Jump to content

Wireless Access Point


PixL
 Share

Recommended Posts

Ok so i've been playing around with the packet squirrel...

I plugged a wifi usb dongle into the usb port and then did the following.

iw reg set US
opkg update
opkg install wpad-mini
uci set wireless.@wifi-iface[0].encryption=psk2
uci set wireless.@wifi-iface[0].key="hak5squirrel"
uci set wireless.@wifi-iface[0].ssid="Squirrel"
uci commit wireless
uci set wireless.radio0.disabled=0
wifi

When checking my iPhone for wifi networks my packet squirrel is broadcasting an SSID named Squirrel

I doesn't provide a network yet but its a start.

Edited by PixL
Link to comment
Share on other sites

  • 2 weeks later...

Would be nice to give the PS a more practical use, e.g.

Using it to bridge an existing WiFi's network from your phone to another SSID. Say, your home WiFi re-broadcasted by the Packet Squirrel through your phone or something. Something that would give you another IP but still under the home WiFi's network (so you get internet but in a different range that's set by the home WiFi - a range given by the PS).

It's quite hard to explain so if you get confused reading that I don't blame you. It makes sense in my head.

Link to comment
Share on other sites

4 hours ago, Dave-ee Jones said:

Would be nice to give the PS a more practical use, e.g.

Using it to bridge an existing WiFi's network from your phone to another SSID. Say, your home WiFi re-broadcasted by the Packet Squirrel through your phone or something. Something that would give you another IP but still under the home WiFi's network (so you get internet but in a different range that's set by the home WiFi - a range given by the PS).

It's quite hard to explain so if you get confused reading that I don't blame you. It makes sense in my head.

A subnet right?

Link to comment
Share on other sites

19 hours ago, Spoonish said:

A subnet right?

The same subnet, just a different range. Most routers define a range for clients so they can be managed, but if you could rebroadcast the SSID to get outside it then you could essentially have internet access without being managed, therefore being outside of most management modules (like web filtering, bandwidth limits, tracking etc.). You would still be behind the firewall, obviously.

But, yes, it could definitely be a possibility to just go in a different subnet.

Edited by Dave-ee Jones
Link to comment
Share on other sites

On 1/2/2018 at 6:24 PM, Dave-ee Jones said:

The same subnet, just a different range. Most routers define a range for clients so they can be managed, but if you could rebroadcast the SSID to get outside it then you could essentially have internet access without being managed, therefore being outside of most management modules (like web filtering, bandwidth limits, tracking etc.). You would still be behind the firewall, obviously.

But, yes, it could definitely be a possibility to just go in a different subnet.

When you say managment range, do you mean as in DCHP range?

Wouldn’t that be possible only if the subnet hosting routers didn’t define their managment range as *.*.*.0/24 ?

If on that train of thought,  do most router’s default managment stop outside their set DCHP range?

Are you thinking (if the range is <254) of a wireless bridge thing but with you’re own dhcp range?

/haven’t read your link yet

Link to comment
Share on other sites

14 hours ago, Spoonish said:

When you say managment range, do you mean as in DCHP range?

No, I mean as in DHCP range. :P

Yeah, the range wouldn't necessarily be outside of a subnet. E.g. the router may only use 192.168.1.50 -> 192.168.1.254. This is more common for businesses because internal devices (such as POS machines, laptops, printers, cameras, servers etc.) can be in the same subnet (192.168.1.1 -> 192.168.1.49). Cameras, of course, may be in a different subnet.

14 hours ago, Spoonish said:

Are you thinking (if the range is <254) of a wireless bridge thing but with you’re own dhcp range?

Yes, this would help you get outside of that range. I think the PS could do it quite easily, however I don't know how fast it's going to be as the middleman between the 2 networks. It's processing power is quite low..

Link to comment
Share on other sites

I've had a quick look at this and once you've installed wpad-mini in arming mode as below...

opkg update
opkg install wpad-mini

Then the following payload.sh should share whatever LAN it is plugged into as a wireless access point called squirrel.

#!/bin/bash
LED SETUP
uci set wireless.@wifi-iface[0].encryption=psk2
uci set wireless.@wifi-iface[0].key="hak5squirrel"
uci set wireless.@wifi-iface[0].ssid="Squirrel"
uci commit wireless
uci set wireless.radio0.disabled=0 &
uci set wireless.radio1.disabled=0 &
uci set wireless.radio2.disabled=0 &
uci set wireless.radio3.disabled=0 &
LED ATTACK
wifi
LED STAGE1
NETMODE BRIDGE

I imagine if you spotted an ethernet port somewhere and wanted to investigate without being obvious and running cat5 to your laptop from it.. you could plug your packet squirrel into it, power up and walk away. Then you can connect your laptop to it from somewhere else in range and investigate the network.

I know the above is a little untidy and but it's a work in progress.

Link to comment
Share on other sites

On 1/7/2018 at 6:16 AM, PixL said:

I imagine if you spotted an ethernet port somewhere and wanted to investigate without being obvious and running cat5 to your laptop from it.. you could plug your packet squirrel into it, power up and walk away. Then you can connect your laptop to it from somewhere else in range and investigate the network.

That's the ideal reason for the Squirrel acting as an AP - that's why I want it to.

