Jump to content

LAN Turtle vs. Packet Squirrel

TeCHemically

By TeCHemically
in LAN Turtle

Recommended Posts

TeCHemically Newbie

TeCHemically

Posted
Posted

Hi everyone! I would love to solicit some feedback on what the strengths of the LAN Turtle are; and what the strengths of the Packet Squirrel are. Which is better suited for what particular types of applications? What has worked reliably and consistently for you on one or both platforms? If you have a favorite, I'd like to know it; and why. Thanks for all of your replies. Looking forward to reading what everyone has to say!

Link to comment
Share on other sites
TeCHemically Newbie

TeCHemically

Posted
  • Author
Posted

Thanks sundhaug92! I checked that thread out; but it is highlighting the similarities between the Turtle & the Squirrel. I am hoping to get some great info on this thread for those, like me, who are in the market for this type of tool; but don't know which is their best option.

Link to comment
Share on other sites
Darren Kitchen Grand Master

Darren Kitchen

Posted
Posted

The LAN Turtle and Packet Squirrel are well suited for similar applications - remote access, man-in-the-middle attacks, packet sniffing and network recon.

Their biggest differences are their hardware (interfaces and appearance) and software (modules vs payloads), and how that effects your particular deployment.

I'm working up a document that outlines their strengths for the various applications, hardware and software and will post here when it's complete. TL;DR: If you're looking for the ultimate in stealth, the LAN Turtle may be your best option. If you're looking for the best remote access, the LAN Turtle 3G is the way to go. If you're looking for a simple to use Ethernet multi-tool that can do most things with the flip of a switch - albeit not as stealthy - the Packet Squirrel is your better bet.


 

Link to comment
Share on other sites
TeCHemically Newbie

TeCHemically

Posted
  • Author
Posted

Thanks for the TL;DR Darren! I am looking forward to that document. I'm leaning more towards a LT-SD right now; but that is mainly because I don't know much about the PS yet. I'd really like to go for the LT-3G; but would need to get another cell data line and don't have that factored into my work expenses just yet (seeing as how I just learned about the LT-3G yesterday). I'm thinking Ting or something like that. I'd need a data plan that I can keep with a very low price. This way if I don't use it for a month or two it isn't a huge waste of money. Any input on getting a data plan with an incredibly low price is welcome in this thread as well! 

Link to comment
Share on other sites
TeCHemically Newbie

TeCHemically

Posted
  • Author
Posted

It looks like Ting has a plan for $9/month that is for 100MB of data only. No voice or text. https://ting.com/rates

This can go up to 500MB for just $16/month. That's not too bad. If you use the target machine for most of the data transfer and exfil over the target network, this could keep your data usage down and you should only be using data to keep your connection alive and issue commands. Does anyone see any issues or potential pitfalls with this approach?

Link to comment
Share on other sites
Darren Kitchen Grand Master

Darren Kitchen

Posted
Posted

The Hak5 Gear Ethernet line consists of the Packet Squirrel and LAN Turtle (classic, SD, 3G).

The LAN Turtle and Packet Squirrel are well suited for similar applications - remote access, man-in-the-middle attacks, packet sniffing, secure tunneling and network recon.

Their biggest differences are their hardware (interfaces and appearance) and software (modules vs payloads). This affects how they are deployed, their stealth factors (for covert ops) and what actions are performed.

 

Key Differences


The LAN Turtle is best suited for long-term deployments at a client's facility to provide penetration testers with remote access to their network. Typically a social engineering operation is to plant a LAN Turtle on the target network with retrieval when the engagement has ended. Disguised as a USB Ethernet adapter, the LAN Turtle can provide this role uninterrupted. If remote access is guaranteed up front, the LAN Turtle (3G especially) can be shipped to the client site with simple instructions for deployment.

The Packet Squirrel is an Ethernet multi-tool. It can provide a range of penetration testing functions, though it is equally suited for IT professionals and tech enthusiasts. The barrier to entry is lower since it relies on a simpler payload system of scripts. With the right scripts it can generally perform all of the functions of the LAN Turtle, however it is not as stealthy. Depending on how it is concealed it may not be as effective at long term deployments as the LAN Turtle.

 

Applications


Remote Access: Both are capable of providing encrypted remote access into a network. The LAN Turtle may be more stealth - disguised as a USB Ethernet adapter - and the 3G version bypasses perimeter defenses by bringing its own Internet backhaul.

Man-in-the-Middle: The LAN Turtle can only perform MITM attacks against computers while the Packet Squirrel can be plugged inline between any two arbitrary Ethernet links (before computers, network printers, IP cameras and the like).

