Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

allows us to separate them in this way while still treating them as a

single command. Line breaks of long code lines make it easier to

read. At the end of this process, we use sleep 10 to wait 10

seconds before running this discovery again.

If you run this script, you should receive an email whenever a

new host is discovered. To properly send emails, you’ll need to

configure a mail transfer agent (MTA) such as Postfix on the system.

Refer to the documentation at https://postfix.org/documentation.html

for more information.

You can download the script at https://github.com/dolevf/Black-

Hat-Bash/blob/master/ch04/host_monitor_notification.sh.

Note that the continuous network probing performed by this

script isn’t very stealthy. To achieve this in a more covert way, try

modifying the script in one of the following ways:

•^{Slow down the probing so it triggers every few hours or arbitrary}

number of minutes. You can even randomize this interval to

make it less predictable.

•^{Instead of sending notifications over the network, try writing the}

results to memory if you’re running the script from within a com-

promised network.

•^{Upload the results to an innocent-looking third-party website.}

The Living off Trust Sites (LOTS Project) at https://lots-pro-

ject.com maintains an inventory of legitimate websites that cor-

porate networks often allow. Attackers commonly use these to

carry out activities such as data exfiltration so that their traffic

blends with other legitimate traffic, making it harder for analysts

to spot.

Now that we know what hosts are available on the

172.16.10.0/24 network, we recommend removing any unresponsive

IP addresses from the 172-16-10-hosts.txt file to make your future

scans faster.

To go further, we encourage you to experiment with other

notification delivery methods, such as sending notifications over

Slack, Discord, Microsoft Teams, or any other messaging system

you use on daily basis. Platforms such as Slack, for example, use the

concept of a webhook, where a script can make a POST request to a

special URL to deliver a custom message to some channel of choice.