borrigan Posted May 19, 2022 Share Posted May 19, 2022 Hello, My PacketSquirrel is permanently in arming mode (blue led flashing). When I switch to try the 3 different payloads, it keeps flashing blue and accessible via ssh. I have tried all the switch positions, rebooted after switching, nothings seems to work. I have also formatted the USB with the 'reformat_usb' command. Still same behavior. Additionally, it does not show in C2 after placing the device.config file in the /etc directory. Any tips will be greatly appreciated. @borrigan Link to comment Share on other sites More sharing options...
dark_pyrro Posted May 19, 2022 Share Posted May 19, 2022 You could test if the switch is really changing position (hardware wise), just ssh into the Squirrel (when in arming mode) and then flip the hardware switch and run the SWITCH command/script in each position. It shall report back the current switch that the Squirrel has selected. What payloads are you using in each of the switches? What are you expecting to happen? What firmware version are you using? Latest available? Regarding C2, you need to tell more in detail about your C2 setup in order to troubleshoot further (without revealing anything "personal"). Where is it installed (internet or on a LAN)? With what string is the C2 instance started? Started manually or as a service? Etc. Is the Packet Squirrel your first device when it comes to C2 or do you have other already working/connected devices? Link to comment Share on other sites More sharing options...
borrigan Posted May 23, 2022 Author Share Posted May 23, 2022 Hi, thank you so much for your reply. I tested the SWITCH command and ran it 4 times, starting with the switch in the 1 position (tcpdump paylod), then switching to 2, 3 and 4. Here are the results: root@squirrel:~# SWITCH switch1 switch3 root@squirrel:~# SWITCH switch2 switch3 root@squirrel:~# SWITCH switch3 root@squirrel:~# SWITCH switch3 switch4 Weirdly, it always shows switch3, together with the other positions. And, I still have the blue blinking light, independently of the selected switch (I can always SSH into the device). Version of firmware is: v1.23.2 Regarding C2, I am running it on a LightSail VM in AWS. I have a ScreenCrab in C2 as well, running perfectly fine. I download the device.config for a new PacketSquirrel into the /etc folder, but it never gets recognized by C2. Thank you so much! Link to comment Share on other sites More sharing options...
dark_pyrro Posted May 23, 2022 Share Posted May 23, 2022 The output of the SWITCH command/script looks really weird. You should only get one output per run. That firmware version is really old and the version number looks somewhat odd. You should start with upgrading the firmware. The latest is 3.2. The firmware version might also explain why it's not showing in C2. The C2 client was added in firmware 2.0 and also had a fix in 3.1. Link to comment Share on other sites More sharing options...
borrigan Posted May 23, 2022 Author Share Posted May 23, 2022 Thank you, I will upgrade firmware and see if that fixes everything. I bought it about 3 months ago, it is weird that it has a very old firmware version. Have a great day. Link to comment Share on other sites More sharing options...
dark_pyrro Posted May 23, 2022 Share Posted May 23, 2022 Depends on where you bought it. There are fake Squirrels around which can be a risk if you buy it from non authorized sellers. Link to comment Share on other sites More sharing options...
borrigan Posted May 24, 2022 Author Share Posted May 24, 2022 I bought it directly from the Hak5 site, together with a bunch of other items. I'll perform the update and post results here, thank you very much for your help. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.