Help selecting a product

[Gweedo]

There are a few Hak5 products that seem to offer what I am looking for to expand my collection, but their site descriptions now seem to be more heavily focused on what each can do with their c2, and not so much on the rest beyond some very basics.

 

What I am looking for is fairly straight forward. I would like to plug into a network and capture various packets. To narrow down my options, I would like to store the data collected locally with either a USB thumbdrive or microSD. Although the Cloud c2 compatabilty is an acceptable bonus, I would prefer not to have to use it.

 

Options I have looked at and thought of include...

 

Pineapple: Overkill for the needs, and I prefer my RasPi setup for full MITM, since I have been using that longer already anyway.

 

LAN Turtle: Seems to be a valid option, but also seems to only work as a MITM for one device instead of the whole network.

 

Packet Squirrel: Seems like and even better option than the Turtle, but with the same downside, although the description partly reads: "Easily capture packets between any network endpoint."

 

Shark Jack: Seems to be exactly what I am looking for. Comes preloaded with nmap, but I'm sure a payload for wireshark can be used.

 

I am leaning towards the Shark Jack. My main reserve is that it seems very payload dependent making multi-tasking a more featured MITM option a bit harder, but the SSH ability could mitigate that some. Some of the other options seem like they could be better, but they lack any seeming documentation about oportunistic ethernet wallports, showing only their connections between a target device and network.

 

I would appreciate anyone's thughts from those out their with better usage and knowledge of some of these products' capabilities to clarify if I am missing anything in chosing an option. Thanks in advance.

[NoExecute]

Well, if you're going after a whole network, i would think about something like Packet Squirrel, placed right around the router.

But, another option is to build a small implant box, based on Odroid C2, with a USB ethernet adapter for using two eth interfaces. It have a lot more power and usecases than a packet squirrel.
So, if you're looking for options according to price, the Odroid or something like it, is your best bet.

Shark Jack could be an option, but i don't see it as an option to attack a whole network. Maybe for running a quick NMap scan for recon work, and port scans, but for diverting the traffic using ARP attacks, you would need something with more power, but I could be wrong 🙂

PineApple, it's only for Wifi work, so I dont see a use case for it, in what you want to do.

/NoExecute

[Gweedo]

20 hours ago, NoExecute said:

Well, if you're going after a whole network, i would think about something like Packet Squirrel, placed right around the router.

But, another option is to build a small implant box, based on Odroid C2, with a USB ethernet adapter for using two eth interfaces. It have a lot more power and usecases than a packet squirrel.
So, if you're looking for options according to price, the Odroid or something like it, is your best bet.

Shark Jack could be an option, but i don't see it as an option to attack a whole network. Maybe for running a quick NMap scan for recon work, and port scans, but for diverting the traffic using ARP attacks, you would need something with more power, but I could be wrong 🙂

PineApple, it's only for Wifi work, so I dont see a use case for it, in what you want to do.

/NoExecute

Thanks. The budget is not really an issue, but you are correct that the Pineapple would only work for wifi and not all the ethernet connected devices.

 

From the feedback I got to a more specified question about the Shark Jack you are also correct about the lack of options for this use, unless a payload could be developed to effect the router just right, and that is easier done with other tools like a Ducky or Bunny that I already have.

 

Hak5 finally replied after weeks of waiting about the Packet Squirrel. It seems like the best option, but only if it is placed between the router and outside internet to capture packets through that line. Now waiting for it to be back in stock (mid-January to February).

 

I will look into the Odroid you suggested though. I have used RasPis for implants like the PoisonTap and EvilAP in the past, so that does not seem at all out of the scope of trying. Thanks for that suggestion.