Jump to content

Packet Squirrel no connection to tcpdump default payload


hierophant

Recommended Posts

Posted

Hey guys, So I can get an easy DHCP connection in arming mode. If I change it to payload 1 the tcpdump, I can see some interaction with the usb i formated using mkntfs -F /dev/sda , said operation successful  , then the booting green light but then it goes right back to blinking blue which is odd since it's supposed to be for the arming stage and it goes to blue at payload 1 switch. Then it's LAN disconnected. The LAN should stay fluid from arming to payload 1 right? I can't press the top button to see any red light suggesting reading or writing. 

Only real connection is through the blinking blue light on all switches. I followed the instructions to update the firmware. Maybe I need to make my usb ext4?

 

Do I need to SSH to it? Because I have other HAK5 products and the default ip assigned is not the right one. So I can't see if there's a shell I can do networking input for getting the packet squirrel online in payload 1 mode. 

 

I tried arp -a. I tried ifconfig getting the broadcast of my wlan0 and br-lan, ping, than arp -a, to see what ip's there were but nothing but the obvious established devices. 

Anyhelp would be amazing I'm exhausted with work. 

Also, DNSPOOF. So the first domain in the config is where you want the target to be sent? And once executed after following the config instructions in the manual. It's specific to the target's nameserver right? It's not gonna start messing DNS all over the network?

 

Thanks for anything you can give me everyone. 

Posted

I especially need a good way to discover all ips and new ips on my network. I tried a nmap internal network scan and arp and a broadcast address. 

 

 

thanks

  • 1 month later...
Posted

Wow awesome super supportive hacker community we got here.

I can't find another thread about connection loss moving from arming to TCPDUMP?

I've seen other people complaining but there situation was different. I already called my ISP to see if it was getting knocked off. But nope

 

But anyways thanks for the help on this crap forum. I just bought 7 devices from HAK5 and I can't even getting any motherfuckign Customer Service?

 

Forget it anyways, I already just bridge a connection like I always do. Thought it would be cool to put the squirrel right on the ethernet line

 

BUT OH WELL, Might as well throw this piece of garb in the trash. 

Posted

I created a bridge and that's good enough. I wrote a script to just grab the noisiest IP's so it ignores all the random crap and I get a neat list of IP counts, I'm adding geolocation for it when I develop it into something beyond a terminal command.

 

tcpdump -i br-lan -vv -nnn -t -c [how many packets] port [port#] | cut -f 1,2,3,4 -d '.' | sort | uniq -c | sort -nr | head -n 20

 

This can be run from the terminal of the tetra and probably the nano. 

Posted
On 8/26/2019 at 6:37 AM, hierophant said:

I especially need a good way to discover all ips and new ips on my network. I tried a nmap internal network scan and arp and a broadcast address. 

thanks

netdiscover, arp-scan, nmap -sn (or for that matter: https://nmap.org/book/man-host-discovery.html

Also perhaps you should review some of the lovely free educational material published by Hak5... in particular this one may be of use:

On 8/26/2019 at 6:20 AM, hierophant said:

Only real connection is through the blinking blue light on all switches. I followed the instructions to update the firmware. Maybe I need to make my usb ext4?

Do I need to SSH to it? Because I have other HAK5 products and the default ip assigned is not the right one. So I can't see if there's a shell I can do networking input for getting the packet squirrel online in payload 1 mode. 

I tried arp -a. I tried ifconfig getting the broadcast of my wlan0 and br-lan, ping, than arp -a, to see what ip's there were but nothing but the obvious established devices. 

Anyhelp would be amazing I'm exhausted with work. 

Also, DNSPOOF. So the first domain in the config is where you want the target to be sent? And once executed after following the config instructions in the manual. It's specific to the target's nameserver right? It's not gonna start messing DNS all over the network?

Thanks for anything you can give me everyone. 

From the manual itself:

Quote

The Packet Squirrel supports USB flash disks formatted with either EXT4 or NTFS file systems.

This is of particular importance since most USB flash disks come pre-formatted with FAT32 file systems and must be reformatted before use with the Packet Squirrel.

I would recommend reading more of the manual: https://docs.hak5.org/hc/en-us/categories/360000982574-Packet-Squirrel

The default IP, credentials and operation of the device is explained in full there.

As for DNSSPOOF, that's a tool built by someone else. Read it's manual too.

On 10/10/2019 at 7:50 PM, hierophant said:

Wow awesome super supportive hacker community we got here.
I can't find another thread about connection loss moving from arming to TCPDUMP?
I've seen other people complaining but there situation was different. I already called my ISP to see if it was getting knocked off. But nope
But anyways thanks for the help on this crap forum. I just bought 7 devices from HAK5 and I can't even getting any motherfuckign Customer Service?
Forget it anyways, I already just bridge a connection like I always do. Thought it would be cool to put the squirrel right on the ethernet line
BUT OH WELL, Might as well throw this piece of garb in the trash. 

What are you trying to even?
Instead of losing your temper, stop trying to run before you can walk, read the manuals that are provided for your products (because by your own admission you've not done this), then come to the forum with actual output from what you're seeing, try logging your script output for example - the packet squirrel will write to its local flash if you're having issues with USB keys.

If you're a "newbie" theres no shame in it, and people will want to help you. Everybody has to start somewhere, but I would say buying 7 rather expensive products without a use case is probably the first mistake you've made. These products use mostly publicly available tooling essentially putting them in nicely designed little packages and wraps them with some extra bits and pieces that make them worthwhile buying.

You can do all of the packet squirrel's attacks with a laptop and two network cards. I'd suggest getting your attack working there, then transferring it to the packet squirrel platform, as by trying to dev directly on the platform you're going to be pulling your hair out especially if you've not figured out how to SSH to it yet.

On 10/10/2019 at 8:00 PM, hierophant said:

What's the point of the packet squirrel when you can do so much more bridging your own device and running those types of pcap commands?

The point of the packet squirrel?

I use my packet squirrel all the time:

  • As a OpenVPN tunnel for my laptop/switch.
  • Diagnostics for my familie's PCs (here plug this in when you get home... i'll RDP in)
  • or on jobs where I want to surrepticiously gather packets from a host to another host.

e.g. MFPs that scan, fax and print are a perfect use case. I can get documents both scanned and printed along with NTLMv2 credentials when the printer auths to something to either do an address book lookup or dump a file on a file share. It all fits together with a small USB power bank, into the floor panel. Out of sight, out of mind.

Yeah I can do all that with just my laptop, but it packages it all up very nicely in a tiny piece of kit.

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...