[PAYLOAD] GIve-Me-My-iP (GIMMP)

InfoSecREDD · January 3, 2020

GIve-Me-My-iP (GIMMP)

This payload is used to force the SharkJack on to Static LAN's. Main Scenario - DHCP is disabled or not present on the LAN, only Static IP Devices. The Payload uses ARP-Scan to scan a Array of Subnets to determine if ANY devices are on those subnets. - If so connect to the last known network with devices and set the IP of the SharkJack to the Subnet and Last Digits you assign in the payload.

Enjoy.

NOTE: This payload requires the Router/LAN to have ARP Scanning enabled. Some Routers/LAN's do not have this feature enabled.

The Code:

#!/bin/bash
#
# Title:        GIve-Me-My-iP! (GIMMP)
# Author:       REDD of Private-Locker
# Version:      1.0
#
# Description:	This payload will determine if DHCP is enabled
# on the LAN. - If not, it will scan a List of Common Network
# Subnets for any Static IP Devices using ARP-scan. Once a valid
# IP is found. It will set the SharkJack to the subnet of the last
# detected Network in the log file with the ending IP digits.
#
# LED SETUP (Magenta)     - Setting up Variables and enviroment
# LED Yellow thru Magenta - Waiting to be plugged in
# LED Cyan thru Magenta   - Scanning Subnets for Static IP Devices
# LED Green Blinking      - DHCP found
# LED Green SOLID         - IP Address found and set to SharkJack
# LED Red SOLID           - Payload failed, No IP addresses detected
# LED FINISH (Green)      - Payload completed
#


# Ending IP digits of the SharkJack.
SET_IP="250"

# Source IP that the ARP-Scan will come from.
FAKE_SRC="192.168.133.7"

# Packet Rate for ARP-Scan.
BANDWIDTH="100000"

# Temp log file for output of script.
TMP_LOG="temp.log"


# Determine if SharkJack gets IP.
while ! ifconfig eth0; do LED M SOLID;sleep .8;LED Y SOLID;sleep .2; done
NETMODE DHCP_CLIENT;
LED M SOLID;
sleep 5;
IP="$(ip route list dev eth0 | awk ' /^default/ {print $3}')"

# Verify variable to compare SharkJack IP.
VERIFY="^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$"

function cleanup() {
	if [ -f "$TMP_LOG" ]; then
        rm -rf $TMP_LOG;
	fi
}
function scan_networks() {
        NETWORKS=(	'192.168.0.0/24'
                    '192.168.1.0/24'
                    '192.168.2.0/24'
                    '192.168.10.0/24'
                    '192.168.100.0/24'
                    '172.16.0.0/24'
                    '172.16.1.0/24'
                    '172.16.2.0/24'
                    '172.16.10.0/24'
                    '172.16.24.0/24'
                    '10.0.0.0/24'
                    '10.0.1.0/24'
                    '10.0.2.0/24'
                    '10.0.10.0/24'
                    '10.10.0.0/24'
                    '10.10.1.0/24'
                    '10.10.2.0/24'
                    '10.10.10.0/24'
                    '10.100.0.0/24'
                    '10.100.1.0/24'
                    '10.100.2.0/24'
                    '10.100.10.0/24'
                )
        for i in "${NETWORKS[@]}"; do
                LED M SOLID;
                arp-scan --arpspa $FAKE_SRC -g -B $BANDWIDTH -I eth0 ${i} >> $TMP_LOG
				LED Y SOLID; sleep .2;
        done
		LED M FAST;
        LAST_IP=$(grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" $TMP_LOG | tail -1 | cut -d"." -f1-3)
        if [ "$LAST_IP" != "" ]; then
				SHARKJACK_IP="${LASTIP}.${SET_IP}"
                ifconfig eth0 ${SHARKJACK_IP}/24 up
				CURRENT_SUBNET="${LAST_IP}"
				CURRENT_GW=$(ip route list dev eth0 | awk ' /^default/ {print $3}')
				LED G SOLID;
        else
			# If no LAN detected, exit.
			LED R SOLID;
			exit 1;
		fi
}

# Start the script. If Valid IP, continue script. - If not lets scan some networks!
if [ -f "$TMP_LOG" ]; then
        rm -rf $TMP_LOG;
else
        touch $TMP_LOG;
fi
if [[ "$IP" =~ $VERIFY ]]; then
        # Gateway found. Continuing script.
		LED G FAST; sleep 1;
elif [ -z "$IP" ]; then
        # No Gateway found (Blank Gateway Variable)
        NETMODE TRANSPARENT;
        scan_networks;
elif [ "$IP" == "172.16.24.1" ]; then
		# Added to detect if the SharkJack remains on the current Arming Mode IP.
        NETMODE TRANSPARENT;
        scan_networks;
else
		# Exiting with exit code 1.
		LED R SOLID;
        exit 1;
fi

# Final Cleanup.
cleanup;

# Run your SCAN's here.. OR ... if you have Internet Tester Payload backed up in SharkLib
LED FINISH
SHARKLIB="/root/payload/sharklib"
PAYLOAD="${SHARKLIB}/'Internet Tester'/payload.sh"
if [ -d "$SHARKLIB" ]; then
	source $PAYLOAD;
fi

Changelog:

1.1 - Initial Release

SKiZZ · February 16, 2020

Does this require the script Internet Access Tester be called Internet Tester? I named mine IAT.

InfoSecREDD · February 17, 2020

6 hours ago, SKiZZ said:

Does this require the script Internet Access Tester be called Internet Tester? I named mine IAT.

Yeah, you can change it whatever you feel like. This was a more of a proof of concept to use ARP to find the correct subnet.

Sign In

[PAYLOAD] GIve-Me-My-iP (GIMMP)

Recommended Posts

InfoSecREDD

Link to comment

Share on other sites

SKiZZ

Link to comment

Share on other sites

InfoSecREDD

Link to comment

Share on other sites

Archived

Recently Browsing 0 members

Browse

Activity