bashbunny-payloads
bashbunny-payloads copied to clipboard
hak5
Updates to get.sh extension
When using an ATTACKMODE for Ethernet, the typical approach is to sleep for a few seconds and see if an IP was obtained (TARGET_IP, TARGET_HOSTNAME, HOST_IP). However, using sleep results in possibly not waiting long enough or waiting too long.
This update adds a loop to these three variables to wait up to an optionally provided timeout. So giving the command:
GET TARGET_IP 60
will wait up to 60 seconds for an IP, but returning sooner if one is obtained. If no IP is received within the timeout, TARGET_IP is left empty. Likewise, if no timeout is provided in the first place,
GET TARGET_IP
no looping is performed. As such, existing payloads using GET are unaffected.
Additionally, I couldn't understand why sort | uniq and sort | uniq | tail -n1 were used as they indicated different ideas. sort | uniq for TARGET_IP didn't use tail meaning a single line was presumed. But this same thinking was not used for TARGET_HOST which applied tail -n1. Furthermore, the sort|uniq|tail -n1 for TARGET_HOST didn't necessarily use the most current lease's hostname.
So, assuming the most current lease is the lease we want the information from and the most current lease is last in the file (my tests supported this assumption), we can use tac instead of cat to simply match the first hostname and/or lease text. This allowed the use of the -m1 switch for grep (only return the first match) resulting in a single line and from the current lease. This also allowed removed the need for sort, uniq, and tail.
Finally, I combined two of the seds on TARGET_HOSTNAME which filter the double quote and semicolons.
Sorry for the wordiness of this request; I'm somewhat new to GitHub still.
-- comments on commit --
- Added timeout to TARGET_IP, TARGET_HOST, and HOST_IP to better support time delays w/DHCP
- Small simplifications to obtain TARGET_IP and TARGET_HOST ('tac' for 'cat', removed 'sort', 'uniq', and 'tail' (due to use of 'tac'), and combination of two 'sed's. NOTE: Assumes most current dhcp lease is at end of dhcpd.leases file...tests support this.
