Jump to content

Lux Æterna

Active Members
  • Content Count

    15
  • Joined

  • Last visited

  • Days Won

    2

1 Follower

About Lux Æterna

  • Rank
    Hackling

Profile Information

  • Gender
    Male
  • Location
    Italy

Recent Profile Visitors

461 profile views
  1. Also Cloud C2 is great, but my idea was to try and make it a little bit more standalone, as connecting to an host is "noisier" on a network level, and also leaves a bigger footprint (ie: DNS logs, traffic to a specific port etc). But I understand completely, no worries. Thanks for getting back to me Darren!
  2. I purchased all three on day one 🙂 I actually wrote a guide last year on how to backdoor a subnet via OpenVPN on a PS on its subforum
  3. Hey there, I just got my SC and while playing around with it I thought about some possible additions to this great device: 1) RTSP streaming. I don't know the specs of the device so I'm not sure how feasible this is but it would be great to just point VLC at it and stream it in real time. 2) some way to remote into it, ie. OpenVPN + SSH. Again, I don't know the specs but if it was possible it could basically become a capture device AND a backdoor to a network! 3) email reporting! 4) wifi master mode, to broadcast an SSID to connect to and remotely access stuff on it. I'm sure you
  4. If I understand correctly what you and @Yaricks are trying to accomplish, I made a post about it here It's something I've been using for quite a while to bridge a remote network and access it seamlessly. Hope this helps!
  5. Hi all, several months ago I wrote a guide on how to seamlessly connect OpenVPN clients to the PS' LAN (e.g. your laptop from your home connection connecting to a printer in the same LAN as the PS, without having to use SSH as a proxy), but due to OpenWRT's preconfigured firewall I missed some iptables configurations to make it work properly (thank you @m3t4lk3y for pointing this out). So I figured I'd write a new, corrected standalone post. This is useful to manage remote subnets from anywhere with more than one VPN client (as this OpenVPN AS feature is paywalled, also this is completely
  6. Hey @Master Luc, if you don't need to route all the traffic at a lower level you could simply use SSH to create a quick and dirty SOCKS5 proxy. Say your PS'' OpenVPN IP is 10.20.30.3, from your laptop you could do something like: ssh -f -D 0.0.0.0:2222 root@10.20.30.3 -p 22 -N -q This simply creates background SSH connection (-f) binding local port 2222 (-D 0.0.0.0:2222) to user root at 10.20.30.3 port 22 (root@10.20.30.3 -p 22) without executing any other commands (-N) and without printing debug informations/errors (-q). In your Firefox configuration you can now use localhost
  7. Hey, I just upgraded manually my LAN Turtle, so I had to start from scratch setting up my modules. One thing I noticed right away is that even if my LT connected to my OpenVPN server just fine I still couldn't connect to it via SSH. The simple fix was to append this line to the LAN zone in /etc/config/firewall option network 'lan vpn' If everything went smoothly your zone should look like this, with the new line being the 15th in the whole file: config zone option name lan list network 'lan' option input
  8. Hey @StampeRnator, I detailed my solution to your problem here, hope this helps!
  9. The only downside I could think of is that automating the process could lead to subnet overlapping on your client PC if you're not careful and double check every time. Say you need to plant the packet squirrel on a 192.168.0.0/24 and your home network is 192.168.57.0/24: unless you start the OpenVPN client only when you know you're on an "unconventional" subnet you're fine, but if you want to bring your laptop to, say, a Starbucks or a new network altogether you may find it shares a subnet (192.168.0.0/24) with the target network, and with your computer unable to connect properly to the inte
  10. Also, funnily enough I remember that episode because I was looking for a more "streamlined" way to do exactly this. Sadly OpenVPN AS is too limited for my needs, and in the end the Unix just-read-the-man-page-and-do-it-from-the-cli way always wins in the long run. Much better idea IMHO. I always try to keep my devices from calling too much home because I always assume they'll be discovered and I definitely don't want to give away information about my infrastructure in case of closer inspection; server -> client, however, it's preferable because it's much harder to detect, especial
  11. That's definitely something I considered doing in the past, but it really hasn't been a problem: as long as you have the client-to-client directive in your OpenVPN server and the network has DHCP you'll always be able to ssh in the PS, check the WAN subnet and course-correct. I own a flock of ZSUN sticks that I use exactly for this purpose, and customize them depending on the client/engagement: plug them somewhere, configure their client mode, take note of the subnet, edit the conf files accordingly and bam, free backdoor as long as the AP stays up.
  12. You're very welcome :) I'll make sure to update it asap. It's something I hold particularly dear because it helped me maintain access so many times before. It's also one of the reason I particularly like OpenWRT: extremely small devices are enough to backdoor an entire network.
  13. Hey Darren, although it's pretty simple I admit it took me some trial and error to get it working, but now that I did I can manage 5+ networks from home without an issue. It basically boils down to pushing routes to other VPN clients while specifying which client will actually be the router, and a little bit of iptables magic of course. A word of caution: since we're going to push routes to your computer and 90% of common subnets are either 192.168.0.0/24 or 192.168.1.0/24 I advise you change your home/most used network to something a bit more uncommon, like 192.168.57.0/24, as to avoid
  14. Thank you, it makes sense seeing the new layout. I didn't think my guide warranted a brand new payload, maybe a PR of the existing one? I'll see when I get my PS in the mail :)
  15. Hey @Sebkinne, any plans on making a PS wiki repo? I was meaning to write a chapter on how to seamlessly expose a LAN segment with OpenVPN. It's a feature I've been using for a long time with small OpenWRT devices (ZSUN sticks, WT3020F, MR3020 etc) and it's awesome for remote management access, as you can seamlessly access the target subnet without having to forward/proxy every single IP/port combination.
×
×
  • Create New...