Jump to content

War Stories using Turtle


deano123

Recommended Posts

  • 2 weeks later...

I mostly use my turtle as a back door to networks via the autossh module, deploying it in between a machine and its Ethernet connection, or directly into a router that has USB ports.

The "USB Ethernet Adapter" sticker always defers tampering from non-net-savvy folk.

War Story

Context

There are 2 people involved in this story:

  • Friend A - Familiar with networking/sysadmin/unix systems
  • Friend B - Typical 20-something year old male, none the wiser.

Friend A approached me to use the turtle on Friend B because was trying to get back at for some previous shenanigans. 

(I refused to deploy it myself because I don't want the direct blame, but I did hand it over to my friend with instructions for setup)

Configuration

# Turtle


Setup was comprised of 2 parts

  1. turtle autossh module
  2. My Internet addressable ubuntu server (provider-name redacted)

The turtle is configured to run autossh on boot with this configuration:

User@Host:   turtle@my-ubuntu-server
Port:        22
Remote Port: 2222
Local Port:  22


(For autossh usage in harsher environments (Offices, Schools, Mall, etc.) I would normally recommend against using port 22 on the turtle side as that will get sniffed out immediately and shutdown.)

# Ubuntu Server

Once deployed the turtle is reachable from the ubuntu server via:

ssh root@localhost -p 2222

Deployment

A few weeks later at a house party sneaks into B's room; deploys the turtle in between B's rig and an Ethernet cable, and continued on with their night. (too easy eh?)

Payload(s)

For the next few weeks A would ssh into the turtle , use scripts I "left" in the root directory which would execute on various attack vectors like:

  • running tcpdump with HTTP filters, write them back to the server using sshfs.
  • Sniff traffic and extract clear text data "of interest".
  • etc. (you can think of anything else possible)

Result

Now, I refused to ever get my hands on any of this data, but A swears he was super successful, and came across things he wish he had not, and things he will (allegedly) take to the grave.

What was meant to be a fun "gotcha" scheme apparently went sour, and all actions were dismissed and the turtle was removed without anyone the wiser. (Supposedly)

Ill never know what A saw, I assume it was weird types of porn, or unencrypted communications, but all I know is it is definitely possible.

Also, I never thought he would get away with it as well as B does play video games, and I thought a bandwidth cap of 100 mb/s would set off alarms but nothing ever came of that.

Link to comment
Share on other sites

  • 5 months later...

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...