require the script Internet Access Tester be called Internet Tester? I named mine IAT. Quote Link to comment Share on other sites More sharing options...
InfoSecREDD Posted February 17, 2020 Author Share Posted February 17, 2020 6 hours ago, SKiZZ said: Does this require the script Internet Access Tester be called Internet Tester? I named mine IAT. Yeah, you can change it whatever you feel like. This was a more of a proof of concept to use ARP to find the correct subnet. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.