Jump to content

Use turtle for ics


Recommended Posts

I don't know if this is even possible, I just opened my turtle that I got at defcon this year.

I saw TetherATurtle on https://forums.hak5.org/index.php?/topic/36460-tut-tether-turtle-to-laptop-like-the-wifi-pineapple/, but I am not trying to tell my computer to share connection with turtle.

I want to plug the turtle into a desktop with internet connection, then plug an ethernet between the turtle and my laptop, and my laptop to have an internet connection from the turtle.

[desktop with internet] <=> [turtle] <==ethernet==> [laptop]

The desktop is windows 7, and it is domained. Not sure if I have access to change the internet settings, or else I know I could easily set up ICS. On Monday I will check if the access to change settings it there, but if this is possible it would be a great turtle module if the feature is not something that can be set right now.

Link to comment
Share on other sites

I'm not positive but i think internet has to come from the ethernet side of the turtle. So in your diagram there, if your laptop has internet, then you connect it to the turtle in your desktop the desktop can get internet via that route, but not the way you are describing there. Basically the turtle just needs internet coming from the ethernet side so it's modules can get out, it doesn't have to be plugged into a system to work.

There may be a way to share the internet between the network connections on the desktop, but i don't think that's the way it's designed to work. I could be wrong, I've only had mine for a little bit as well and haven't played with it as much yet.

Link to comment
Share on other sites

On the 1st video

he says that it has eth0 and eth1. By default, it is set up to be inward on use and outward on ethernet. The network is port locked, so in theory I could get the mac of the desktop, use the turtle as my local ethernet adapter on laptop, change the turtle mac to match the desktop mac, and then swap ethernet cable from desktop to turtle. But I would think it would be easier to just "daisy chain" off the desktop of possible.
Link to comment
Share on other sites

I suppose if you want to you could reverse the setup internally (you have access to the shell and can change all the ip settings and dhcp server/client settings if you want to). What you were describing in your first post was you wanted your laptop {plugged into the actual ethernet port "eth1") to get internet from the desktop (plugged using the usb ethernet port "eth0"), assuming the desktop has an internet connection from an existing separate connection (wired or wireless). What he says in the video is the default config is for the opposite direction and you can change it if you want. You'll want to know about setting up IP addresses for ethernet ports, defining them as dhcp servers or clients and configuring the firewall for both eth0 and eth1 to allow this type of setup. Also remember the connections are bridged by default (this will play into the settings I believe).

What you say in your second post I don't think you even need to do, but you could if your dhcp server on your domained network is assigning ip addresses by mac address. By default though you can just plug the usb port into the desktop, take it's ethernet wired connection plug it into the turtle and you're set. You can ssh into the turtle from the desktop "eth0" which would have an assigned address in the range of 172.16.84.X (but not from the local network connected to the wired "eth1" which would have an ip address assigned by the dhcp server on local network the wired connection is plugged into on the other end of the wire. The turtle would have internet access through "eth1" via the normal networking, just as if the wire was plugged directly into the desktop. The most you would really have to do to stay "invisible" to the end user is setup the static "eth0" to be a dhcp server in the range of the local network (this way if the user checks their ip it has an address that would be expected to be assigned if on the local network dhcp).

For the first post setup, you would basically need:

--desktop to have a wired or wireless connection already enabled and working

--plug in the turtle to the desktop and don't have a wire going to it yet

--ssh into the turtle, configure the eth0 and eth1 to basically be swapped so eth0 is now a client and the eth1 is a server (you'll also want to make sure ssh can be accessed from the eth1, which by default it is not accessible and all ports coming into the turtle from the wire are blocked if i'm not mistaken)

--configure the eth0 that appears on the desktop to be a dhcp server to assign the usb connected eth0 an address and share the internet with that connection via the existing desktop connection

--plug the laptop via wire to the turtle and the ehternet port on the laptop

--theoretically the laptop will pull an ip address from eth1 you setup to be a dhcp server and will allow the laptop to get on the internet via the connection existing on the desktop

again I don't think this was what it was really designed to do and i'm not sure how the modules would handle connecting out (since you now have the firewalls on both the desktop and the local network the desktop is connected to get through), but theoretically it could be done this way.

You probably want to make sure you review this page on resetting the lan turtle back to default if you mess up something on the configuration of the eth0 and eth1 and can't connect to it again from either side:


I really think it would be easier to have the laptop connected to wifi, share the internet connection with the wired port of the laptop. Plug the ethernet into the lan turtle and then the usb to the desktop. The desktop would receive internet through the lan turtle and you could ssh into the turtle form the desktop to configure modules which you could setup to setup a reverse shell to the laptop and work with it from the laptop.

But again, seems like a weird setup and not the intent of the original design in general because normally you would want the desktop to just be connected to the local network through the lan turtle (man in the middle) and then have it reverse shell out to a connection either on the local lan or out to the wan somewhere.

Just my opinion though and it's a pretty powerful little device with an embedded linux you can pretty much configure however you'd like as long as you know what you are doing.

Link to comment
Share on other sites

I do not have the admin rights to do ICS. But setting the turtle settings the same as the desktop and then using it as my eth connection to the local lan using the cable from the desktop works. Now I'm trying to find the way to have the turtle persistently save the network config data. From what I have seen so far, it looks like having to go into the shell on it and make a startup script to do it. Will post the method when found.

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...