Payload Missing after Deploy and no Loot saved.

[akmartinez]

Hello everyone,

I recently started playing with the pair of Signal Owl's that I have after getting more comfortable with Linux and learning and practicing some cyber security topics.

I'm currently having a problem and I'm not sure if it's the Owl or the Payload.

I'm using the 1.0.1 firmware on my Owl.

I'm using the Delayed-AP-Attack-Mine payload.

I've had spotty success with the device/payload.  Sometimes it works and I get the loot and sometimes I get into the device and I see the payload is missing and there is no loot.

I'm not sure what is erasing the payload.  I ssh into the unit and see that it's there and it's executable.  Everything is prepped and ready to go.  I gracefully exit and end the ssh and disconnect the device from my PC.  I have a fully charged battery to run the device.

I get to where I want to run the payload and plug the Owl into the battery and let it run.  I come back and check later, the LED is off indicating that the payload ran for its alotted time.  I remove it from the battery and bring it back home.  I reconnect it to my PC and reconnect via SSH and I see there is no loot and the payload is missing.

I'm not sure what is happening.  I've tried this payload on this device and 50% of the time so far it has failed in tis way.

Is there something I'm doing or some known issue?  Has anyone else had this problem.

Any help would be appreciated.

At this time I'm going to try to use the other Owl I have to see if it does the same thing.  I know the other Owl has been good so far but only with the Bluetooth Scanner.  I've not had problems with that device and payload yet.
 

[dark_pyrro]

Can be difficult to troubleshoot. In some way, you probably need to try to get information about what's happening under the hood. Perhaps try to run some cron job that monitors the directory where the payload is located and the loot directory as well and send output to a log file (and run the payload for a longer period of time without shutting the Owl down). Just to have some way of knowing what's happening ("When is the payload there and when is it gone?", "Is there ever any loot in the loot directory or hasn't it been there at all?" etc.) The fact that the payload file itself is gone is really strange. That shouldn't happen under normal circumstances. Are you using the internal storage only, or an attached USB storage device? Where is the payload stored; on the external USB storage device or on the internal storage? Is it more than one (1) payload file in any of the locations?

Also be very careful where/how you run this payload (unless you are in the middle of nowhere). You don't want to DoS everything around you (or around the Owl). However, the payload description already states that and it's easy to narrow down the execution to target a specific BSSID for testing purposes.

[akmartinez]

I'll check at setting up a cron job to check the payload.txt and the loot directory.

I'm not using an external storage device for this payload.  I could be wrong but I need the USB port occupied by a wifi dongle for this payload because the wifi capability on the Owl itself won't work.  I never bothered to check if it does but just assumed I needed an external wifi dongle.

I did try this payload out on my other Owl and it looks to have worked on the first attempt.  I'll try to run it again to see if the file disappearances occur again and report back what I find.  I'm hoping my Owl isn't defective.  I do have one more but don't want to have to discard one because of problems.

 

[dark_pyrro]

7 hours ago, akmartinez said:

I'm not using an external storage device for this payload.  I could be wrong but I need the USB port occupied by a wifi dongle for this payload because the wifi capability on the Owl itself won't work.  I never bothered to check if it does but just assumed I needed an external wifi dongle.

OK, I haven't used the payload, but the payload description says that an external adapter is supposed to be used. Be sure to check what the external adapter is enumerated as on the Owl. The payload uses wlan0 which normally is the onboard WiFi interface. When I've used the Owl with two WiFi interfaces in the past (for other types of use), the external adapter has been enumerated as wlan1. If so, it might be the fact that the payload is using the internal interface even though there's an external interface attached.

If you can't get anything relevant from the troubleshooting process, there's some kind of last resort before throwing it away. You could crack the case open and connect to it using hardware serial to try to see if anything shows up. Would void warranty, but that's too late anyway.

[akmartinez]

I almost forgot...

Thanks for your reply.  I forgot about what device the payload would be using and I adjusted to wlan1 and everything worked out in regards to the wifi device being used.

I'm still working on troubleshooting why the payload and loot disappear.  It is still happening but not as often as before.  I'm not going to rule out that I might be doing something wrong myself in trying to trigger the arming mode with the paper clip right now because I noticed there are times when the LED is in a pattern that doesn't seem consistent with what to expect when booting up.

If I can find anything more I'll post even though this product seems like a dead topic at the moment.

I'm still very curious abut how it works, what I can do and what I can learn from it...  who knows... maybe someting will trigger a new interest it the Owl...

Thanks,

Alan

[dark_pyrro]

If basing the use case on one single payload and/or tool (besside-ng), well, then it might be a "dead" product. I don't agree however since there are other things that the Owl can be used for than just that specific payload. The Owl has gotten a bit less attention though in the Hak5 device family. Most likely because it had a relatively short life as a device possible to buy and therefore probably less owners/users using it.

[Irukandji]

I've got one (owl). But figuring out network and what port to use was a pain the near.

https://shop.hak5.org/pages/product-availability