Jump to content
deano123

War Stories using Turtle

Recommended Posts

I mostly use my turtle as a back door to networks via the autossh module, deploying it in between a machine and its Ethernet connection, or directly into a router that has USB ports.

The "USB Ethernet Adapter" sticker always defers tampering from non-net-savvy folk.

War Story

Context

There are 2 people involved in this story:

  • Friend A - Familiar with networking/sysadmin/unix systems
  • Friend B - Typical 20-something year old male, none the wiser.

Friend A approached me to use the turtle on Friend B because was trying to get back at for some previous shenanigans. 

(I refused to deploy it myself because I don't want the direct blame, but I did hand it over to my friend with instructions for setup)

Configuration

# Turtle


Setup was comprised of 2 parts

  1. turtle autossh module
  2. My Internet addressable ubuntu server (provider-name redacted)

The turtle is configured to run autossh on boot with this configuration:

User@Host:   turtle@my-ubuntu-server
Port:        22
Remote Port: 2222
Local Port:  22


(For autossh usage in harsher environments (Offices, Schools, Mall, etc.) I would normally recommend against using port 22 on the turtle side as that will get sniffed out immediately and shutdown.)

# Ubuntu Server

Once deployed the turtle is reachable from the ubuntu server via:

ssh root@localhost -p 2222

Deployment

A few weeks later at a house party sneaks into B's room; deploys the turtle in between B's rig and an Ethernet cable, and continued on with their night. (too easy eh?)

Payload(s)

For the next few weeks A would ssh into the turtle , use scripts I "left" in the root directory which would execute on various attack vectors like:

  • running tcpdump with HTTP filters, write them back to the server using sshfs.
  • Sniff traffic and extract clear text data "of interest".
  • etc. (you can think of anything else possible)

Result

Now, I refused to ever get my hands on any of this data, but A swears he was super successful, and came across things he wish he had not, and things he will (allegedly) take to the grave.

What was meant to be a fun "gotcha" scheme apparently went sour, and all actions were dismissed and the turtle was removed without anyone the wiser. (Supposedly)

Ill never know what A saw, I assume it was weird types of porn, or unencrypted communications, but all I know is it is definitely possible.

Also, I never thought he would get away with it as well as B does play video games, and I thought a bandwidth cap of 100 mb/s would set off alarms but nothing ever came of that.

  • Like 1

Share this post


Link to post
Share on other sites
On 10/14/2018 at 10:02 PM, jaybeanz said:

I'll just go ahead and pretend that your friend isn't actually you ? 

ha fooled you they're both me!  /s ?

Edited by trashbo4t

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...