commit
6094fe968c
|
@ -1,5 +1,5 @@
|
||||||
#!/bin/bash /usr/lib/turtle/turtle_module
|
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||||
VERSION="1.1"
|
VERSION="1.2"
|
||||||
DESCRIPTION="Clone Client's MAC address into WAN interface"
|
DESCRIPTION="Clone Client's MAC address into WAN interface"
|
||||||
AUTHOR="Shad"
|
AUTHOR="Shad"
|
||||||
|
|
||||||
|
@ -13,34 +13,71 @@ AUTHOR="Shad"
|
||||||
function configure {
|
function configure {
|
||||||
dialog --title "clomac" --msgbox "\n\
|
dialog --title "clomac" --msgbox "\n\
|
||||||
(\___/) \n\
|
(\___/) \n\
|
||||||
(='.'=) Nothing to configure here.\n\
|
(='.'=) Nothing to configure here... yet.\n\
|
||||||
(\")_(\")\ \n\
|
(\")_(\")\ \n\
|
||||||
" 9 72
|
" 9 72
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function clonemac {
|
||||||
function start {
|
if [ "$CLIENT_MAC" != "$ETH1MAC" ]; then
|
||||||
if [ "`grep clomac /etc/dnsmasq.conf`" == "" ]; then
|
echo "Cloning CLIENT_MAC: $CLIENT_MAC" >> /tmp/clomac.debug
|
||||||
echo "dhcp-script=/tmp/clomac_pivot" >> /etc/dnsmasq.conf
|
uci set clomac.eth1mac="$ETH1MAC"
|
||||||
fi
|
uci commit clomac
|
||||||
echo "#!/bin/bash" > /tmp/clomac_pivot
|
|
||||||
echo "/etc/turtle/modules/clomac start" >> /tmp/clomac_pivot
|
|
||||||
chmod 755 /tmp/clomac_pivot
|
|
||||||
echo "debug" >> /tmp/clomac.debug
|
|
||||||
|
|
||||||
CLIENT_MAC="`cat /tmp/dhcp.leases | tail -1 | awk '{ print $2; }'`"
|
|
||||||
if [ "$CLIENT_MAC" != "" ]; then
|
|
||||||
if [ "$CLIENT_MAC" != "`macchanger -s eth1 | awk '{ print $3; }'`" ]; then
|
|
||||||
ifconfig eth1 down
|
ifconfig eth1 down
|
||||||
macchanger -s eth1 | awk '{ print $3; }' > /tmp/clomac.srcmac
|
macchanger -m "$CLIENT_MAC" eth1 # Hope there is no IDS that alerts about the MAC change.
|
||||||
macchanger -m "$CLIENT_MAC" eth1
|
|
||||||
ifconfig eth1 up
|
ifconfig eth1 up
|
||||||
sleep 1
|
sleep 1
|
||||||
ETH1_IP="`ifconfig eth1 | grep "inet addr"`"
|
ETH1_IP="`ifconfig eth1 | grep "inet addr"`"
|
||||||
if [ "$ETH1_IP" == "" ]; then
|
if [ "$ETH1_IP" == "" ]; then # Maybe we didn't get an IP because of MAC Filtering? Try again now!
|
||||||
|
echo "Trying to get a new IP address via DHCP" >> /tmp/clomac.debug
|
||||||
|
uci set network.wan.macaddr="$CLIENT_MAC" # Workaround to avoid udhcpc restoring the default MAC
|
||||||
killall -9 udhcpc
|
killall -9 udhcpc
|
||||||
udhcpc -p /var/run/udhcpc-eth1.pid -s /lib/netifd/dhcp.script -f -t 0 -i eth1 -C
|
# udhcpc -p /var/run/udhcpc-eth1.pid -s /lib/netifd/dhcp.script -f -t 0 -i eth1 -C
|
||||||
fi
|
fi
|
||||||
|
else
|
||||||
|
echo "CLIENT_MAC and ETH1MAC are the same. Nothing to do." >> /tmp/clomac.debug
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function start {
|
||||||
|
if [ ! -e "/etc/config/clomac" ]; then
|
||||||
|
touch /etc/config/clomac
|
||||||
|
uci set clomac.version="1.2" # Workaround to know what to do on updates
|
||||||
|
uci set clomac.trylast="1" # if 1 AND not find a dhcp client, it will clone the last seen client MAC (if there is one)
|
||||||
|
uci set clomac.clientmac="$(macchanger -s eth1 | awk '{ print $3}')"
|
||||||
|
uci set clomac.eth1mac="22:22:22:22:22:22"
|
||||||
|
uci commit clomac
|
||||||
|
fi
|
||||||
|
if [ "`grep clomac /etc/dnsmasq.conf`" == "" ]; then
|
||||||
|
echo "dhcp-script=/tmp/clomac_pivot" >> /etc/dnsmasq.conf
|
||||||
