wutanglan Posted April 11, 2017 Posted April 11, 2017 Hi All, I'm new to this forum, but not so new to hak5. I have been following the products and videos for awhile. I recently got a LAN turtle. Obviously the LAN turtle's selling point is not it's storage capacity, which is fine. However, after reading the forums and trying to understand the Quickcreds module, I notice when I install it the turtle instantly fills up to the point where I can't even start QuickCreds at all without it telling me there is no space on the device. root@turtle:~# df -h Filesystem Size Used Available Use% Mounted onrootfs 4.6M 4.3M 304.0K 94% / /dev/root 10.3M 10.3M 0 100% /rom tmpfs 30.0M 600.0K 29.4M 2% /tmp /dev/mtdblock3 4.6M 4.3M 304.0K 94% /overlay overlayfs:/overlay 4.6M 4.3M 304.0K 94% / tmpfs 512.0K 0 512.0K 0% /dev Is there any way around this ? I tried to search the forums and other problem tickets that mentioned it, but was unable to find anything. If i'm mis-understanding something i'm open to know what that may be. So far, i've had great luck getting OpenVPN to work and a couple other modules and enjoy learning how they work.
dwagner Posted April 12, 2017 Posted April 12, 2017 I've had this exact issue as well. Something to do with either responder or QuickCreds for sure. I ended up having to put the turtle in recovery mode and flash to stock to get it fixed again. Big bummer.
0st1x Posted April 17, 2017 Posted April 17, 2017 Hello everyone, First of all let me thanks all the falks and the community behind hak5. I'm new to the forum, but I follow hak5 and use the tools since several years by now. tl;dr It seems the new version of QuickCreds module eat up all the available space on the turtle by downloading its dependencies. Basically git and Responder occupy most of the overlay space since summed up they are about 4.4 MB. A possible solution I see is to modify the installation process, in order to avoid installing git and downloading Responder as git repository. In order to do this I would download the Responder ZIP archive from github (https://github.com/lgandx/Responder/archive/master.zip) to tmp, and extract it from there. As of today the latest extracted master branch is approximately 2.1MB. All the other dependencies need to be installed nevertheless, and I don't now if they are installed via git as well. Long version I' saw the issue pointed out by @wutanglan as well. At first sight it seemed to be an issue related to updating QuickCreds to the latest version, since I didn't have such problems with previous versions. I started from a fresh manual install of the firmware, and the situation with the occupied space was the following: root@turtle:~# df -h Filesystem Size Used Available Use% Mounted on rootfs 4.6M 404.0K 4.2M 9% / /dev/root 10.3M 10.3M 0 100% /rom tmpfs 30.0M 84.0K 29.9M 0% /tmp /dev/mtdblock3 4.6M 404.0K 4.2M 9% /overlay overlayfs:/overlay 4.6M 404.0K 4.2M 9% / tmpfs 512.0K 0 512.0K 0% /dev After updating the turtle from the gui and downloading just the QuickCreds module the situation was the same. When I configured the module so that it downloaded all the dependencies the space situations was this one: root@turtle:~# df -h Filesystem Size Used Available Use% Mounted on rootfs 4.6M 4.3M 332.0K 93% / /dev/root 10.3M 10.3M 0 100% /rom tmpfs 30.0M 608.0K 29.4M 2% /tmp /dev/mtdblock3 4.6M 4.3M 332.0K 93% /overlay overlayfs:/overlay 4.6M 4.3M 332.0K 93% / tmpfs 512.0K 0 512.0K 0% /dev This is the occupied space on the /overlay partition root@turtle:~# du -sh /overlay/* 3.6M /overlay/etc 0 /overlay/root 2.4M /overlay/usr The occupied space for /overaly/usr/ is distributed in this way root@turtle:~# du -sh /overlay/usr/* 945.0K /overlay/usr/bin 996.0K /overlay/usr/lib 218.5K /overlay/usr/libexec 232.5K /overlay/usr/sbin 17.5K /overlay/usr/share