Address
304 North Cardinal St.
Dorchester Center, MA 02124
Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM
GetIP was something I used a bit more for personal reasons, but could easily be modified for engagements with more dynamic IP allocations.
GetIP will grab the IP address (from IPInfo Security Portal) and hostname of a machine, and then put them in a time stamped text file. Additionally, it was a good start for me to get my hands dirty and use PowerShell instead of Python occasionally.
$invocation = (Get-Variable MyInvocation).Value
$directorypath = Split-Path $invocation.MyCommand.Path
try {
$ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
$hostname = $env:COMPUTERNAME.ToLower()
$date = Get-Date -format "MMM dd \@ HH\:mm"
Add-Content $directorypath\IPs.txt "$date HOST: $hostname - $ip"
}
catch {
Write-Output $_
}
It hits their public REST endpoint, and then grabs the IP from that. More information could obviously be grabbed, but I just needed the IP address in this case.
I have this script running as a scheduled task every day at 12:15am, with the output going to my Dropbox folder.
That said, this script could easily be modified to use a different method of exfiltration (Pastebin, Twitter, e-mail, etc.) if the engagement called for it.
As usual, the code and updates can always be found in my GitHub repository as well.
Ray Doyle is an avid pentester/security enthusiast/beer connoisseur who has worked in IT for almost 16 years now. From building machines and the software on them, to breaking into them and tearing it all down; he’s done it all. To show for it, he has obtained an OSCE, OSCP, eCPPT, GXPN, eWPT, eWPTX, SLAE, eMAPT, Security+, ICAgile CP, ITIL v3 Foundation, and even a sabermetrics certification!
He currently serves as a Senior Staff Adversarial Engineer for Avalara, and his previous position was a Principal Penetration Testing Consultant for Secureworks.
This page contains links to products that I may receive compensation from at no additional cost to you. View my Affiliate Disclosure page here. As an Amazon Associate, I earn from qualifying purchases.
2 Comments
Leave a Reply
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Great post!! Thanks for the article.
You can also use from PowerShell: Invoke-RestMethod http://ipinfo.io/json
The command output will already give us the location.
Extracted from: https://www.sysadmit.com/2019/01/windows-saber-ip-publica-PowerShell.html
Yup, that’s exactly what I did! Thanks.