Jump to content

Peter Luykx

  • Content Count

  • Joined

  • Last visited

About Peter Luykx

  • Rank
  1. Hello Bob123, Thank you for your reply. I will try to explain it. if you would like i could make a video screen next time. i did the following. I have connected my computer to the Ethernet IN of the PS and Ethernet OUT to my router. I putted the PS in army mode. I opened SSH and typed tcpdump -i eth0 -s 65535 -w /mnt/loot/tcpdump/traces.pcap in the terminal window. I started downloaded a file that is 700mb big. Offcourse i didn't actually downloaded the whole file. i interrupted it at approximately 50MB. When i look at my loot folder, i see that my traces.pcap is only 7MB. When you stop the tcpdump command in the terminal window, i see the following message. tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 8077 packets captured 66286 packets received by filter 58208 packets dropped by kernel I have downloaded the payload from github and adapt it a bit so tcpdump would make x files of y mb and loop. but the result stays the same. i have the idea that not all packets are captured, but dropped by the kernel. #!/bin/bash # # Title: TCPDump # Description: Dumps networking-data to USB storage. Completes on button-press or storage full. # Author: Hak5 # Version: 1.0 # Category: sniffing # Target: Any # Net Mode: TRANSPARENT # LEDs # SUCCESS: Dump complete # FAIL: No USB storage found function monitor_space() { while true do [[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && { kill $1 LED G SUCCESS sync break } sleep 5 done } function finish() { # Kill TCPDump and sync filesystem kill $1 wait $1 sync # Indicate successful shutdown LED R SUCCESS sleep 1 # Halt the system LED OFF halt } function run() { /etc/init.d/sshd start & # Create loot directory mkdir -p /mnt/loot/tcpdump &> /dev/null # Set networking to TRANSPARENT mode and wait five seconds NETMODE BRIDGE sleep 5 C2CONNECT # Start tcpdump on the bridge interface #tcpdump -i br-lan -s 0 -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null & tcpdump -i br-lan -s 65535 -w /mnt/loot/tcpdump/traces.pcap -W 50 -C 75 &>/dev/null & tpid=$! # Wait for button to be pressed (disable button LED) NO_LED=true BUTTON finish $tpid } # This payload will only run if we have USB storage [[ ! -f /mnt/NO_MOUNT ]] && { LED ATTACK run & monitor_space $! & } || { LED FAIL }
  2. Hello, I'm new to PS. when testing the TCPdump function, i see that not all packets are captured by PS. I ran the TCPDump in armed mode and after a minute i stopped the process, i see a lot of packets are dropped by the kernel. I did the same in bridged mode with the same result. anybody an idea how i can collect all the packets? Maybe a better method? or is PS to lightweight to capture all packets? thanks in advanced, Peter
  • Create New...