Search the Community

Hello all, I have a C2 instance on the public internet and its reachable via the PS when in arming mode. The issue is when I run C2EXFIL I am getting an error and I cannot find any information on it specifically on the forum and the net. Any help is appreciated. The error I get is: root@squirrel:/mnt/loot/tcpdump# C2EXFIL /mnt/loot/tcpdump/dump_2022-02-07-180824.pcap Starting C2 Exfil Tool Configuring C2 Connection Preparing Loot for Exfiltration Loot Path: /mnt/loot/tcpdump/dump_2022-02-07-180824.pcap Sending Loot to C2 terminate called after throwing an instance of 'std::bad_alloc' what(): std::bad_alloc Aborted I get the same error no matter if I am in arming mode or switch1 mode with the PCAPs dumping to the SD card. (See attachment from C2 server)

Hello, I would appriciate help running the squirrel TCPDUMP payload in CLONE mode packet squirrel version the squirrel is running on: 3.2 Downloaded payload from github: packetsquirrel-payloads/payloads/library/sniffing/tcpdump/payload.sh When running the script in TRANSPARENT mode it runs OK. When changing the mode to CLONE - can not have network connection. Thx

I installed cURL on my Packet Squirrel with 3.2 firmware using opkg update && opkg install curl which succeeds without errors. However when using cURL from the command line it throws the error: "Error relocating /usr/bin/curl: curl_multi_poll: symbol not found". I tried to opkg upgrade curl but this didn't help. Anyone ran into the same issue and got it solved? Any help is welcome.

Hi all, several months ago I wrote a guide on how to seamlessly connect OpenVPN clients to the PS' LAN (e.g. your laptop from your home connection connecting to a printer in the same LAN as the PS, without having to use SSH as a proxy), but due to OpenWRT's preconfigured firewall I missed some iptables configurations to make it work properly (thank you @m3t4lk3y for pointing this out). So I figured I'd write a new, corrected standalone post. This is useful to manage remote subnets from anywhere with more than one VPN client (as this OpenVPN AS feature is paywalled, also this is completely headless, no clunky web interface required) A word of caution: since we're going to push routes to your computer and 90% of common subnets are either 192.168.0.0/24 or 192.168.1.0/24 I advise you change your home/most used network to something a bit more uncommon, like 192.168.57.0/24, as to avoid overlapping. I'm going to assume an OpenVPN server is already set up and running. So, let's say that my home network is 192.168.57.0/24 and I want to use a PS to manage target network 192.168.0.0/24. Let's also assume my VPN subnet is something like 10.9.20.0/24, and that your computer and PS when connected to the VPN have the IPs 10.9.20.4 and 10.9.20.8 respectively. On my VPN server I need to create a new folder to contain client specific directives. mkdir /etc/openvpn/ccd In this folder I'm going to create a file that's named exactly like the client name I used when I created a certificate for the PS (this is important, if you don't otherwise it's not going to work). I'm going to assume it was packetsquirrel echo "iroute 192.168.0.0 255.255.255.0" > /etc/openvpn/ccd/packetsquirrel This tells OpenVPN that the route 192.168.0.0/24 is going to flow through this specific client. Then you need to edit your openvpn's server.conf client-to-client # allows VPN clients to communicate with each other client-config-dir /etc/openvpn/ccd/ # specifies the folder we created earlier as client-config-dir push "route 192.168.0.0 255.255.255.0" # pushes the route 192.168.0.0/24 to every connected client route 192.168.0.0 255.255.255.0 # adds this route to the OpenVPN server itself Once you've done that restart your OpenVPN server. If everything went smoothly you should be able to SSH into the PS directly with "ssh root@10.9.20.8". Do that, and from inside the PS run this commands (assuming your WAN interface in the PS is br-lan, if not it should be eth1, depending on your PS' network configuration): # Packets flowing from 10.9.20.0/24 (tun0) to 192.168.0.0/24 (br-lan) should be accepted and forwarded iptables -I FORWARD -i tun0 -o br-lan -s 10.9.20.0/24 -d 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT # Masquerade packets coming from 10.9.20.0/24 as coming from the PS' WAN IP iptables -t nat -I POSTROUTING -o br-lan -s 10.9.20.0/24 -j MASQUERADE If everything went smoothly you should be able to seamlessly reach every device on the target's LAN (e.g. 192.168.0.1 for the router). Keep in mind that iptables rules are volatile, meaning they will be reset should the PS get rebooted. I could have put the configurations on the config files but seen the portable/multifunction nature of the device I'd rather run it by hand than possibly breaking the defaut network configurations intended by Hak5.

Hey Hak5 Forums, New to the product line, looking to either build out something to capture the executables on the wire. Would be useful for extracting unprotected printouts and transfers. I do have some familiarity with Bro and Snort and the SecOnion suite.

used this guide to try to setup the squirrel to mangle the traffic that passes through. oddly, seems like the TTL --ttl command is unrecognized. As i understand it, this means the module is missing. https://stuff.purdon.ca/?page_id=472 iptables -t mangle -A FORWARD -s 192.168.5.45 -j TTL --ttl-set 64 this is the command i tried to run. it works on ubuntu, but not on the squirrel. maybe missing a module? Does anyone have a deeper understanding of this issue? Thanks, Ion

If it is, it has a button and a LED at least :)