root@turtle:~# du -sh /overlay/usr/bin/* 924.5K /overlay/usr/bin/git 0 /overlay/usr/bin/git-receive-pack 0 /overlay/usr/bin/git-shell 0 /overlay/usr/bin/git-upload-archive 0 /overlay/usr/bin/git-upload-pack 20.5K /overlay/usr/bin/sleep root@turtle:~# du -sh /overlay/usr/lib/* 0 /overlay/usr/lib/libsqlite3.so.0 513.0K /overlay/usr/lib/libsqlite3.so.0.8.6 37.0K /overlay/usr/lib/opkg 446.0K /overlay/usr/lib/python2.7 root@turtle:~# du -sh /overlay/usr/libexec/* 218.5K /overlay/usr/libexec/git-core root@turtle:~# du -sh /overlay/usr/sbin/* 232.5K /overlay/usr/sbin/screen The occupied space for /overaly/etc/ is distributed in this way root@turtle:~# du -sh /overlay/etc/* 21.0K /overlay/etc/config 0 /overlay/etc/ethers 512 /overlay/etc/group 512 /overlay/etc/passwd 4.5K /overlay/etc/rc.d 512 /overlay/etc/rc.local 512 /overlay/etc/screenrc 512 /overlay/etc/shadow 4.5K /overlay/etc/ssh 3.5M /overlay/etc/turtle 6.0K /overlay/etc/uci-defaults root@turtle:~# du -sh /overlay/etc/turtle/* 3.5M /overlay/etc/turtle/Responder 0 /overlay/etc/turtle/autostart_modules 9.0K /overlay/etc/turtle/modules 0 /overlay/etc/turtle/set_pass root@turtle:~# du -sh /overlay/etc/turtle/Responder/* 2.0K /overlay/etc/turtle/Responder/DumpHash.py 34.5K /overlay/etc/turtle/Responder/LICENSE 10.0K /overlay/etc/turtle/Responder/README.md 4.0K /overlay/etc/turtle/Responder/Report.py 3.0K /overlay/etc/turtle/Responder/Responder.conf 13.5K /overlay/etc/turtle/Responder/Responder.py 4.0K /overlay/etc/turtle/Responder/certs 26.5K /overlay/etc/turtle/Responder/files 2.5K /overlay/etc/turtle/Responder/fingerprint.py 0 /overlay/etc/turtle/Responder/logs 3.5K /overlay/etc/turtle/Responder/odict.py 98.0K /overlay/etc/turtle/Responder/packets.py 9.5K /overlay/etc/turtle/Responder/poisoners 74.5K /overlay/etc/turtle/Responder/servers 11.0K /overlay/etc/turtle/Responder/settings.py 1.6M /overlay/etc/turtle/Responder/tools 14.5K /overlay/etc/turtle/Responder/utils.py root@turtle:~# du -sh /overlay/etc/turtle/Responder/tools/* 4.5K /overlay/etc/turtle/Responder/tools/BrowserListener.py 13.5K /overlay/etc/turtle/Responder/tools/DHCP.py 2.0K /overlay/etc/turtle/Responder/tools/DHCP_Auto.sh 2.5K /overlay/etc/turtle/Responder/tools/FindSMB2UPTime.py 1.5K /overlay/etc/turtle/Responder/tools/FindSQLSrv.py 10.5K /overlay/etc/turtle/Responder/tools/Icmp-Redirect.py 1.5M /overlay/etc/turtle/Responder/tools/MultiRelay 36.5K /overlay/etc/turtle/Responder/tools/MultiRelay.py 10.0K /overlay/etc/turtle/Responder/tools/RunFinger.py 14.0K /overlay/etc/turtle/Responder/tools/SMBFinger 3.5K /overlay/etc/turtle/Responder/tools/odict.py root@turtle:~# du -sh /overlay/etc/turtle/Responder/tools/MultiRelay/* 86.5K /overlay/etc/turtle/Responder/tools/MultiRelay/RelayMultiCore.py 49.5K /overlay/etc/turtle/Responder/tools/MultiRelay/RelayMultiPackets.py 0 /overlay/etc/turtle/Responder/tools/MultiRelay/__init__.py 1.3M /overlay/etc/turtle/Responder/tools/MultiRelay/bin 80.0K /overlay/etc/turtle/Responder/tools/MultiRelay/creddump 0 /overlay/etc/turtle/Responder/tools/MultiRelay/relay-dumps root@turtle:~# du -sh /overlay/etc/turtle/Responder/tools/MultiRelay/bin/* 9.5K /overlay/etc/turtle/Responder/tools/MultiRelay/bin/Runas.exe 9.5K /overlay/etc/turtle/Responder/tools/MultiRelay/bin/Syssvc.exe 746.5K /overlay/etc/turtle/Responder/tools/MultiRelay/bin/mimikatz.exe 598.5K /overlay/etc/turtle/Responder/tools/MultiRelay/bin/mimikatz_x86.exe root@turtle:~# Basically all the space of the turtle is occupied by: git, libsqlite3, python2.7, screen and Responder. Git and Responder acqually seem to be the more memory expensive parts, witht the MultiRealy tool of Responder which occupies half of its the space. Cheers, 0st1X
