ItsMe0k Posted January 12, 2018 Share Posted January 12, 2018 My observation is that when you press the button and remove the usb the PS keeps traffic flowing. But you can't plug a usb back in and continue capturing with out a restart. Is there a way to allow a continuation of capturing? Quote Link to comment Share on other sites More sharing options...
Struthian Posted January 12, 2018 Share Posted January 12, 2018 The simplest is to simply get a bigger card. Also, you can look at the contents through an OpenVPN connection. You can modify the code to make your own module. Instead of exiting, it would simply wait a few minutes, check for the card and restart. That would be an interesting improvement. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted January 15, 2018 Share Posted January 15, 2018 On 1/13/2018 at 6:18 AM, Struthian said: You can modify the code to make your own module. Instead of exiting, it would simply wait a few minutes, check for the card and restart. That would be an interesting improvement. +1. This isn't very hard to do. while [ -f /mnt/NO_MOUNT ]; do # Waiting for USB.. sleep 1 done # USB found, do the next thing echo "Hi, USB!" > /mnt/log.txt 2 Quote Link to comment Share on other sites More sharing options...
Struthian Posted January 16, 2018 Share Posted January 16, 2018 I'm more of a tell them there are fish than teach them to fish or hand them a fish kind of a guy :-) Quote Link to comment Share on other sites More sharing options...
ItsMe0k Posted January 16, 2018 Author Share Posted January 16, 2018 Thanks Dave-ee So I am not sure if this logic works well. I put the wait in place of the halt and then start over. #!/bin/bash # TCPDump payload v1.0 function monitor_space() { while true do [[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && { kill $1 LED G SUCCESS sync break } sleep 5 done } function finish() { # Kill TCPDump and sync filesystem kill $1 wait $1 sync # Indicate successful shutdown LED R SUCCESS sleep 1 # Waiting for USB.. LED OFF while [ -f /mnt/NO_MOUNT ]; do sleep 1 done # USB found [[ ! -f /mnt/NO_MOUNT ]] && { LED ATTACK run & monitor_space $! & } || { LED FAIL } } function run() { # Create loot directory mkdir -p /mnt/loot/tcpdump &> /dev/null # Set networking to TRANSPARENT mode and wait five seconds NETMODE TRANSPARENT sleep 5 # Start tcpdump on the bridge interface tcpdump -i br-lan -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null & tpid=$! # Wait for button to be pressed (disable button LED) NO_LED=true BUTTON finish $tpid } # This payload will only run if we have USB storage [[ ! -f /mnt/NO_MOUNT ]] && { LED ATTACK run & monitor_space $! & } || { LED FAIL } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.