Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DO NOT MERGE Do the thing DO NOT MERGE #8

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 32 additions & 0 deletions root/payload/extensions/HAK5_HELPERS.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
#!/bin/bash
#
# HAK5_HELPERS by @Zero_ChaosX
# Built in helper functions and variables to aid writing payloads

export LOOT_DIR=/root/loot/

function find_subnet() {
#USAGE: find_subnet
#Result: defines SUBNET environment variable, if an IP address has been assigned
#Notes: this function only finds ipv4 subnets but is safe in the presence of ipv6
# removing the tail -n1 would make this a newline seperated list of assigned ip addresses
SUBNET=$(ip -4 addr show eth0 | awk '/inet\s/ {print $2}' | sed 's/\.[0-9]*\//\.0\//' | tail -n1)
export SUBNET
}
export -f find_subnet

#function wait_for_link()
#USAGE: wait_for_link
#Result: execution pauses until link connected state is detected
#Notes: defined in /usr/bin/execute_payload

function wait_for_no_link() {
#USAGE: wait_for_no_link
#Result: execution pauses until link disconnected state is detected
LED LINKSETUP
until swconfig dev switch0 port 0 get link | grep -q 'link:down'; do
sleep 1
done
LED SETUP
}
export -f wait_for_no_link
51 changes: 20 additions & 31 deletions root/payload/payload.sh
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
#!/bin/bash
#
# Title: Sample Nmap Payload for Shark Jack
# Author: Hak5
# Version: 1.0
# Title: Demo Advanced Payload for Shark Jack
# Author: Zero_Chaos
# Version: 2.0
#
# Scans target subnet with Nmap using specified options. Saves each scan result
# to loot storage folder.
Expand All @@ -11,24 +11,18 @@
# Amber..........Scanning
# Green..........Finished
#
# See nmap --help for options. Default "-sP" ping scans the address space for
# fast host discovery.

NMAP_OPTIONS="-sP --host-timeout 30s --max-retries 3"
LOOT_DIR=/root/loot/nmap
SCAN_DIR=/etc/shark/nmap
# See nmap --help for options. Default "-sS" syn scans the address space
# with heavy timeouts for fast host discovery.

NMAP_OPTIONS="-sS --host-timeout 30s --max-retries 3"

function finish() {
LED CLEANUP
# Kill Nmap
wait $1
kill $1 &> /dev/null
wait "${1}"

# Sync filesystem
echo $SCAN_M > $SCAN_FILE
echo "${SCAN_M}" > "${SCAN_FILE}"
sync
sleep 1

LED FINISH
sleep 1
Expand All @@ -39,44 +33,39 @@ function finish() {

function setup() {
LED SETUP
# Create loot directory
mkdir -p $LOOT_DIR &> /dev/null

SCAN_DIR=/etc/shark/nmap
# Create tmp scan directory
mkdir -p $SCAN_DIR &> /dev/null
mkdir -p "${SCAN_DIR}" &> /dev/null

# Create tmp scan file if it doesn't exist
SCAN_FILE=$SCAN_DIR/scan-count
if [ ! -f $SCAN_FILE ]; then
touch $SCAN_FILE && echo 0 > $SCAN_FILE
SCAN_FILE="${SCAN_DIR}/scan-count"
if [ ! -f "${SCAN_FILE}" ]; then
touch "${SCAN_FILE}" && echo 0 > "${SCAN_FILE}"
fi

# Find IP address and subnet
NETMODE DHCP_CLIENT
while [ -z "$SUBNET" ]; do
while [ -z "${SUBNET}" ]; do
sleep 1 && find_subnet
done
}

function find_subnet() {
SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//')
}

function run() {
# Run setup
setup

SCAN_N=$(cat $SCAN_FILE)
SCAN_M=$(( $SCAN_N + 1 ))
SCAN_N=$(cat ${SCAN_FILE})
SCAN_M=$(( SCAN_N + 1 ))

LED ATTACK
# Start scan
nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$SCAN_M.txt &>/dev/null &
nmap ${NMAP_OPTIONS} "${SUBNET}" -oN "${LOOT_DIR}/nmap-scan_${SCAN_M}.txt" &>/dev/null &
tpid=$!

finish $tpid
finish "${tpid}"
}


# Run payload
run &
# Run payload with a 5 minute timeout
timeout -t 300 run &
14 changes: 5 additions & 9 deletions usr/bin/execute_payload
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,9 @@ wait_for_link() {
done
LED LINKSETUP
}
wait_for_no_link() {
LED LINKSETUP
until swconfig dev switch0 port 0 get link | grep -q 'link:down'; do
sleep 1
done
LED SETUP
}

payload_path="/root/payload"
payload=$(find "${payload_path}"/payload* 2>/dev/null | tail -n1)

extension_path="/root/payload/extensions/"
if [ -d "${extension_path}" ] && [ -n "$(ls -A ${extension_path})" ]; then
for extension in "${extension_path}"*; do
Expand All @@ -39,7 +31,11 @@ wait_for_link
$LOG "Running requested PAYLOAD"
case $(basename "${payload}") in
"payload.py")
python "${payload}" > /dev/null 2>&1
if [ -x "$(command -v python)" ]; then
python "${payload}" > /dev/null 2>&1
else
$LOG "Python payload requested but python is not installed"
fi
;;
"payload" | "payload.sh" | "payload.txt")
sed -i 's/\r//g' "${payload}"
Expand Down
4 changes: 3 additions & 1 deletion usr/bin/shark_framework
Original file line number Diff line number Diff line change
Expand Up @@ -141,11 +141,13 @@ enter_attack_mode() {
ip link set eth0 down
macchanger -r eth0
configure_network
#nothing starts this, but ensure it only runs with
#nothing starts this, but ensure it only runs when requested
pkill -9 udhcpc
stop_http
stop_ssh

LOOT_DIR=/root/loot
mkdir -p "${LOOT_DIR}"
echo "execute_payload" | at now

enter_idle_mode
Expand Down