Link to comment
Share on other sites

  • 2 weeks later...

Heh, I have a client that has a 255.0.0.0 internal subnet.  Their old "IT Guy" got tired of changing everything when they ran out of ip addresses.  I thought that was a little strange and found the dhcp server was set to never expire!  It is a church, and had free wifi for the congregation. Changed the setting to 8 hours, but didn't change the subnet, didn't feel like fixing the printers.  Anyway your idea of being outside managed ip space won't work.  The router will treat any traffic as managed traffic.

Link to comment
Share on other sites

9 hours ago, barry99705 said:

Anyway your idea of being outside managed ip space won't work.  The router will treat any traffic as managed traffic.

That's true for things like firewalls, port forwarding and routing, but there are cases where management is done via DHCP (I mean, take 75% of Windows Servers running DHCP..).

Link to comment
Share on other sites

  • 3 weeks later...

Using @PixL payload from above, ive added "ifconfig wlan0 up" as it does not detect the wifi adaptor otherwise. But the payload still does not work for me, am i missing something.

#!/bin/bash
LED SETUP
ifconfig wlan0 up
uci set wireless.@wifi-iface[0].encryption=psk2
uci set wireless.@wifi-iface[0].key="hak5squirrel"
uci set wireless.@wifi-iface[0].ssid="Squirrel"
uci commit wireless
uci set wireless.radio0.disabled=0 &
uci set wireless.radio1.disabled=0 &
uci set wireless.radio2.disabled=0 &
uci set wireless.radio3.disabled=0 &
LED ATTACK
wifi
LED STAGE1
NETMODE BRIDGE

If i SSH in to the Squirrel and run the payload or enter it line by line in to Terminal it works ? but i get

uci: Invalid argument
uci: Invalid argument
uci: Invalid argument


but the payload does work, wpad-mini is installed and updated and so is the Squirrel and its running Version 1.2.

any help of this

 

 

 

Link to comment
Share on other sites

The payload is very much a quick hack of a script, it isn't always clear if your wifi adapter will be given radio0 or another incremental number... so i guessed and tried radio0, 1,2 & 3 and just put & at the end so it carries on regardless.

The script is working as intended, feel free to make some changes to it and more accurately select which radio interface your using and delete the other 3..

Link to comment
Share on other sites

2 minutes ago, PixL said:

The payload is very much a quick hack of a script, it isn't always clear if your wifi adapter will be given radio0 or another incremental number... so i guessed and tried radio0, 1,2 & 3 and just put & at the end so it carries on regardless.

The script is working as intended, feel free to make some changes to it and more accurately select which radio interface your using and delete the other 3..

yeah the script works fine for me apart from i cant run it on a switch for some reason, Like i said runs fine from the terminal but if i assign it either to switch one, two or three it starts to run and the i get a red LED and no "Squirrel" wifi is created

Link to comment
Share on other sites

Can you guys check over this Payload for me as i'm getting mixed results. sometimes working sometimes not.

I'm tryinf to combine the OpenVPN standard payload that comes with the Squirrel with a bit of code written by @PixL which enables the Wifi access point on the Squirrel (with an adaptor).

So im trying to connect to the Wifi access point that created and then route the traffic through the VPN.

here the Payload.

#!/bin/bash
#
# Title:        Wifi OpenVPN access point
# Description:    Create a connection to a VPN-connection to an OpenVPN-server and creates a Wifi access point called Squirrel, sends connected traffic over the VPN.
# Author:         Evilmutley
# Version:        1.0
# Category:     VPN
# Target:         Any
# Net Mode:        BRIDGE, VPN

# Set to 1 to allow clients to use the VPN
FOR_CLIENTS=1

DNS_SERVER="8.8.8.8"

# Cheap hack to set the DNS server
function setdns() {
    while true
    do
        [[ ! $(grep -q "$DNS_SERVER" /tmp/resolv.conf) ]] && {
            echo -e "search lan\nnameserver $DNS_SERVER" > /tmp/resolv.conf
        }
        sleep 5
    done
}

function start() {
    LED SETUP

    DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)

    # Update factory default payload
    cp ${DIR}/payload.sh /root/payloads/switch3/payload.sh

    # Set NETMODE to BRIDGE and wait 3 seconds
    # to ensure that things can settle
    
    [[ "$FOR_CLIENTS" == "1" ]] && {
        /usr/bin/NETMODE VPN
    } || {
        /usr/bin/NETMODE BRIDGE
    }
    sleep 3

    # Make OpenVPN use the local configuration
    uci set openvpn.vpn.config="${DIR}/config.ovpn"
    uci commit

    # Start the OpenVPN server in the background
    /etc/init.d/openvpn start

    # Start SSH Server
    /etc/init.d/sshd start &

    # Set DNS server
    setdns &

}
# Brings up Wifi adaptor
ifconfig wlan0 up
# Sets Encrption, SSID and Password for Wifi access point.
uci set wireless.@wifi-iface[0].encryption=psk2
uci set wireless.@wifi-iface[0].key="hak5squirrel"
uci set wireless.@wifi-iface[0].ssid="Squirrel"
uci commit wireless
uci set wireless.radio0.disabled=0 &

LED ATTACK
wifi

NETMODE BRIDGE

# Start the payload
start &

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...