ItsMe0k Posted January 12, 2018 Share Posted January 12, 2018 My observation is that when you press the button and remove the usb the PS keeps traffic flowing. But you can't plug a usb back in and continue capturing with out a restart. Is there a way to allow a continuation of capturing? Link to comment Share on other sites More sharing options...
Struthian Posted January 12, 2018 Share Posted January 12, 2018 The simplest is to simply get a bigger card. Also, you can look at the contents through an OpenVPN connection. You can modify the code to make your own module. Instead of exiting, it would simply wait a few minutes, check for the card and restart. That would be an interesting improvement. Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted January 15, 2018 Share Posted January 15, 2018 On 1/13/2018 at 6:18 AM, Struthian said: You can modify the code to make your own module. Instead of exiting, it would simply wait a few minutes, check for the card and restart. That would be an interesting improvement. +1. This isn't very hard to do. while [ -f /mnt/NO_MOUNT ]; do # Waiting for USB.. sleep 1 done # USB found, do the next thing echo "Hi, USB!" > /mnt/log.txt Link to comment Share on other sites More sharing options...
Struthian Posted January 16, 2018 Share Posted January 16, 2018 I'm more of a tell them there are fish than teach them to fish or hand them a fish kind of a guy :-) Link to comment Share on other sites More sharing options...
ItsMe0k Posted January 16, 2018 Author Share Posted January 16, 2018 Thanks Dave-ee So I am not sure if this logic works well. I put the wait in place of the halt and then start over. #!/bin/bash # TCPDump payload v1.0 function monitor_space() { while true do [[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && { kill $1 LED G SUCCESS sync break } sleep 5 done } function finish() { # Kill TCPDump and sync filesystem kill $1 wait $1 sync # Indicate successful shutdown LED R SUCCESS sleep 1 # Waiting for USB.. LED OFF while [ -f /mnt/NO_MOUNT ]; do sleep 1 done # USB found [[ ! -f /mnt/NO_MOUNT ]] && { LED ATTACK run & monitor_space $! & } || { LED FAIL } } function run() { # Create loot directory mkdir -p /mnt/loot/tcpdump &> /dev/null # Set networking to TRANSPARENT mode and wait five seconds NETMODE TRANSPARENT sleep 5 # Start tcpdump on the bridge interface tcpdump -i br-lan -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null & tpid=$! # Wait for button to be pressed (disable button LED) NO_LED=true BUTTON finish $tpid } # This payload will only run if we have USB storage [[ ! -f /mnt/NO_MOUNT ]] && { LED ATTACK run & monitor_space $! & } || { LED FAIL } Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.