Address
304 North Cardinal St.
Dorchester Center, MA 02124

Work Hours
Monday to Friday: 7AM - 7PM
Weekend: 10AM - 5PM

GetIP – Exfiltrate IP information using PowerShell

GetIP was something I used a bit more for personal reasons, but could easily be modified for engagements with more dynamic IP allocations.

GetIP will grab the IP address (from IPInfo Security Portal) and hostname of a machine, and then put them in a time stamped text file. Additionally, it was a good start for me to get my hands dirty and use PowerShell instead of Python occasionally.

$invocation = (Get-Variable MyInvocation).Value
$directorypath = Split-Path $invocation.MyCommand.Path

try {
    $ip = Invoke-RestMethod http://ipinfo.io/json | Select -exp ip
    $hostname = $env:COMPUTERNAME.ToLower()
    $date = Get-Date -format "MMM dd \@ HH\:mm"
    Add-Content $directorypath\IPs.txt "$date HOST: $hostname - $ip"
}
catch {
    Write-Output $_
}

It hits their public REST endpoint, and then grabs the IP from that. More information could obviously be grabbed, but I just needed the IP address in this case.

GetIP - Code

I have this script running as a scheduled task every day at 12:15am, with the output going to my Dropbox folder.

GetIP - Execution

That said, this script could easily be modified to use a different method of exfiltration (Pastebin, Twitter, e-mail, etc.) if the engagement called for it.

As usual, the code and updates can always be found in my GitHub repository as well.

2 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.