|
fi
|
||||||
|
if [ ! -e "/tmp/clomac_pivot" ]; then
|
||||||
|
echo "#!/bin/bash" > /tmp/clomac_pivot
|
||||||
|
echo "/etc/turtle/modules/clomac start" >> /tmp/clomac_pivot
|
||||||
|
chmod 755 /tmp/clomac_pivot
|
||||||
|
ETH1MAC="$(uci get network.wan.macaddr)"
|
||||||
|
uci set clomac.eth1mac="$ETH1MAC"
|
||||||
|
uci commit clomac
|
||||||
|
if [ ! -e "/tmp/clomac.debug" ]; then
|
||||||
|
echo "Launching at job in 1 min" >> /tmp/clomac.debug
|
||||||
|
at -f /tmp/clomac_pivot now + 1 min 2> /dev/null
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
date >> /tmp/clomac.debug
|
||||||
|
|
||||||
|
CLIENT_MAC="`cat /tmp/dhcp.leases | tail -1 | awk '{ print $2; }'`"
|
||||||
|
ETH1MAC="$(macchanger -s eth1 | awk '{ print $3; }')"
|
||||||
|
if [ "$CLIENT_MAC" != "" ]; then
|
||||||
|
echo "Got CLIENT_MAC from dhcp.leases" >> /tmp/clomac.debug
|
||||||
|
uci set clomac.clientmac="$CLIENT_MAC"
|
||||||
|
uci commit clomac
|
||||||
|
clonemac
|
||||||
|
elif [ "$(uci get clomac.trylast)" == "1" ]; then
|
||||||
|
if [ "$(uci get clomac.clientmac)" != "" ]; then
|
||||||
|
CLIENT_MAC="$(uci get clomac.clientmac)"
|
||||||
|
echo "Don't have a dhcp.leases but will use last seen CLIENT_MAC: $CLIENT_MAC" >> /tmp/clomac.debug
|
||||||
|
clonemac
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
@ -53,7 +90,7 @@ function stop {
|
||||||
fi
|
fi
|
||||||
rm -f /tmp/clomac_pivot
|
rm -f /tmp/clomac_pivot
|
||||||
ifconfig eth1 down
|
ifconfig eth1 down
|
||||||
macchanger -m `cat /tmp/clomac.srcmac` eth1
|
macchanger -m $(uci get clomac.eth1mac) eth1
|
||||||
ifconfig eth1 up
|
ifconfig eth1 up
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -65,4 +102,3 @@ function status {
|
||||||
echo 1
|
echo 1
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,225 @@
|
||||||
|
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||||
|
VERSION="0.8"
|
||||||
|
DESCRIPTION="TORtle - TOR Turtle Gateway + TOR hidden SHELL/Service"
|
||||||
|
AUTHOR="Shad"
|
||||||
|
CONF="/tmp/tortle.form"
|
||||||
|
|
||||||
|
: ${DIALOG_OK=0}
|
||||||
|
: ${DIALOG_CANCEL=1}
|
||||||
|
: ${DIALOG_HELP=2}
|
||||||
|
: ${DIALOG_EXTRA=3}
|
||||||
|
: ${DIALOG_ITEM_HELP=4}
|
||||||
|
: ${DIALOG_ESC=255}
|
||||||
|
|
||||||
|
function tortlecfg {
|
||||||
|
if [ "$(uci get tortle.version)" != "0.8" ]; then
|
||||||
|
rm /etc/config/tortle
|
||||||
|
fi
|
||||||
|
if [ ! -e "/etc/config/tortle" ]; then
|
||||||
|
touch /etc/config/tortle
|
||||||
|
uci set tortle.version="0.8"
|
||||||
|
uci set tortle.enableproxy="1"
|
||||||
|
uci set tortle.enabletrans="1"
|
||||||
|
uci set tortle.transport="9040"
|
||||||
|
uci set tortle.socksip="172.16.84.1" # deprecated
|
||||||
|
uci set tortle.socksport="5090"
|
||||||
|
uci set tortle.tport="22"
|
||||||
|
uci set tortle.lport="22"
|
||||||
|
uci set tortle.forwarding="1"
|
||||||
|
uci set tortle.enablehidden="1"
|
||||||
|
uci set tortle.hiddendir="/etc/tor/hidden"
|
||||||
|
uci set tortle.enablehidden2="0"
|
||||||
|
uci set tortle.hiddendir2="etc/tor/hidden2"
|
||||||
|
uci set tortle.dnsport="9053"
|
||||||
|
uci set tortle.enablecontrol="0"
|
||||||
|
uci set tortle.controlport="9051"
|
||||||
|
uci set tortle.controladdr="172.16.84.1" # deprecated
|
||||||
|
uci set tortle.hashedpass="16:D2237CB1DA58774A60EF13100BEFEDE024F5C49BA674CE2BEA1032EC38" # default: test
