tosu
/
hackhpi23-cyber-range
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

IDK MAN I HATE THIS SO MUCH

This commit is contained in:
cubernetes 2023-04-14 04:37:55 +02:00
parent 4026797940
commit 25087060df
2 changed files with 37 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
blueteam/auto.sh Normal file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env bash
curl -L https://hackhpi.kyudev.xyz/api/red -X POST -H "Content-Type: application/json" -d "{\"data\": \"Start of post-exploitation\", \"timestamp\": \"$(date +%s)\"}"
curl -L https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"\", \"timestamp\": \"$(date +%s)\"}"

38
blueteam_observability/mon.sh
View File

@ -1,11 +1,16 @@
#!/usr/bin/env bash #!/usr/bin/env bash
BUFFER=buf.txt BUFFER=buf.txt
STDOUT=0 first=0
# Requires sudo, strace and GNU grep # Requires sudo, strace and GNU grep
get-char () { trimxxd () {
cat /dev/stdin |
sed -e 's/\(0a\|0d\)*$//g' -e 's/^\(0a\|0d\)*//g' -e 's/2020$/20/g'
}
get-between () {
cat /dev/stdin | cat /dev/stdin |
grep \ grep \
--line-buffered \ --line-buffered \
@ -13,11 +18,7 @@ get-char () {
grep \ grep \
--line-buffered \ --line-buffered \
-o '[^"]*[^"]' | -o '[^"]*[^"]'
while IFS="" read -r char; do
printf '%b' "$char"
done
} }
write-buffer () { write-buffer () {
@ -33,7 +34,10 @@ clear-buffer () {
send-buffer () { send-buffer () {
buffer="${1}" buffer="${1}"
content="$(cat "${BUFFER}" | xxd -ps -c0 | sed -e 's/\(0d\)\?1b5b3f323030346\(8\|c\)//g' -e 's/0d$//g' -e 's/^24//g' | xxd -ps -c0 -r | base64 -w0)" content="$(cat "${BUFFER}" | xxd -ps -c0 | sed -e 's/\(0d\)\?1b5b3f323030346\(8\|c\)//g' -e 's/0d$//g' -e 's/^24//g' | xxd -ps -c0 -r | base64 -w0)"
curl -sL https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"${content}\", \"timestamp\": \"$(date +%s)\"}" 1>/dev/null if [ -n "${content}" ]; then
echo "{${content}}"
# curl -sL https://hackhpi.kyudev.xyz/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"${content}\", \"timestamp\": \"$(date +%s)\"}" 1>/dev/null
fi
clear-buffer "${BUFFER}" clear-buffer "${BUFFER}"
} }
@ -46,6 +50,7 @@ clear-buffer "${BUFFER}"
sudo strace \ sudo strace \
-e trace=write \ -e trace=write \
-s 1000 \ -s 1000 \
-f \
$(ps u | $(ps u |
grep pts | grep pts |
grep Ss | grep Ss |
@ -54,11 +59,22 @@ sudo strace \
xargs) \ xargs) \
2>&1 | 2>&1 |
while IFS="" read -r line; do while IFS="" read -r line; do
between="$(printf '%s' "${line}" | get-between)"
fd="$(printf '%s' "${line}" | grep -o 'write(.' | tail -c 2 | head -c 1)" fd="$(printf '%s' "${line}" | grep -o 'write(.' | tail -c 2 | head -c 1)"
if [ "${fd}" = "1" ] || [ ! "${line}" = "${line//SIGCHLD/}" ]; then if [ "${fd}" = "1" ] || [ "${fd}" = "4" ]; then
send-buffer "${BUFFER}" first=1
elif [ "$(printf '%s' "${between}" | wc -c)" -gt 10 ] || [ "${fd}" = "3" ]; then
:
else else
printf '%s\n' "${line}" | get-char | write-buffer "${BUFFER}" if [ "${first}" = "1" ]; then
first=0
send-buffer "${BUFFER}"
fi
pre_replace="$(printf '%b' "${between}" | xxd -ps -c0 | trimxxd)"
replace="$(printf '%s' "${pre_replace}" | sed -e 's/^1b5b3f323030346c/BEGIN/g' -e 's/1b5b3f3230303468.*/AFTER/g')"
if [ "${between}" = " " ] ||[ "${between}" = "\n" ] || [ -n "${replace}" ] && [ "${replace}" = "${pre_replace}" ]; then
printf '%b' "${between}" | write-buffer "${BUFFER}"
fi
fi fi
done done
delete-buffer "${BUFFER}" delete-buffer "${BUFFER}"