0st1x Posted April 17, 2017 Posted April 17, 2017 I just checked in the module source code (/etc/turtle/modules/QuickCreds) and it seems Responder is the only resource installaed via git. So skipping the git installation and downloading the ZIP archive (given that tar is installed on the system), should be just fine. Of course the update process would be less optimized, since instead of doing git pull in the Repsonder directory we need to download the ZIP archive again. Cheers
wutanglan Posted April 18, 2017 Author Posted April 18, 2017 Thanks for following up @0st1x - I am in the process of getting to know git so I like your thought process behind that work around and will definitely give it a try. With most issues i've had so far with the turtle, i've noticed with some simple script modifications, there usually lies a work around. I don't want to re-invent the wheel as i'm sure a lot of these work arounds have been covered on this board so far. I will share one I had for example. * Open VPN for example. * I noticed the /etc/turtles/modules/OpenVPN file's openvpn syntax by default is `openvpn --daemon --config my-vpn.conf ` * That syntax did not work for my personal setup. * For my Open VPN connection, I had to specify all of the proper Open VPN flags and do so inside the script as such (Also, I had to specify the modult to 'cd' into the /etc/openvpn directory. function start { if [ -s /etc/openvpn/my-vpn.conf ] then #/etc/init.d/openvpn start #/usr/sbin/openvpn --daemon --config /etc/openvpn/my-vpn.conf cd /etc/openvpn ; openvpn --config my-vpn.conf --ifconfig 192.168.1.89 255.255.255.0 --route 192.168.1.1 In my experience, having the turtle so far has taught me a lot about scripting and how to have proper use cases for modification.
Psyche607 Posted June 26, 2018 Posted June 26, 2018 The simplest way to have more space is inserting a SDCARD and move SYSTEM to it: #-----------------------# MOVE SYSTEM TO sdcard # #-----------------------# 1. First run turtle 2. Format sdcard # Extroot configuration # How to use a storage device (usb or sata or sdcard or whatever) to expand your LEDE device's space in root filesystem, to install freely all the packages you need. # Background Info # In most supported devices, the LEDE firmware splits the internal storage in two partitions # “root filesystem” (/), a highly-compressed read-only partition # “overlay” (/overlay), a second partition that is writable # The overlay partition is merged with the root filesystem using the overlayfs feature of linux kernel, showing a single “whole” read-write filesystem to applications. # This way LEDE fits even in tiny amounts of internal storage (as low as 4 MiB), but still allows to write settings and install some packages in the writable partition without changing all linux programs used. # Extroot works by setting another overlay partition in the external storage device, and during boot this new overlay partition will be mounted over the internal storage's overlay partition. This approach allows easy fallback in case the external storage device is removed, as your LEDE device will still have its own overlay partition and thus will load all configuration from there. # Which means that it will behave exactly the same as just before you set up extroot. # First Stage # USE STEPS FOR Device > 8 MiB # Devices > 8 MiB # These devices should have enough space to install the packages we need. Remove all packages you have installed to add functionality, as they are only wasting space now. After you make the extroot you will have all space you need. # From the command line interface write (on a single line): opkg update && opkg install block-mount kmod-fs-ext4 kmod-usb-storage e2fsprogs kmod-usb-ohci kmod-usb-uhci fdisk # This installs packages needed for a partition with ext4 filesystem (and doesn't install packages for f2fs filesystem). # Risk-adverse users may wish to create a