Jump to content


Active Members
  • Content Count

  • Joined

  • Last visited

About Niceday

  • Rank

Recent Profile Visitors

466 profile views
  1. @bjorn - do you get the same error if you take the sim card out altogether and boot up the LT without it ? If you do, the LT isn't recognising the SIM. I originally had the same issue because the SIM was in round the wrong way (it clicks into place just fine either way round). Mine works just fine now, on a Three data SIM.
  2. Fair enough. But as well as the pentest uses it does have sys admin uses where covert doesn't matter and the PS is way easier to deploy than laptops with multiple NICs. Horses for courses. The Pineapple Tetra has its place, but it's not as covert as a Nano.
  3. @biob Couldn't agree more. I doubt anyone here would disagree. The Hak5 team do a great job and produce great gear. But the point of Hak5 for me is that you don't just plug and play this stuff - in fact that's what makes Hak5 special. You start thinking of all the ways you can use and extend the devices and will always come up with the "if only" situations. I pre-ordered the PS because I know the Hak5 team do a great job. I then set about using it in my initial scenarios - one of which involves PoE. Lots of ideas came about in the posts and I eventually found a PoE solution that works for me, which I've posted in case it helps others. So, no, I wouldn't want the Hak5 team to think they are unappreciated, but if the posts help them come up with an even better PS in the future, in the way they came up with improved LAN Turtles, even better for all of us. And if the improvements did triple the price and double the size, my bet is they'd still sell.
  4. PoE devices and the Packet Squirrel tcpdump payload sorted for me...a happy bunny squirrel. Didn't want to modify the squirrel itself, but wanted to capture packets for a PoE phone without needing extra power sockets. The squirrel doesn't need to be inline with the phone to do this - it just needs the packets sent to it. I looked for a PoE powered, managed switch with PoE pass-through and port mirroring & found the Netgear GS105PE. Others probably exist, but its the first one I came across. The PoE switch powers the GS105PE, which powers the phone. I did try a PoE splitter to power the PS from the 2nd PSE port on the GS105PE as well, but the Netgear wouldn't power both at the same time. So I just stuck with the USB battery pack I use for the PS anyway. I set the phone port to 100Mbps to match the PS speed, mirrored port 1 to port 3, plugged it all in, powered up the PS and got all the packets. At £50 it kinda doubles the cost of the PS and at 6"x4" its about the same size as a couple of battery packs. But it does the job without modding the PS and without needing another power socket close by or a separate injector or PoE splitter. Configure it once then plug and play.
  5. The Packet Squirrel uses 5v via micro USB to power it. To capture packets, the Packet Squirrel will use RJ45 wires 1,2,3 and 6 to get the packet data, as all 10/100 devices do. For PCs and printers and other non-PoE devices, that's fine as the voltages sent down those wires for the data packets are small (maybe 2 or 3 volts). When PoE devices are used, as well as the data packets, you can get around 50v coming down those same RJ45 wires to power the PoE device. That means the RJ45 connectors of the Packet Squirrel could get 50v sent to them and that might be too much for them to cope with - I haven't seen anything yet to say what the limit is before they could suffer damage. The Packet Squirrel won't use that 50v to power itself, as it isn't a PoE device - it uses the 5v on the micro USB connector for power. It just needs to cope with a 50v voltage level without damage or have the level reduced, while letting the 50v get to the PoE device. I'm looking into whether a PoE splitter would drop the RJ45 voltages down to a safe level (they should, or I don't see the point of them). Even so, if the PoE device runs at a Gig and the Packet Squirrel doesn't, the splitter might solve the voltage problem and still not help if the PoE device and the switch negotiate a Gig speed that the Packet Squirrel can't keep up with. Just not sure that you can capture PoE device packets without powering the PoE device after the Packet Squirrel. That is, by connecting the Packet Squirrel RJ45 input to the PoE switch (reducing the speed to 100Mb and rejecting the offer of PoE power at the same time) and then connecting the Packet Squirrel RJ45 output into a separate mains powered PoE injector to power the PoE device. Even that setup is OK for sys admins, as they just want to troubleshoot data issues and aren't trying to be covert about it. Just a shame the Packet Squirrel doesn't do PoE passthrough. Maybe in the next version.