Packet Sniffing: The Packet Squirrel is best suited at capturing packets to USB disks between any Ethernet segment using the built-in tcpdump payload. The LAN Turtle SD works similarly, logging to an internal MicroSD card - but only against a single computer.

Secure Tunneling: Both devices can be used to secure network traffic, however the Packet Squirrel is better suited for this task using it's built-in openvpn payload. Only minimal configuration is required and any network device may benefit from it as a hardware VPN router. The LAN Turtle can perform this task, albeit only for a single computer using a module.

Network Recon: Both devices are equally capable of performing network reconnaissance, e.g. nmap scans. Typically these scans are completed within a few minutes and do not require a large amount of storage. Currently (10-22-17) a nmap module is available for the LAN Turtle while a similar payload for Packet Squirrel is not. That said, a payload is expected soon and when it arrives the user experience will be easier, considering the Packet Squirrel's hardware.


Software

The LAN Turtle uses a module system while the Packet Squirrel uses a payload system. Both modules and payloads are free open source software add-ons contributed by the community and available from a central git repository.

Modules are downloaded to the device "over the air" and come with their own interface for configuration. Setting up a module usually entails entering a few key pieces of data into a graphical user interface. Multiple modules may be enabled to run simultaneously when the device is deployed.

Payloads are downloaded to the device manually, or via an updater app, in the form of one or more text files. Configuring a payload consists of editing the text file and changing values, typically at the beginning of the file. Multiple payloads may be carried and assigned to the various switch positions, however only one payload may run at once.

 

Hardware


Interfaces: The Packet Squirrel features two standard RJ45 Ethernet jacks and can therefore be installed inline between most any network segment. The LAN Turtle features one standard RJ45 Ethernet jack and one standard USB Type-A plug for power and USB Ethernet. Because of this it may be powered from any ordinary USB power source and connected to a network, however it can only be planted inline between a computer and network.

Power: Both may be battery powered, but in the case of the LAN Turtle powering from a USB battery means that it is no longer suited for inline (MITM,Packet Sniffing) applications. Both have very low (~100-200 mA) power draw, so running off high capacity USB battery banks is a possibility.

Feedback: The Packet Squirrel features an RGB LED for feedback. Its LED command is compatible with the Bash Bunny LED syntax, so standard payload states are easily distinguished. The LAN Turtle typically provides feedback to the penetration tester via software. E.g. the establishment of a SSH reverse shell. While it features two static programmable LED indicators, one yellow and one green, modules seldom take advantage of this hardware.

Setup: The LAN Turtle has no special hardware for setup -- all modules are enabled or disabled in software. The Packet Squirrel provides a payload selection switch allowing the operator to choose the appropriate payload at runtime. 

Interaction: The Packet Squirrel provides a button for interaction with payloads. The LAN Turtle's button is not exposed to the user (inside case) and is only used for reset and recovery.
 

Link to comment
Share on other sites
UnLo Newbie

UnLo

Posted
Posted
17 hours ago, TeCHemically said:

It looks like Ting has a plan for $9/month that is for 100MB of data only. No voice or text. https://ting.com/rates

This can go up to 500MB for just $16/month. That's not too bad. If you use the target machine for most of the data transfer and exfil over the target network, this could keep your data usage down and you should only be using data to keep your connection alive and issue commands. Does anyone see any issues or potential pitfalls with this approach?

Verizon has 3 dollar Month to month plans that are data only pay per use. 

Link to comment
Share on other sites
UnLo Newbie

UnLo

Posted
Posted
On 10/23/2017 at 2:02 PM, TeCHemically said:

Thanks! Do you have a link to this plan where we can see what the per usage data rates are and where it can be purchased?

Plan : machine to machine multi-use case Tiered Data T4 

Monthly access : 3$

Data allowance : 0kb

Contract term : month to month 

No links sorry everything i could link to requires login 

Link to comment
Share on other sites
TeCHemically Newbie

TeCHemically

Posted
  • Author
Posted
23 minutes ago, UnLo said:

Plan : machine to machine multi-use case Tiered Data T4 

Monthly access : 3$

Data allowance : 0kb

Contract term : month to month 

No links sorry everything i could link to requires login 

That is perfect! Thanks :) Do you know what the per MB charge rate is?

Link to comment
Share on other sites
Thecolorchanges Newbie

Thecolorchanges

Posted
Posted

I think the 3g LanTurtle boils down to this: Stealth. As a Sysadmin if I were to see one of these, I'd never give them a second glance. You hang an old Nexus 5X off one of my racks, well I'll pick that up immediately and know something is up. I've been on pentests where the network was so restricted that SSH and even https was restricted. This would have let me leave the site and still stay connected. Worth the $250 if I can go home and finish the job on my couch :)

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...