From 86d96c93ea1e21f87de8b66ea6461c4c084d4b6c Mon Sep 17 00:00:00 2001
From: cubernetes <timo42@protonmail.com>
Date: Fri, 14 Apr 2023 12:06:41 +0200
Subject: [PATCH] Flow

---
 blueteam/blueteambot1.sh | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/blueteam/blueteambot1.sh b/blueteam/blueteambot1.sh
index bba1350..ff7f0c3 100755
--- a/blueteam/blueteambot1.sh
+++ b/blueteam/blueteambot1.sh
@@ -2,6 +2,32 @@
 
 domain=hackhpi23.timo.one
 
-curl -L https://${domain}/api/red -X POST -H "Content-Type: application/json" -d "{\"data\": \"Start of post-exploitation\", \"timestamp\": \"$(date +%s)\"}"
+if [ -n "${1}" ]; then
+  domain="${1}"
+fi
 
-curl -L https://${domain}/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"<b style='color: yellow'>Snort: Intrusion Detected! Blue team should now be aware</b>\", \"timestamp\": \"$(date +%s)\"}"
+curl -sL https://${domain}/api/red -X POST -H "Content-Type: application/json" -d "{\"data\": \"start of attack\", \"timestamp\": \"$(date +%s)\"}"
+
+sleep .5
+
+curl -sL https://${domain}/api/red -X POST -H "Content-Type: application/json" -d "{\"data\": \"nmap scanning\", \"timestamp\": \"$(date +%s)\"}"
+
+sleep 1
+
+curl -L https://${domain}/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"<b style='color: yellow'>IDS: Malicious Activity was detected</b>\", \"timestamp\": \"$(date +%s)\"}"
+
+sleep .5
+
+curl -L https://${domain}/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"<b style='color: red'>Malicious IP: 141.89.221.182</b>\", \"timestamp\": \"$(date +%s)\"}"
+
+sleep .5
+
+curl -sL https://${domain}/api/red -X POST -H "Content-Type: application/json" -d "{\"data\": \"ssh bruteforce\", \"timestamp\": \"$(date +%s)\"}"
+
+sleep 2
+
+curl -sL https://${domain}/api/red -X POST -H "Content-Type: application/json" -d "{\"data\": \"lateral scanning\", \"timestamp\": \"$(date +%s)\"}"
+
+sleep 3
+
+curl -sL https://${domain}/api/blue -X POST -H "Content-Type: application/json" -d "{\"data\": \"ubuntu@192.168.0.17: ssh -p1337 -A -L80:localhost:8080 mainframe3.localdomain\", \"timestamp\": \"$(( $(date +%s) + 360 ))\"}"