IDK MAN I HATE THIS SO MUCH

2023-04-14 04:37:55 +02:00 · 2023-04-14 04:37:55 +02:00 · 25087060df
parent 4026797940
commit 25087060df
2 changed files with 37 additions and 16 deletions
--- a/blueteam/auto.sh
+++ b/blueteam/auto.sh
@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+
+curl -L https://hackhpi.kyudev.xyz/api/red -X POST -H "Content-Type: application/json" -d "{\"data\": \"Start of post-exploitation\", \"timestamp\": \"$(date +%s)\"}"
+curl -L https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"\", \"timestamp\": \"$(date +%s)\"}"
--- a/blueteam_observability/mon.sh
+++ b/blueteam_observability/mon.sh
@ -1,23 +1,24 @@
 #!/usr/bin/env bash

 BUFFER=buf.txt
-STDOUT=0
+first=0

 # Requires sudo, strace and GNU grep

-get-char () {
-  cat /dev/stdin  |
-  grep            \
-  --line-buffered \
-  -o '".*[^"]"'   |
+trimxxd () {
+  cat /dev/stdin |
+  sed -e 's/\(0a\|0d\)*$//g' -e 's/^\(0a\|0d\)*//g' -e 's/2020$/20/g'
+}

-  grep            \
-  --line-buffered \
-  -o '[^"]*[^"]'  |
+get-between () {
+  cat /dev/stdin             |
+  grep                       \
+  --line-buffered            \
+  -o '".*[^"]"'              |

-while IFS="" read -r char; do
-  printf '%b' "$char"
-done
+  grep                       \
+  --line-buffered            \
+  -o '[^"]*[^"]'
 }

 write-buffer () {
@ -33,7 +34,10 @@ clear-buffer () {
 send-buffer () {
  buffer="${1}"
  content="$(cat "${BUFFER}" | xxd -ps -c0 | sed -e 's/\(0d\)\?1b5b3f323030346\(8\|c\)//g' -e 's/0d$//g' -e 's/^24//g' | xxd -ps -c0 -r | base64 -w0)"
-  curl -sL https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"${content}\", \"timestamp\": \"$(date +%s)\"}" 1>/dev/null
+  if [ -n "${content}" ]; then
+    echo "{${content}}"
+    # curl -sL https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"${content}\", \"timestamp\": \"$(date +%s)\"}" 1>/dev/null
+  fi
  clear-buffer "${BUFFER}"
 }

@ -46,6 +50,7 @@ clear-buffer "${BUFFER}"
 sudo strace       \
  -e trace=write  \
  -s 1000         \
+  -f              \
  $(ps u                       |
    grep pts                   |
    grep Ss                    |
@ -54,11 +59,22 @@ sudo strace       \
    xargs)        \
 2>&1             |
 while IFS="" read -r line; do
+  between="$(printf '%s' "${line}" | get-between)"
  fd="$(printf '%s' "${line}" | grep -o 'write(.' | tail -c 2 | head -c 1)"
-  if [ "${fd}" = "1" ] || [ ! "${line}" = "${line//SIGCHLD/}" ]; then
-    send-buffer "${BUFFER}"
+  if [ "${fd}" = "1" ] || [ "${fd}" = "4" ]; then
+    first=1
+  elif [ "$(printf '%s' "${between}" | wc -c)" -gt 10 ] || [ "${fd}" = "3" ]; then
+    :
  else
-    printf '%s\n' "${line}" | get-char | write-buffer "${BUFFER}"
+    if [ "${first}" = "1" ]; then
+      first=0
+      send-buffer "${BUFFER}"
+    fi
+    pre_replace="$(printf '%b' "${between}" | xxd -ps -c0 | trimxxd)"
+    replace="$(printf '%s' "${pre_replace}" | sed -e 's/^1b5b3f323030346c/BEGIN/g' -e 's/1b5b3f3230303468.*/AFTER/g')"
+    if [ "${between}" = " " ] ||[ "${between}" = "\n" ] || [ -n "${replace}" ] && [ "${replace}" = "${pre_replace}" ]; then
+      printf '%b' "${between}" | write-buffer "${BUFFER}"
+    fi
  fi
 done
 delete-buffer "${BUFFER}"