vepr Posted August 13, 2019 Posted August 13, 2019 I can't get this payload working. When I plug in the Owl, it goes through all the usual LED blinking cycles. Towards the end it goes through the usual 5 second solid red, blinks fast, slows down, then the LED just cuts off. Has anyone else got this payload running? Should I be able to just plug the Owl in and it will automatically start the payload? I have the payload directly on the device with no USB plugged in. Here are my files. /root/payload/payload.txt: # WiFi Client Setup WIFI_SSID="MYNAME" WIFI_PASS="MYPASS" LED R SUCCESS WIFI_CONNECT # Optionally enable SSH /etc/init.d/sshd start LED R SINGLE /root/payload/extensions/wifi_connect.sh: #!/bin/bash # # Title: WIFI_CONNECT # Description: Simplifies WiFi client mode connection. Expects $WIFI_SSID and $WIFI_PASS # Author: Hak5Darren function WIFI_CONNECT() { ifconfig wlan0 up; sleep 2 echo -e "network={\nssid=\"$WIFI_SSID\"\npsk=\"$WIFI_PASS\"\npriority=1\n}">/tmp/wpa.conf wpa_supplicant -B -Dnl80211 -i wlan0 -c /tmp/wpa.conf while(iwconfig wlan0 | grep Not-Associated); do sleep 1; done udhcpc -i wlan0 } export -f WIFI_CONNECT
blf Posted August 13, 2019 Posted August 13, 2019 I haven't tried this payload, but my home-grown payload has the same problem -- never runs (none of my output gets written), and the LED just goes blank. I tried putting it straight into /root/payload/payload.txt, and I also tried deleting it from there and letting the owl copy it from an ext4 USB (it did). No difference. Works fine when run from arming mode with "source payload.txt". I'd like to know if there are any debug logs we can enable to show what's happening/not happening in attack mode, so I can attempt to troubleshoot it.
blf Posted August 13, 2019 Posted August 13, 2019 vepr -- Try booting to arming mode, ssh in, and chmod +x /root/payload/payload.txt. I read through the doc again noticed it says they source extensions, and execute the payload. I made my payload executable and it worked. Seems obvious in retrospect but the ".txt" extension had my brain thinking it did something other than directly run it.
rylore Posted August 13, 2019 Posted August 13, 2019 I'm having the same trouble getting the WIFI_CONNECT to work. I created a new file under /root/payload called payload.txt with the above code in it like 'VEPR' and then ran chmod +x on it. When I attempt to run it with ./payload.txt I get: './payload.txt: line 7: WIFI_CONNECT not found. Any thoughts on this?
vepr Posted August 13, 2019 Author Posted August 13, 2019 Good thinking. I forgot to do that. It looks like it's working now. Rylore, try chmod +x on the /root/payload/extensions/wifi_connect.sh as well if you haven't already.
blf Posted August 13, 2019 Posted August 13, 2019 7 hours ago, rylore said: I'm having the same trouble getting the WIFI_CONNECT to work. I created a new file under /root/payload called payload.txt with the above code in it like 'VEPR' and then ran chmod +x on it. When I attempt to run it with ./payload.txt I get: './payload.txt: line 7: WIFI_CONNECT not found. Any thoughts on this? You can't run the payload directly if it uses extensions. The Owl will source the extensions first and then execute the payload. What you're seeing is the because the WIFI_CONNECT function from the extensions directory isn't present, because it hasn't been sourced. If you want to run it manually you could try running "source" on the extensions then executing the payload (not sure any of this will actually work interactively since I assume you're using the same wifi).
rylore Posted August 13, 2019 Posted August 13, 2019 Thanks @vepr I’ll try chmod on the extension as well. @blf your explanation makes complete sense. I was about to start digging into the code and figure out when each folder is actually called on initialization. I’ll also try a different WiFi.
SteveMatrix Posted August 13, 2019 Posted August 13, 2019 I sourced the extensions, but I still get this error: root@Owl:~/payload# ./payload.sh Successfully initialized wpa_supplicant nl80211: Could not configure driver mode nl80211: deinit ifname=wlan0 disabled_11b_rates=0 wlan0: Failed to initialize driver interface udhcpc: started, v1.30.1 udhcpc: sending discover udhcpc: sending discover udhcpc: sending discover ^C Anyone have any ideas?
blf Posted August 13, 2019 Posted August 13, 2019 6 minutes ago, SteveMatrix said: I sourced the extensions, but I still get this error: root@Owl:~/payload# ./payload.sh Successfully initialized wpa_supplicant nl80211: Could not configure driver mode nl80211: deinit ifname=wlan0 disabled_11b_rates=0 wlan0: Failed to initialize driver interface udhcpc: started, v1.30.1 udhcpc: sending discover udhcpc: sending discover udhcpc: sending discover ^C Anyone have any ideas? Do you have a WiFi dongle installed in the USB port opposite the pigtail? I’m thinking this won’t work while you’re also logged in via SSH over the built in WiFi adapter.
rylore Posted August 13, 2019 Posted August 13, 2019 5 hours ago, vepr said: Good thinking. I forgot to do that. It looks like it's working now. Rylore, try chmod +x on the /root/payload/extensions/wifi_connect.sh as well if you haven't already. How do you know if it actually worked? Let's say I add my work Guest wifi network for the connection to the payload so it connects out to it. Would I just scan the wifi and see what IP has port 22 open on it and then connect via ssh?