  6. Having had a good look at PoE, I have a problem - the use of PoE/PoE+ mode A by PoE switches. I wired up some RJ45 breakout boards to check and verify the voltages put on each wire with various setups. PoE powered devices are referred to as PD. Equipment providing PoE is referred to as Power Sourcing Equipment (PSE). I'm assuming standard 802.3.af/at 48v active PoE/PoE+ coming from a PoE switch or injector, as they are the most common setup (and mostly PoE switches these days). I'm ignoring bespoke PoE setups using 12v/24v as I doubt I'd ever come across one. When equipment is plugged into an active PSE, hardware negotiation takes place using low voltages to see if the high voltage power is needed. If its a PD, then the answer is yes and around 50v is sent down the wires to power it. If not (e.g. PC or Packet Squirrel), it isn't, so your stuff doesn't get fried by the high voltage it doesn't want or need. Now to the problem. PoE switches are Endspan devices and those look to use PoE mode A, where the power is sent over wires 1,2,3 and 6 along with data - the very 100Mb data wires the PS needs to get its data from. The PS wants those wires to get the packets, but it doesn't want the 50v that's sent down them. PoE injectors are Midspan devices and those look to use mode B, where the power is sent over wires 4,5,7 and 8, leaving 1,2,3 and 6 just for data. That setup would be fine, and there it should be easy to make up a cable sending wires 1,2,3 and 6 via the PS plus wires 4,5,7 and 8 around the PS and straight to the PD device. SO : If I put the PS in the way of the PD, the power negotiation with the PSE ends up not asking for power, and the PD I want to get the traffic for, doesn't power up. If I double-jumper wires 1,2,3 and 6 so the PD comes up and the PS can get a copy of all the data, I take it I'll fry the PS with the 50v. @Sebkinne - does the PS need voltage regulators to drop the 50v down to protect it ? how much voltage can the PS take ? Other than that, I think I'm pretty much stuck as far as putting a PS in line with a PoE powered device unless I use local power after the PS to bring it up. Any and all help appreciated.
  7. Thinking about PoE passthrough, I think I probably just need an Ethernet cable with the data wires going through the PS and the power wires going around it, with an 8-pin RJ45 coupler to plug into the original cable going to the AP. Think I've jut given myself some work to do when my PS gets delivered.
  8. I'd be interested in PoE passthrough in a future iteration. APs and IP phones are all PoE and to tap into those, you'd need PoE passthrough or a power injector (which would need a power socket close by and be even bigger).
  9. ordered. Also loving the Turtle 3G that I got at Defcon - that thing is scary for Sys Admins. Intrigued what the last product is. Guess It'll be Saturday morning before I find out as 7pm SanFran = 3am London.
  10. +1 for pre-order - been waiting and wanting since Defcon, but can't get to the launch as in the UK.
  11. @reubadoob Once you have your LT running the OpenVPN client as per Darren's video, the LT doesn't point its local IP settings back to the VPS - rather the OpenVPN gateway client-side subnet settings are routed via the LT by the VPN. To get as automatic as possible, if you are happy to blanket route all 192.168.x.y and 10.w.x.y addresses via the LT (i.e. this doesn't clash with any local PC private address routing you have), you can set the OpenVPN gateway settings just once and plug the LT into any of those networks and the routing will go to all of those via the LT regardless. The assumption is that you are using your PC to get to such networks via the LT, and your PC and LT are the only 2 devices on that VPN, so why not ? It's only an issue if you clash with any routing your local PC already has to your local home networks. If that's the case, you may have to manually adjust each time. Mostly, I've found the blanket approach doesn't cause me any issues I care about. To set this, in the OpenVPN gateway user permission settings for the LT user account, add networks and to go via the LT and then apply those changes and click on the button to update the server with the new settings. You can also add in 172.w.x.y addresses if you want (but by default OpenVPN uses for itself). If you then connect the LT to any 192.168.x.y or 10.w.x.y network, the VPN will route packets for those client subnets via the LT regardless of which one the LT is plugged into this time, so you can then reach the one you are plugged into this time from the PC without changing anything. So - plug in the LT and connect the PC to the VPN. On the PC, tracert to a 192.168 address that doesn't exist and break out of it when you start getting * responses. The output will tell you the LT VPN address. e.g. tracert Tracing route to over a maximum of 30 hops 1 21 ms 16 ms 17 ms 2 32 ms 31 ms 29 ms 3 * ^C which tells you the LT VPN address is That doesn't actually tell you which client-side IP address/subnet you got on the LT this time. You can get this using the plink program included with putty. Create a text file (e.g. ifconfig.txt) on the PC with the following 1 line in it: ifconfig eth1 | grep -i "inet ad" then run the following command from your PC (obviously change the LT address to the one you just found and use your own LT password) to see the desired output: plink.exe -ssh root@ -pw xxxxxx -m c:\data\putty\ifconfig.txt inet addr: Bcast: Mask: This tells you the LT client-side address is currently in a class C subnet. As before, if you want to get to all parts of a multi-subnet setup, routes would be needed in the LT also (not needed if its just the one network). That will need a script to grab the default gateway your connection was given and create routing entries to go via that address. You can invoke that script at startup via /etc/rc.local entries or you could run a scheduled task to run a script every so often. If you don't want to modify the LT, you could use plink files/commands to set it up, but that isn't automatic. Again, hope that helps.
