aclx

Do you know the behavior of Layer 2 multicast? Yes I want to capture it and replay some specific multicast data ... I have verified tcpreplay -i br-lan -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng -> OK tcpreplay -i eth0 -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng -> OK tcpreplay -i eth1 -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng -> NOK with wireshark ...

how can I check if the cc-client service is running?

tcpreplay only works on br-lan and eth0 interface. eth1 is not sending any traffic ... NETMODE BRIDGE tcpreplay -i br-lan -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng -> OK tcpreplay -i eth0 -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng -> OK tcpreplay -i eth1 -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng -> NOK

I have done it like your great description without any success 😞 Does the packet squirrel connect to the C2 Server in the arming mode?

tcpreplay -i br-lan -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng works! I aspect that the traffic will be sent out on the LAN (Ethernet Out) interface and not out on the PC (Ethernet In) Interface. Is there a command in bridge mode to send multicast layer2 traffic on Ethernet out interface?

yes it is firmware version 3.2 Mk1 Squirrel

thanks a lot for your time and support!!! I will reset the squirrel to factory defaults and try it again.

okay. so far I am understand. the squirrel needs no client certificate, right? and the public key from the C2SERVER must be added to /etc/ssl/certs/ca-certificates.crt right?

no the squirrel is called squirrel01 and the server DemoC2. the squirrel can resolve the the name DemoC2 via DNS. Ping is working fine. is it necessary the that the CN (squirrel01) is sequel the hostname (squirrel)? I added the public key from the rootca /etc/ssl/certs/ca-certificates.crt and the priv/pub key to /etc/ssl/private/cert.pem

yes. I have changed it. And I can ping the C2 server from the PS. DNS works also fine

hi I am not able to get this simple payload running on my packet squirrel NETMODE BRIDGE sleep 20 tcpreplay -i br-lan -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng ------------------------------------------------------------------------------ LED starts with green - blue - red In arming mode I have access and see the test.pcapng under /mnt/loot/tcpdump/ Also the command tcpreplay -i br-lan -p 200000 -l 200 /mnt/loot/tcpdump/test.pcapng is working fine in arming mode ....

the CN=squirrel01

My own one. I using my private PKI

how can i check, if I have installed my private/public key and the ca certificate correctly on the packet squirrel?

hi dark_pyrro, can you please tell me how it works? Thanks in advanced!

Hi, I am trying to install tshark on my Shark Jack version 1.2.0 without any success. Can someone help me?

but other devices are working fine. the c2 server is not the problem.

try to connect your computer and use wireshark. Maybe you will see lldp information like management ip address etc. When you know the management IP then try a dictionary attack on your router. At last you can try a factory reset ....

because tcp 443 is already in use by another application

sorry ... right now I have 2 shark jacks and one key croc running an my c2 server

Is there a (better) way for my packet squirrel payload? a=1 while [ $a -lt 2 ] do # Capture MAC addresses that starts with 0x10c and write it in test.pcap tcpdump -i eth0 ether [0:2] == "0x010c" -c 5 -w test$a.pcap --print # use tshark to filter on field goose.boolean is true and write it in goose-b1.pcap wait 10 tshark -Y "goose.boolean == 1" -r test1.pcap -w goose-b1.pcap # use tcpreplay to send goose-b1.pcap tcpreplay -i eth0 -p 20000 -l 10000 goose-b1.pcap done

is it possible install tshark on packet squirrel?

I running a network sniffer between the squirrel and the C2 server. I can ping the server. When I am using the command wget https://name I see the tcp connection with my sniffer. When I am using the command C2CONNECT I can´t see any request from the squirrel ... are there any other logs on the squirrel ro check?

yes [1701174979 !ERR MAIN ] Device startup sync failed. Retrying... [1701174985 !ERR CURL ] Error posting update to server... [1701174985 !ERR INITSYNC ] Error in startup sync post [1701174985 !ERR MAIN ] Device startup sync failed. Retrying... [1701174990 !ERR CURL ] Error posting update to server... [1701174990 !ERR INITSYNC ] Error in startup sync post [1701174990 !ERR MAIN ] Device startup sync failed. Retrying... [1701174995 !ERR CURL ] Error posting update to server... [1701174995 !ERR INITSYNC ] Error in startup sync post [1701174995 !ERR MAIN ] Device startup sync failed. Retrying...