SteveMatrix Posted August 13, 2019 Posted August 13, 2019 2 hours ago, blf said: Do you have a WiFi dongle installed in the USB port opposite the pigtail? I’m thinking this won’t work while you’re also logged in via SSH over the built in WiFi adapter. Hi blf, The wifi dongle is on the farther usb (I had it in the other one. Whoops). Do I need to change wifi connect function to wlan1. When I run the wifi connect with wlan0 in the extension, I get this output: root@Owl:~/payload# ./payload.sh Successfully initialized wpa_supplicant Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm Mode:Managed Access Point: Not-Associated Tx-Power=30 dBm If anyone can help me with this, it would be much appreciated. Thanks
SteveMatrix Posted August 13, 2019 Posted August 13, 2019 Also, adding to the previous post, I made another function and changed all of the wlan0 to wlan1. But, I still get the same output: root@Owl:~/payload# ./payload.shSuccessfully initialized wpa_supplicantnl80211: Could not configure driver modenl80211: deinit ifname=wlan0 disabled_11b_rates=0wlan0: Failed to initialize driver interfaceudhcpc: started, v1.30.1udhcpc: sending discoverudhcpc: sending discoverudhcpc: sending discover If somebody could please help, that would be great. Thanks
vepr Posted August 13, 2019 Author Posted August 13, 2019 3 hours ago, rylore said: How do you know if it actually worked? Let's say I add my work Guest wifi network for the connection to the payload so it connects out to it. Would I just scan the wifi and see what IP has port 22 open on it and then connect via ssh? I haven't had a chance to check it but the Owl does continue blinking in a pattern I set after turning it on. You can get the Mac address of your Owl with the command "ip a". Then when you boot your payload, you can check your router for connected devices. You can also use the app called Fing to search for your device Mac address. It also allows you to Port scan.
vepr Posted August 14, 2019 Author Posted August 14, 2019 I can edit the LED settings in my payload and the LEDs run just fine. But when I check my network, the Owl is not connecting in Attack mode. I decided to edit this line in extensions/wifi_connect.sh so that it gives me a log: wpa_supplicant -B -Dnl80211 -i wlan0 -c /tmp/wpa.conf > /root/payload/log.txt The log is telling me that wlan0 is not recognized when booting into Attack mode. I'm using the default settings. Do I need to change it to br-lan in my wifi_connect.sh? my log.txt: Successfully initialized wpa_supplicant Could not read interface wlan0 flags: No such device nl80211: Driver does not support authentication/association or connect commands nl80211: deinit ifname=wlan0 disabled_11b_rates=0 Could not read interface wlan0 flags: No such device wlan0: Failed to initialize driver interface Do I need to use an additional wifi adapter on the USB Host Port? I can plug in one of my adapters with (for example) a Ralink 2870 chipset and my log no longer gives me errors. But it still does not connect to my network via wifi. I have also run the payload using a usb drive and it makes no difference.
vepr Posted August 14, 2019 Author Posted August 14, 2019 Sect10_9 helped me figure it out. My wifi_connect.sh was not in all caps. It should be WIFI_CONNECT.s
SteveMatrix Posted August 15, 2019 Posted August 15, 2019 20 hours ago, vepr said: Sect10_9 helped me figure it out. My wifi_connect.sh was not in all caps. It should be WIFI_CONNECT.s Hi vepr, Can you share the payload and wifi connect extension. I am still having issues getting the owl to connect to the Wifi. For some reason, whenever I let it go to attack mode, the Owl will just single blink and never connect to the network. If you could share, that would be great. Thanks
Sect10n_9 Posted August 15, 2019 Posted August 15, 2019 9 minutes ago, SteveMatrix said: Hi vepr, Can you share the payload and wifi connect extension. I am still having issues getting the owl to connect to the Wifi. For some reason, whenever I let it go to attack mode, the Owl will just single blink and never connect to the network. If you could share, that would be great. Thanks Hey SteveMatrix check out Just note a couple of details. CASE matters in Linux. If your command for WIFI_CONNECT is in all caps in the pay load the name for the extension needs to match. WIFI_CONNECT.sh Remember to include #!/bin/bash at the beginning of the payload and extensions. https://docs.hak5.org/hc/en-us/articles/360033504014-Payload-Development-Basics if it doesn't boot try it a few times as there is a 25% to 30% failure rate on boot.
SteveMatrix Posted August 15, 2019 Posted August 15, 2019 1 minute ago, Sect10n_9 said: Remember to include #!/bin/bash I forgot the bin bash. Now it works, Thanks Sect10n_9.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.