2021-06-04 09:56:50
You can see that it starts with the standard shebang
(#!) and the
bin/bash; this just forces the Bash language to be used for the rest of the script.
On the second line, we use echo to show the user a prompt that says, "What is the passcode?" We then
read whatever the input was and save it as a
loginpass variable.
Lastly, trigger.sh opens our
expect script, where we're essentially passing three variables to it. As discussed in a previous Bash lesson, the parentheses ( ) mean that everything within it will happen before continuing with the rest of the commands in the one-liner, and a dollar sign ($) indicates a variable. So whatever is the answer to the content inside the parentheses will be a variable.
So, the first part of the equation is that an arp-scan is run. This sends out ARP packets to hosts on the local network, then displays its responses. Then,
grep, a command-line utility for searching through text, looks at the scan results for the word
Raspberry to hunt for Raspberry Pis. Next,
awk, another tool for searching through text, looks for the microcontroller's IP address found from the arp-scan and grep, and
print prints the final results.
After all of that is done, it passes the username
root to the Pi, which is the default on Pis. This is slightly inspired by the Raspberry Hunter, or rpi-hunter, which is something that hunts for Pis using default credentials on the network, attempts to log into them, and then send payloads.
Lastly, it passes the password to the Pi via the password that the user input and stored as the
loginpass variable.
@hackersworldunite
68 views06:56