Jump to content
ItsMe0k

TCPdump

Recommended Posts

My observation is that when you press the button and remove the usb the PS keeps traffic flowing. But you can't plug a usb back in and continue capturing with out a restart.

Is there a way to allow a continuation of capturing?

Share this post


Link to post
Share on other sites

The simplest is to simply get a bigger card.  Also, you can look at the contents through an OpenVPN connection.

You can modify the code to make your own module.  Instead of exiting, it would simply wait a few minutes, check for the card and restart.  That would be an interesting improvement.

Share this post


Link to post
Share on other sites
On 1/13/2018 at 6:18 AM, Struthian said:

You can modify the code to make your own module.  Instead of exiting, it would simply wait a few minutes, check for the card and restart.  That would be an interesting improvement.

+1.

This isn't very hard to do.

while [ -f /mnt/NO_MOUNT ]; do
	# Waiting for USB..
	sleep 1
done
# USB found, do the next thing
echo "Hi, USB!" > /mnt/log.txt

 

  • Like 2

Share this post


Link to post
Share on other sites

Thanks Dave-ee

So I am not sure if this logic works well. I put the wait in place of the halt and then start over.

#!/bin/bash
# TCPDump payload v1.0

function monitor_space() {
    while true
    do
        [[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && {
            kill $1
            LED G SUCCESS
            sync
            break
        }
        sleep 5
    done
}

function finish() {
    # Kill TCPDump and sync filesystem
    kill $1
    wait $1
    sync

    # Indicate successful shutdown
    LED R SUCCESS
    sleep 1

    # Waiting for USB..
    LED OFF
    while [ -f /mnt/NO_MOUNT ]; do
            sleep 1
    done
    
    # USB found
    [[ ! -f /mnt/NO_MOUNT ]] && {
    LED ATTACK
    run &
    monitor_space $! &
    } || {
    LED FAIL
    }

}

function run() {
    # Create loot directory
    mkdir -p /mnt/loot/tcpdump &> /dev/null
    
    # Set networking to TRANSPARENT mode and wait five seconds
    NETMODE TRANSPARENT
    sleep 5
    
    # Start tcpdump on the bridge interface
    tcpdump -i br-lan -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null &
    tpid=$!

    # Wait for button to be pressed (disable button LED)
    NO_LED=true BUTTON
    finish $tpid
}


# This payload will only run if we have USB storage
[[ ! -f /mnt/NO_MOUNT ]] && {
    LED ATTACK
    run &
    monitor_space $! &
} || {
    LED FAIL
}
 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...