  12. Hi, To get the address of the network you are plugged into via the ethernet cable, you can use the "ip addr show" command and pipe it through some utilities. For example: ip addr show dev eth1|grep -i "inet "|tr -s " "|cut -f 3 -d " " the first part (ip addr show dev eth1) will get you something like: 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:13:37:a6:58:2d brd ff:ff:ff:ff:ff:ff inet brd scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::213:37ff:fea6:582d/64 scope link valid_lft forever preferred_lft forever piping this into grep to grab just the line with "inet " in it gets you: inet brd scope global eth1 note the leading spaces. Then pipe that into translate (tr) to squeeze (-s) the spaces (" ") together to get: inet brd scope global eth1 and finally pipe to cut to pick out field 3 (-f 3) the fields being separated/delimited by spaces (-d " ") to get: you can put this into a variable to use later by wrapping up that line as commands to run and assign the output. For example: eth1addr=$(ip addr show dev eth1|grep -i "inet "|tr -s " "|cut -f 3 -d " ") echo $eth1addr to get the result: Now you know the IP range you are plugged into, go to your VPS and ensure the range is in the list of networks your LT is acting as a gateway for, as per Darren's video. If you wanted to get at other networks via the eth1 connection (i.e. if it is not just a single flat 1 subnet setup), you would need to add routing entries on the turtle to tell it how to get at them, and let the VPS know those also. hope that helps.
  13. Hi Seb, “Any darn fool can make something complex; it takes a genius to make something simple.” I tried the SIM in a Huawei E3531 3g dongle and it connect to the internet OK. Checking on the settings it said it used, it had an APN of "3internet" rather than "three.co.uk" so I tried changing the APN in the turtle to that, but got the same CME ERROR response. I also tried setting up a new profile in the huawei using the "three.co.uk" APN and that worked on the Huawei also. Then I thought - what would the turtle do if there was no SIM card in it at all, and I got the same error as before. Are you thinking what I'm thinking ? The SIM card slots in on the side of the 3G module with its metal contacts facing the PCB in a top facing orientation. I found you can put the SIM card in the turtle contacts facing up and it properly clicks into place EITHER WAY ROUND - yup, it was the wrong way round!! It ain't anymore and it connects just fine..I now have a nice shiny new 3gwan interface showing up. Oh well - we live, we never bloody learn..... Now onto having multiple default gateways (3g and wired) and routing table issues.
  14. I have a data SIM that works and gets me onto the Internet in a spare phone and I have the APN setup correctly on the Turtle. The modem shows up correctly on the Turtle3g in the dmesg output and also in /sys/kernel/debug/usb/devices, and /etc/config/network shows the 3gwan config lines, but it just won't appear as an interface. Just wondered if anyone have a 3G SIM working in s turtle3g and getting them onto the Internet? the output I get from a logread -f is: Tue Aug 15 22:17:56 2017 daemon.notice netifd: Interface '3gwan' is now down Tue Aug 15 22:17:56 2017 daemon.notice netifd: Interface '3gwan' is setting up now Tue Aug 15 22:17:58 2017 daemon.notice pppd[1597]: pppd 2.4.7 started by root, uid 0 Tue Aug 15 22:17:59 2017 local2.info chat[1599]: abort on (BUSY) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: abort on (NO CARRIER) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: abort on (ERROR) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: report (CONNECT) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: timeout set to 10 seconds Tue Aug 15 22:17:59 2017 local2.info chat[1599]: send (AT&F^M) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: expect (OK) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: AT&F^M^M Tue Aug 15 22:17:59 2017 local2.info chat[1599]: OK Tue Aug 15 22:17:59 2017 local2.info chat[1599]: -- got it Tue Aug 15 22:17:59 2017 local2.info chat[1599]: send (ATE1^M) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: expect (OK) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: ^M Tue Aug 15 22:17:59 2017 local2.info chat[1599]: ATE1^M^M Tue Aug 15 22:17:59 2017 local2.info chat[1599]: OK Tue Aug 15 22:17:59 2017 local2.info chat[1599]: -- got it Tue Aug 15 22:17:59 2017 local2.info chat[1599]: send (AT+CGDCONT=1,"IP","three.co.uk"^M) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: timeout set to 30 seconds Tue Aug 15 22:17:59 2017 local2.info chat[1599]: expect (OK) Tue Aug 15 22:17:59 2017 local2.info chat[1599]: ^M Tue Aug 15 22:17:59 2017 local2.info chat[1599]: AT+CGDCONT=1,"IP","three.co.uk"^M^M Tue Aug 15 22:17:59 2017 local2.info chat[1599]: +CME ERROR Tue Aug 15 22:17:59 2017 local2.info chat[1599]: -- failed Tue Aug 15 22:17:59 2017 local2.info chat[1599]: Failed (ERROR) Tue Aug 15 22:17:59 2017 daemon.err pppd[1597]: Connect script failed Tue Aug 15 22:18:00 2017 daemon.info pppd[1597]: Exit. It looks like it starts OK, but then fails with the CME ERROR. Any way of finding out the reason code for the CME ERROR so I can try to see where the issue resides ?
  15. I download the zip sporadically as I try different ideas and each idea may use different tools (pineapple, VPS, VPN, BB, turtle, etc.) individually or in conjunction. So I find it easy to miss updates if not concentrating on BB. Auto download and manual implement is perfect, especially with firmware updates that may break some scripts.
  • Create New...