hak5
/
lanturtle-modules
mirror of https://github.com/hak5/lanturtle-modules.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix non persistance of tor shell - v0.5 

I was using /var/lib/tor..... and /var is a symbolic link to tmp so the private key and onion address were being substituted for a new one on boot. Fixed.
Other cosmetical and minor additions.
pull/5/head
ShadGIT 2015-08-29 14:24:42 +02:00
parent d3fd6a2e0f
commit 309e6110d4
1 changed files with 95 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
modules/tortle
View File

@ -1,6 +1,6 @@
#!/bin/bash /usr/lib/turtle/turtle_module #!/bin/bash /usr/lib/turtle/turtle_module
VERSION="0.3" VERSION="0.5"
DESCRIPTION="TORTLE - TOR TURTLE Gateway + TOR Hidden Shell" DESCRIPTION="TORtle - TOR Turtle Gateway + TOR hidden SHELL/Service"
AUTHOR="Shad" AUTHOR="Shad"
: ${DIALOG_OK=0} : ${DIALOG_OK=0}
@ -18,66 +18,77 @@ function tortlecfg {
uci set tortle.tport="22" uci set tortle.tport="22"
uci set tortle.lport="22" uci set tortle.lport="22"
uci set tortle.forwarding="1" uci set tortle.forwarding="1"
uci set tortle.hiddendir="/etc/tor/hidden"
uci commit tortle uci commit tortle
fi fi
if [ -e "/var/lib/tor/hidden/hostname" ]; then
tortle_hostname="$(cat /var/lib/tor/hidden/hostname)"
uci set tortle.hostname="$tortle_hostname"
else
tortle_hostname="You need to start/run tor first to obtain an onion address"
fi
tortle_tport="$(uci get tortle.tport)" tortle_tport="$(uci get tortle.tport)"
tortle_lport="$(uci get tortle.lport)" tortle_lport="$(uci get tortle.lport)"
tortle_socksip="$(uci get tortle.socksip)" tortle_socksip="$(uci get tortle.socksip)"
tortle_socksport="$(uci get tortle.socksport)" tortle_socksport="$(uci get tortle.socksport)"
tortle_forwarding="$(uci get tortle.forwarding)" tortle_forwarding="$(uci get tortle.forwarding)"
tortle_hiddendir="$(uci get tortle.hiddendir)"
} if [ -e "$tortle_hiddendir/hostname" ]; then
tortle_hostname="$(cat $tortle_hiddendir/hostname)"
uci set tortle.hostname="$tortle_hostname"
function configure { uci commit tortle
if [ "$tortle_hostname" == "" ]; then else
tortle_hostname="You need to start/run tortle first to obtain an onion address" tortle_hostname="--Please first START TORtle to generate an Onion address--"
fi fi
}
# Parameters to configure for torshell: tortle.tport, tortle.lport
# Parameters to configure for TOR Gateway: tortle.forwarding, tortle.dnsport
# Parameters in dobt: tortle.socksip, tortle.socksport, tortle.controlport, etc...
# Maybe allow to configure extra hidden services such a web server, etc... Probably should be done in additional auxiliary modules.
function configure {
tortlecfg tortlecfg
dialog --title "tortle" --msgbox "\n\ dialog --title "TORtle" --msgbox "\n\
NOTE: This is an initial version.\n\\n\ NOTE: This is an initial version.\n\\n\
TOR SHELL\n\ TOR SHELL\n\
=========\n\ =========\n\
Until I finish testing and add the code to customize its parameters in the gui, these are the defaults:\n\n\ Until I finish testing and decide which parameters to customize in the gui, these are the defaults:\n\n\
Hostname: $tortle_hostname\n\ Hostname: $tortle_hostname\n\
TOR Port: $tortle_tport (Redirects to local port $tortle_lport)\n\n\ TOR Port: $tortle_tport (Redirected to localhost:$tortle_lport)\n\n\
TOR GATEWAY\n\ TOR GATEWAY\n\
===========\n\ ===========\n\
At this time, it is just a regular TOR Proxy but my plan is to evolve it into a much more convenient and secure fully isolating Gateway.\n\n At this time, it is just a regular TOR Proxy but my plan is to evolve it into a much more convenient and secure fully isolating Gateway.\n\n
The LAN Turtle (with its two ethernet interfaces) is clearly perfect for that purpose, although I have to figure the best way to do it without The LAN Turtle (with its two ethernet interfaces) is clearly perfect for that purpose, although I have to figure the best way to do it without
affecting the operation of other modules/functions that may be running at the same time (some iptables playing needed).\n\n\ affecting the functionality of other modules/services that may be running at the same time (some iptables playing needed too).\n\n\
In the meantime, please notice DNS or other well known leaks are NOT being actively prevented. Use it accordingly.\n\n\ In the meantime, please notice that DNS or other well known leaks are NOT being actively prevented. Use it accordingly.\n\n\
TOR Proxy is in $tortle_socksip:$tortle_socksport\n \n" 33 72 TOR Proxy is in $tortle_socksip:$tortle_socksport\n \n" 33 72
} }
function start { function start {
tortlecfg
if [ ! -e "/usr/sbin/tor" ]; then if [ ! -e "/usr/sbin/tor" ]; then
opkg update && opkg install tor opkg update && opkg install tor
fi fi
if [ ! -e "/var/lib/tor" ]; then if [ ! -e "/var/lib/tor" ]; then
mkdir -p /var/lib/tor mkdir -p /var/lib/tor
chown sshd.sshd /var/lib/tor chown sshd.sshd /var/lib/tor
mkdir -p $tortle_hiddendir
chown sshd.sshd $tortle_hiddendir
fi fi
tortlecfg if [ ! -e "$tortle_hiddendir" ]; then
mkdir -p $tortle_hiddendir
chown sshd.sshd $tortle_hiddendir
fi
( (
echo "User sshd" echo "User sshd"
echo "RunAsDaemon 1" echo "RunAsDaemon 1"
echo "PidFile /tmp/tor.pid" echo "PidFile /tmp/run/tor.pid"
echo "DataDirectory /var/lib/tor" echo "DataDirectory /var/lib/tor"
echo "SocksPort $tortle_socksip:$tortle_socksport" echo "SocksPort $tortle_socksip:$tortle_socksport"
#echo "DNSPort 53" #echo "DNSPort 53"
echo "HiddenServiceDir /var/lib/tor/hidden/" echo "HiddenServiceDir $tortle_hiddendir"
echo "HiddenServicePort $tortle_tport 127.0.0.1:$tortle_lport" echo "HiddenServicePort $tortle_tport 127.0.0.1:$tortle_lport"
) > /tmp/tortlerc ) > /tmp/tortlerc
tor -f /tmp/tortlerc
echo "$tortle_forwarding" > /proc/sys/net/ipv4/ip_forward echo "$tortle_forwarding" > /proc/sys/net/ipv4/ip_forward
} }