diff --git a/others/README.md b/others/README.md index 49fda04..ee16585 100644 --- a/others/README.md +++ b/others/README.md @@ -9,4 +9,33 @@ - **`playRTPStream.sh`** - Using rtpdump to play RTP streams from PCAP files with VLC. This script was useful to extract RTP Streams from sniffed VoIP communication and then with a help of VLC to dump those streams into valid .wav files. (https://github.com/hdiniz/rtpdump). [gist](https://gist.github.com/mgeeky/0b8bd81a3f6fb70eec543bc0bae2f079) +- **`vm-manager.sh`** - A bash script offering several aliases/functions for quick management of a single Virtualbox VM machine. Handy to use it for example to manage a Kali box. By issuing `startkali` the VM will raise, `sshkali` - offers instant SSH into your VM, `getkali` - returns VM's IP address, `iskali` - checks whether VM is running, `stopkali` goes without explanation. [gist](https://gist.github.com/mgeeky/80b1f7addb792796d8bfb67188d72f4a) + +``` +user@my-box $ startkali +[>] Launching kali in headless +[>] Awaiting for machine to get up... +Waiting for VM "kali" to power on... +VM "kali" has been successfully started. + 1. Attempting to connect with kali... +[.] Testing: 192.168.56.1 +[.] Testing: 192.168.56.101 +[+] Found VM by ssh probing: 192.168.56.101 +[+] Running VM init commands... +[?] Timed out while trying to run VM_INIT_COMMANDS. +Continuing anyway... +[.] Testing: 192.168.56.1 +[.] Testing: 192.168.56.102 +[+] Found VM by ssh probing: 192.168.56.102 +[+] Running VM init commands... +[+] Updated /etc/hosts file with '192.168.56.102 kali' entry. +[+] Succeeded. kali found in network. + +user@my-box $ sshkali +Linux Kali 5.3.0-kali2-amd64 #1 SMP Debian 5.3.9-1kali1 (2019-11-11) x86_64 +Last login: Fri Dec 6 07:40:19 2019 from 192.168.56.1 +root@Kali:~ # hostname +Kali +``` + - **`xor-key-recovery.py`** - Simple XOR brute-force Key recovery script - given a cipher text, plain text and key length - it searches for proper key that could decrypt cipher into text. ([gist](https://gist.github.com/mgeeky/589b2cf781901288dfea0894a780ff98)) diff --git a/others/vm-manager.sh b/others/vm-manager.sh new file mode 100755 index 0000000..97183fe --- /dev/null +++ b/others/vm-manager.sh @@ -0,0 +1,281 @@ +#!/bin/bash +# +# Simple vm-specific management bash functions and aliases. +# Coming with basic functionality of starting, stopping and status checking +# routines. Easy to change to manage other type of VMs. +# +# Providing commands for: +# - starting/stopping selected VM +# - checking whether selected VM is running +# - easily ssh'ing to the selected VM +# - scanning for other VMs +# - setting selected VM's IP address within /etc/hosts (and alike) file +# +# Mariusz B. / mgeeky, '16-'19 +# v0.7 +# + +# VM_NAME as defined in VirtualBox. Name must not contain any special characters, not +# even space. +VM_NAME=kali + +# User's name to be used during ssh. +VM_USER=root + +# Host-only's interface network address and interface +HOST_ONLY_NET=192.168.56.1 +HOST_ONLY_IFACE=vboxnet0 + +# Hosts file where to put the VM's host IP address +HOSTS_FILE=/etc/hosts + +# Command to be run to detect proper VM and pattern to be matched then. +VM_DETECT_COMMAND="uname -a" +VM_DETECT_PATTERN="Linux Kali" + +# Initial commands one would like to get executed upon VM start. +VM_INIT_COMMANDS="dhclient -r eth1 ; dhclient -v eth1" + + + +# +# Will set the following aliases: +# - ssh alias for quick ssh-connection +# - get alias for quick vm's ip resolution +# - start alias for starting up particular vm +# - stop alias for stopping particular vm +# - is alias for checking whether the vm is running. +# +# For instance, when VM_NAME=Kali - the following aliases will be defined: +# sshkali, getkali, and so on +# +function setup_aliases() { + name=$VM_NAME + if [ -z $name ]; then + echo "[!] You must set the VM_NAME variable within that script first!" + exit 1 + fi + alias ssh$name="ssh -o StrictHostKeyChecking=no -Y $VM_USER@$name" + alias get$name="cat $HOSTS_FILE | grep -i $name | cut -d' ' -f1" + alias start$name="startvm" + alias stop$name="stopvm" + alias is$name="VBoxManage list runningvms | grep -qi $name && echo '[+] Running' || echo '[-] Not running';" +} + + +# +# Function for starting particular VM and then detecting it within +# user-specified host-only network, in order to setup correct entry in hosts file. +# Afterwards some additional actions like sshfs mounting could be deployed. +# +function startvm() { + if [ -n "$1" ] && [[ "$1" == "-h" ]]; then + echo "[?] Usage: startvm [mode] - where [mode] is: headless (default) or gui" + return + fi + + name=$VM_NAME + #hostname=${name,,} + hostname=$name + mode=$1 + if [[ "$mode" == "" ]]; then + mode='headless' + elif [[ "$mode" == "gui" ]]; then + mode='gui' + else + echo "[?] Usage: startvm [mode] - where [mode] is: headless (default) or gui" + return + fi + + echo "[>] Launching $name in $mode" + if [[ $(VBoxManage list runningvms | grep -i $name) ]]; then + echo "[+] Already running..." + else + echo "[>] Awaiting for machine to get up..." + VBoxManage startvm $name --type $mode + if [ $? -ne 0 ]; then + echo "[!] Could not get $name started. Bailing out." + exit 1 + fi + + found=0 + sleep 16 + + for i in `seq 1 25`; + do + if [ $found -ne 0 ]; then + break + fi + + echo -e "\t$i. Attempting to connect with $name..." + sleep 3 + + if scan_for_vm; then + found=1 + break + fi + done + + if [ $found -ne 1 ]; then + echo "[!] Critical - could not locate $name VM machine on network." + echo -e "\tYou can always try 'scan_for_vm' command to do a sweep again and retry process." + return + fi + + echo "[+] Succeeded. $name found in network." + fi +} + + +# +# Function for stopping particular VM. +# +function stopvm() { + name=$VM_NAME + hostname=$name + + if VBoxManage list runningvms | grep -qi $name + then + sleep 2 + sudo sed -i "/$hostname/d" $HOSTS_FILE + echo "[+] Stopping $VM_NAME..." + VBoxManage controlvm $name savestate + else + echo "[-] Not running." + return + fi + + sleep 3 + if VBoxManage list runningvms | grep -qi $name + then + echo "[?] Seems that $name do not want to be pasued..." + sleep 2 + VBoxManage controlvm $name acpipowerbutton + + if VBoxManage list runningvms | grep -qi $name + then + echo "[-] Could not pause $name politely. Cut his head!" + sleep 3 + VBoxManage controlvm $name poweroff + else + echo "[+] Ok, it had shut itself down." + fi + fi +} + + +# +# One can use that very function to enumerate available machines +# visible from VMs network interface (under ARP scanning). +# +function find_vms_netdiscover { + sudo netdiscover -i $HOST_ONLY_IFACE -r $HOST_ONLY_NET/24 -N -P | grep ${HOST_ONLY_NET:0:5} | cut -d' ' -f2 | tail -n +2 +} + +function find_vms_nmap { + nmap -sn $HOST_ONLY_NET/24 -oG - | grep Up | awk '{print $2}' +} + +function find_vms { + sudo ifconfig $HOST_ONLY_IFACE up + out="" + if [ -x "$(command -v nmap)" ]; then + out=$(find_vms_nmap) + if test "$out" != ""; then + echo "$out" + return + fi + fi + if [ -x "$(command -v netdiscover)" ]; then + out=$(find_vms_netdiscover) + if test "$out" != ""; then + echo "$out" + return + fi + fi + echo "" +} + +function detect_vm { + out=$(timeout 30s ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=5 $VM_USER@$1 "$VM_DETECT_COMMAND" 2>/dev/null ) + if [ $? -eq 124 ] || [ $? -eq 255 ]; then + echo "[!] Machine $1 timed out while trying to detect it by ssh probing." + return 1 + fi + + if echo "$out" | grep -qi "$VM_DETECT_PATTERN" ; then + return 0 + else + return 1 + fi +} + +# +# If for some reason `start` command didn't manage to find the VM +# that was starting at that moment, one can repeat the scan & set process +# manually using the below command. +# +function scan_for_vm { + + # Scanning hosts in host-only network made by VirtualBox and then every + # found host will be ssh'd to get it's uname and determine whether it is our vm. + # Thanks to this loop we will not be failing to connect to our VM in case it's + # IP would get assigned differently from VBox dhcp. + hosts=$(find_vms) + + declare -a hostsarray + while read -r host + do + hostsarray+=($host) + done <<< "$hosts" + + sorted_hostsarray=($(echo "${hostsarray[@]}" | tr ' ' '\n' | sort -u)) + for host in $sorted_hostsarray[@]; do + echo "[.] Testing: $host" + detect_vm $host + if [ $? -eq 0 ] + then + # VM found by match in uname's output. + echo "[+] Found VM by ssh probing: $host" + + if [ -n "$VM_INIT_COMMANDS" ]; then + echo "[+] Running VM init commands..." + timeout 1m ssh -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=5 $VM_USER@$host "$VM_INIT_COMMANDS" 2>/dev/null + if [ $? -eq 124 ]; then + echo "[?] Timed out while trying to run VM_INIT_COMMANDS." + #return 1 + echo "Continuing anyway..." + fi + detect_vm $host + if [ $? -ne 0 ]; then + if [ $# -eq 1 ] && [ "$1" == "again" ] ; then + echo "[!] After initial commands the connection with VM is lost. Repeat the 'scan_for_vm' process" + return 1 + else + scan_for_vm "again" + fi + fi + fi + + # Since the shell does output redirection not sudo, we have to write + # to the hosts file like so: + # + cat $HOSTS_FILE | grep -qi $VM_NAME + if [ $? -eq 0 ] && [ "$1" != "again" ]; then + sudo sed -i -E "s/^[0-9]{1,3}.[0-9]{1,3}+.[0-9]{1,3}+.[0-9]{1,3}+\s+$VM_NAME/$host $VM_NAME/" $HOSTS_FILE + echo "[+] Updated /etc/hosts file with '$host $VM_NAME' entry." + else + echo "$host $hostname" | sudo tee --append $HOSTS_FILE > /dev/null + fi + return 0 + else + #echo "[.] Not our target VM: '$host'" + continue + fi + done + + echo "[!] Could not locate $VM_NAME machine within the network." + return 1 +} + +setup_aliases