custom image (as described in the pervious section) containing these tools and especially the kernel modules that are consistent with the firmware kernel so that they are available in failsafe mode. # Second Stage # Connect with ssh to the device. # See what partitions you have: block info # /dev/mtdblock2: UUID="9fd43c61-c3f2c38f-13440ce7-53f0d42d" VERSION="4.0" MOUNT="/rom" TYPE="squashfs" # /dev/mtdblock3: MOUNT="/overlay" TYPE="jffs2" # /dev/sda1: UUID="fdacc9f1-0e0e-45ab-acee-9cb9cc8d7d49" VERSION="1.4" TYPE="f2fs" # here we see mtdblock devices (partitions in internal flash memory), and a partition on /dev/sda1 that is on a usb flash drive (in the example it is already formatted as f2fs) # We now first format the external drive as f2fs or ext4. # For f2fs: # ------------------- 3. If nessesary # # ------------------- mkfs.f2fs /dev/sda1 For ext4: mkfs.ext4 /dev/sda1 # ----------------------------------------------------------------------------------- 4. Then we transfer the content of the current overlay inside the external drive # # ----------------------------------------------------------------------------------- mount /dev/sda1 /mnt ; tar -C /overlay -cvf - . | tar -C /mnt -xf - ; umount /mnt # ----------------------------------- 5. Generate fstab automatically # # ----------------------------------- # Now we create automatically the fstab uci subsystem and fill it with the right configuration to have /dev/sda1 as new overlay block detect > /etc/config/fstab; \ sed -i s/option$'\t'enabled$'\t'\'0\'/option$'\t'enabled$'\t'\'1\'/ /etc/config/fstab; \ sed -i s#/mnt/sda1#/overlay# /etc/config/fstab; \ cat /etc/config/fstab; # If you have a swap partition it will also get recognized and added automatically. # It looks like this This is an example of /etc/config/fstab configured to automount /overlay /data and swap partitions. config 'global' option anon_swap '0' option anon_mount '0' option auto_swap '1' option auto_mount '1' option delay_root '5' option check_fs '0' config 'mount' option target '/overlay' option uuid 'c91232a0-c50a-4eae-adb9-14b4d3ce3de1' option fstype 'ext4' option enabled '1' config 'swap' option uuid '08b4f0a3-f7ab-4ee1-bde9-55fc2481f355' option enabled '1' config 'mount' option target '/data' option uuid 'c1068d91-863b-42e2-bcb2-b35a241b0fe2' option enabled '1' # as you see, most options are self-explaining. # ----------- 6. Verify # # ----------- # let's try manually mounting to see if everything is OK mount /dev/sda1 /overlay # now we see mount point sizes: df -h # this is an example output: # Filesystem 1K-blocks Used Available Use% Mounted on # rootfs 896 244 652 27% / # /dev/root 2048 2048 0 100% /rom # tmpfs 14708 64 14644 0% /tmp # /dev/mtdblock6 7759872 477328 7221104 6% /overlay # overlayfs:/overlay 896 244 652 27% / # tmpfs 512 0 512 0% /dev # /dev/sda1 7759872 477328 7221104 6% /overlay # Note that only /overlay has grown but not the / # --------------- 7. Final steps # #---------------- # Reboot the LAN TURTLE # Verify that the partitions were mounted properly: df -h
gon Posted June 30, 2018 Posted June 30, 2018 it's cute how the same questions get asked all over again
Just_a_User Posted June 30, 2018 Posted June 30, 2018 1 hour ago, gon said: it's cute how the same questions get asked all over again maybe try using SSHFS and point responder to dump into that?
gon Posted July 13, 2018 Posted July 13, 2018 On 6/30/2018 at 9:10 AM, Just_a_User said: maybe try using SSHFS and point responder to dump into that? imho the problem is more that there is no warning about responder's space requirements while installing
panadero Posted February 22, 2019 Posted February 22, 2019 Here's what we did to fix it, free up disk space on /
Recommended Posts
Archived
This topic is now archived and is closed to further replies.