Cautious1
-
Posts
8 -
Joined
-
Last visited
Posts posted by Cautious1
-
-
So I created this updated payload script and saw the packet squirrel device blinking yellow, but still not getting any "dump.pcap" installed on the device or the USB.
Here is my output to the tcp_payload.log that was created on the device.
Starting payload
MKDIR Created
TCPDUMP Payload startedNETMODE TRANSPARENT Sleep 5 function run() { # Create loot directory mkdir -p /mnt/loot/tcpdump &> /dev/null echo "MKDIR Created" >> /root/tcp_payload.log # Start tcpdump on the bridge interface tcpdump -i br-lan -s 0 -w /mnt/loot/tcpdump/dump.pcap &> /dev/null & tpid=$! echo "TCPDUMP Payload started" >> /root/tcp_payload.log # Wait for button to be pressed (disable button LED) NO_LED=true BUTTON finish $tpid } # This payload will only run if we have USB storage #[[ ! -f /mnt/NO_MOUNT ]] && { [[ ! -f /mnt/NO_MOUNT ]] && { echo "Starting payload" >> /root/tcp_payload.log LED ATTACK run & monitor_space $! & } || { echo "Payload failed, no USB storage device detected" >> /root/tcp_payload.log LED FAIL }Is there anything wrong with the script?
-
The file does not seem to be created. I have green lights. Are there any lines I can add to get logs from the device when I run the Payload?
-
Thanks and that worked like a charm. Now only if I can get the tcpdump.pcap to work.
-
Hi, I did what you asked, and here are the outputs.
root@squirrel:~# df -h
Filesystem Size Used Available Use% Mounted on
/dev/root 25.0M 25.0M 0 100% /rom
tmpfs 28.1M 124.0K 28.0M 0% /tmp
/dev/mtdblock6 4.6M 304.0K 4.3M 6% /overlay
overlayfs:/overlay 4.6M 304.0K 4.3M 6% /
tmpfs 512.0K 0 512.0K 0% /dev
/dev/sda1 1.9G 11.7M 1.9G 1% /usbThen I added your script to the payload and see it only creates the file on the Packet squirrel as shared in the images under /mnt/testfile.txt. It seems there may be a missing Linux driver that needs to accept the USB.
There is a log in the packet Squirrel that says this
Wi/log.txt - root@172.16.32.1 - Editor - WinSCP
Could not load USB storage. Stopping... -
I did try this below but it does not write to the USB Drive. I already did fdisk -l and confirmed the path on the packet squirrel but no luck with writing.
NETMODE TRANSPARENT
Sleep 5
mkdir -p /mnt/loot/tcpdump &> /dev/nullmount /dev/sda1 /mnt/loot/tcpdump
tcpdump -i br-lan -s 0 -w /mnt/loot/tcpdump/dump.pcap &>/dev/null & tpid=$!Now -
would you have any links to payloads that allow me to write to an attached USB drive? ANy recommendations or links.
-
Hi All,
I was sent a Pcket Squirrel Mark II by mistake from Hak5. They were kind enough to provide me with updated FW and instructions to flash the device. The new payloads loaded on the device work, but I am interested only in the tcpdump payload for now added below.
I have formatted several USB drives to NTFS and EXT4 and still no luck for the script to write to the device and run without any issues. "/etc/rc.d/S98usb: sh: write error: No such device"
Any ideas or recommendations or is there something wrong with the script?
#!/bin/bash # # Title: TCPDump # Description: Dumps networking-data to USB storage. Completes on button-press or storage full. # Author: Hak5 # Version: 1.0 # Category: sniffing # Target: Any # Net Mode: TRANSPARENT # LEDs # SUCCESS: Dump complete # FAIL: No USB storage found function monitor_space() { while true do [[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && { kill $1 LED G SUCCESS sync break } sleep 5 done } function finish() { # Kill TCPDump and sync filesystem kill $1 wait $1 sync # Indicate successful shutdown LED R SUCCESS sleep 1 # Halt the system LED OFF halt } function run() { # Create loot directory mkdir -p /mnt/loot/tcpdump &> /dev/null # Set networking to TRANSPARENT mode and wait five seconds NETMODE TRANSPARENT sleep 5 # Start tcpdump on the bridge interface tcpdump -i br-lan -s 0 -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null & tpid=$! # Wait for button to be pressed (disable button LED) NO_LED=true BUTTON finish $tpid } # This payload will only run if we have USB storage [[ ! -f /mnt/NO_MOUNT ]] && { LED ATTACK run & monitor_space $! & } || { LED FAIL }
TCPDUMP payload leads to blinking red when using my external USB
in Packet Squirrel
Posted
Hey, Yes that worked and now I am able to capture traffic on the packet squirrel. What command do I use to see where the traffic originated from? I mean that I have the PS (packet squirrel) connected between my router and the telecommunication router but do not see the MAC address or any way to know where the request is coming from to get the response. I only see the MAC of the routers.