Jump to content
Hak5 Forums

Recommended Posts

My observation is that when you press the button and remove the usb the PS keeps traffic flowing. But you can't plug a usb back in and continue capturing with out a restart.

Is there a way to allow a continuation of capturing?

Share this post


Link to post
Share on other sites

The simplest is to simply get a bigger card.  Also, you can look at the contents through an OpenVPN connection.

You can modify the code to make your own module.  Instead of exiting, it would simply wait a few minutes, check for the card and restart.  That would be an interesting improvement.

Share this post


Link to post
Share on other sites
On 1/13/2018 at 6:18 AM, Struthian said:

You can modify the code to make your own module.  Instead of exiting, it would simply wait a few minutes, check for the card and restart.  That would be an interesting improvement.

+1.

This isn't very hard to do.

while [ -f /mnt/NO_MOUNT ]; do
	# Waiting for USB..
	sleep 1
done
# USB found, do the next thing
echo "Hi, USB!" > /mnt/log.txt

 

  • Like 2

Share this post


Link to post
Share on other sites

I'm more of a tell them there are fish than teach them to fish or hand them a fish kind of a guy :-)

Share this post


Link to post
Share on other sites

Thanks Dave-ee

So I am not sure if this logic works well. I put the wait in place of the halt and then start over.

#!/bin/bash
# TCPDump payload v1.0

function monitor_space() {
    while true
    do
        [[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && {
            kill $1
            LED G SUCCESS
            sync
            break
        }
        sleep 5
    done
}

function finish() {
    # Kill TCPDump and sync filesystem
    kill $1
    wait $1
    sync

    # Indicate successful shutdown
    LED R SUCCESS
    sleep 1

    # Waiting for USB..
    LED OFF
    while [ -f /mnt/NO_MOUNT ]; do
            sleep 1
    done
    
    # USB found
    [[ ! -f /mnt/NO_MOUNT ]] && {
    LED ATTACK
    run &
    monitor_space $! &
    } || {
    LED FAIL
    }

}

function run() {
    # Create loot directory
    mkdir -p /mnt/loot/tcpdump &> /dev/null
    
    # Set networking to TRANSPARENT mode and wait five seconds
    NETMODE TRANSPARENT
    sleep 5
    
    # Start tcpdump on the bridge interface
    tcpdump -i br-lan -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null &
    tpid=$!

    # Wait for button to be pressed (disable button LED)
    NO_LED=true BUTTON
    finish $tpid
}


# This payload will only run if we have USB storage
[[ ! -f /mnt/NO_MOUNT ]] && {
    LED ATTACK
    run &
    monitor_space $! &
} || {
    LED FAIL
}
 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×