From 25087060dfa758d7538bfd856abed1478b716020 Mon Sep 17 00:00:00 2001
From: cubernetes <timo42@protonmail.com>
Date: Fri, 14 Apr 2023 04:37:55 +0200
Subject: [PATCH] IDK MAN I HATE THIS SO MUCH

---
 blueteam/auto.sh              |  5 ++++
 blueteam_observability/mon.sh | 48 +++++++++++++++++++++++------------
 2 files changed, 37 insertions(+), 16 deletions(-)
 create mode 100644 blueteam/auto.sh

diff --git a/blueteam/auto.sh b/blueteam/auto.sh
new file mode 100644
index 0000000..f983800
--- /dev/null
+++ b/blueteam/auto.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+
+
+curl -L https://hackhpi.kyudev.xyz/api/red -X POST -H "Content-Type: application/json" -d "{\"data\": \"Start of post-exploitation\", \"timestamp\": \"$(date +%s)\"}"
+curl -L https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"\", \"timestamp\": \"$(date +%s)\"}"
diff --git a/blueteam_observability/mon.sh b/blueteam_observability/mon.sh
index d10c6a5..0684036 100755
--- a/blueteam_observability/mon.sh
+++ b/blueteam_observability/mon.sh
@@ -1,23 +1,24 @@
 #!/usr/bin/env bash
 
 BUFFER=buf.txt
-STDOUT=0
+first=0
 
 # Requires sudo, strace and GNU grep
 
-get-char () {
-  cat /dev/stdin  |
-  grep            \
-  --line-buffered \
-  -o '".*[^"]"'   |
+trimxxd () {
+  cat /dev/stdin |
+  sed -e 's/\(0a\|0d\)*$//g' -e 's/^\(0a\|0d\)*//g' -e 's/2020$/20/g'
+}
 
-  grep            \
-  --line-buffered \
-  -o '[^"]*[^"]'  |
+get-between () {
+  cat /dev/stdin             |
+  grep                       \
+  --line-buffered            \
+  -o '".*[^"]"'              |
 
-while IFS="" read -r char; do
-  printf '%b' "$char"
-done
+  grep                       \
+  --line-buffered            \
+  -o '[^"]*[^"]'
 }
 
 write-buffer () {
@@ -33,7 +34,10 @@ clear-buffer () {
 send-buffer () {
   buffer="${1}"
   content="$(cat "${BUFFER}" | xxd -ps -c0 | sed -e 's/\(0d\)\?1b5b3f323030346\(8\|c\)//g' -e 's/0d$//g' -e 's/^24//g' | xxd -ps -c0 -r | base64 -w0)"
-  curl -sL https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"${content}\", \"timestamp\": \"$(date +%s)\"}" 1>/dev/null
+  if [ -n "${content}" ]; then
+    echo "{${content}}"
+    # curl -sL https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"${content}\", \"timestamp\": \"$(date +%s)\"}" 1>/dev/null
+  fi
   clear-buffer "${BUFFER}"
 }
 
@@ -46,6 +50,7 @@ clear-buffer "${BUFFER}"
 sudo strace       \
   -e trace=write  \
   -s 1000         \
+  -f              \
   $(ps u                       |
     grep pts                   |
     grep Ss                    |
@@ -54,11 +59,22 @@ sudo strace       \
     xargs)        \
  2>&1             |
 while IFS="" read -r line; do
+  between="$(printf '%s' "${line}" | get-between)"
   fd="$(printf '%s' "${line}" | grep -o 'write(.' | tail -c 2 | head -c 1)"
-  if [ "${fd}" = "1" ] || [ ! "${line}" = "${line//SIGCHLD/}" ]; then
-    send-buffer "${BUFFER}"
+  if [ "${fd}" = "1" ] || [ "${fd}" = "4" ]; then
+    first=1
+  elif [ "$(printf '%s' "${between}" | wc -c)" -gt 10 ] || [ "${fd}" = "3" ]; then
+    :
   else
-    printf '%s\n' "${line}" | get-char | write-buffer "${BUFFER}"
+    if [ "${first}" = "1" ]; then
+      first=0
+      send-buffer "${BUFFER}"
+    fi
+    pre_replace="$(printf '%b' "${between}" | xxd -ps -c0 | trimxxd)"
+    replace="$(printf '%s' "${pre_replace}" | sed -e 's/^1b5b3f323030346c/BEGIN/g' -e 's/1b5b3f3230303468.*/AFTER/g')"
+    if [ "${between}" = " " ] ||[ "${between}" = "\n" ] || [ -n "${replace}" ] && [ "${replace}" = "${pre_replace}" ]; then
+      printf '%b' "${between}" | write-buffer "${BUFFER}"
+    fi
   fi
 done
 delete-buffer "${BUFFER}"