|
||||||
|
uci set tortle.gateway="0"
|
||||||
|
uci commit tortle
|
||||||
|
fi
|
||||||
|
|
||||||
|
tortle_tport="$(uci get tortle.tport)" # * customizable
|
||||||
|
tortle_lport="$(uci get tortle.lport)" # * customizable
|
||||||
|
tortle_socksip="$(uci get network.lan.ipaddr)" # Use network.lan.ipaddr
|
||||||
|
tortle_socksport="$(uci get tortle.socksport)" # Use standard default
|
||||||
|
tortle_forwarding="$(uci get tortle.forwarding)" # * customizable
|
||||||
|
tortle_enablehidden="$(uci get tortle.enablehidden)" # * customizable
|
||||||
|
tortle_hiddendir="$(uci get tortle.hiddendir)" #
|
||||||
|
tortle_enablehidden2="$(uci get tortle.enablehidden2)" # Reserved for future use
|
||||||
|
tortle_hiddendir2="$(uci get tortle.hiddendir2)" # Reserved for future use
|
||||||
|
tortle_dnsport="$(uci get tortle.dnsport)" # Use standard default
|
||||||
|
tortle_enableproxy="$(uci get tortle.enableproxy)" # * customizable
|
||||||
|
tortle_enabletrans="$(uci get tortle.enabletrans)" # * customizable
|
||||||
|
tortle_transport="$(uci get tortle.transport)" # Use standard default
|
||||||
|
tortle_enablecontrol="$(uci get tortle.enablecontrol)" # * customizable
|
||||||
|
tortle_controlport="$(uci get tortle.controlport)" # Use standard default
|
||||||
|
tortle_controladdr="$(uci get network.lan.ipaddr)" # Use network.lan.ipaddr
|
||||||
|
tortle_hashedpass="$(uci get tortle.hashedpass)" # * customizable
|
||||||
|
tortle_gateway="$(uci get tortle.gateway)" # * customizable
|
||||||
|
tortle_version="$(uci get tortle.version)"
|
||||||
|
|
||||||
|
if [ -e "$tortle_hiddendir/hostname" ]; then
|
||||||
|
tortle_hostname="$(cat $tortle_hiddendir/hostname)"
|
||||||
|
uci set tortle.hostname="$tortle_hostname"
|
||||||
|
uci commit tortle
|
||||||
|
else
|
||||||
|
tortle_hostname="--Please first START TORtle to generate an Onion address--"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function configure {
|
||||||
|
tortlecfg
|
||||||
|
|
||||||
|
dialog --ok-label "Submit" \
|
||||||
|
--help-button \
|
||||||
|
--title "TORtle Configuration" \
|
||||||
|
--form "Gateway + TOR Hidden Service configuration\n\n\
|
||||||
|
TORGateway, if enabled, automatically and conveniently tunnels ALL eth0 traffic through TOR Transparent Proxy.\n\n\
|
||||||
|
Onion Host sets up a hidden service inside the TOR network. By default it is a TORShell (SSH within TOR)\n\n\
|
||||||
|
TOR Proxy is just the regular SOCKS proxy through TOR.\n\
|
||||||
|
Forwarding enables/disables LAN Turtle IP forwarding to help prevent leaks for Proxy mode.\n \n" 26 60 7\
|
||||||
|
"Onion Host Enable: ($tortle_hostname)" 1 1 "$tortle_enablehidden" 1 20 5 0 \
|
||||||
|
" External Port:" 2 1 "$tortle_tport" 2 20 5 0 \
|
||||||
|
" Local Port:" 3 1 "$tortle_lport" 3 20 5 0 \
|
||||||
|
"TOR Proxy Enable:" 4 1 "$tortle_enableproxy" 4 20 5 0 \
|
||||||
|
"TransProxy Enable:" 5 1 "$tortle_enabletrans" 5 20 5 0 \
|
||||||
|
"TORGateway Enable:" 6 1 "$tortle_gateway" 6 20 5 0 \
|
||||||
|
"Forwarding Enable:" 7 1 "$tortle_forwarding" 7 20 5 0 \
|
||||||
|
2>$CONF
|
||||||
|
|
||||||
|
return=$?
|
||||||
|
|
||||||
|
case $return in
|
||||||
|
$DIALOG_OK)
|
||||||
|
cat $CONF | {
|
||||||
|
read -r tortle_enablehidden
|
||||||
|
read -r tortle_tport
|
||||||
|
read -r tortle_lport
|
||||||
|
read -r tortle_enableproxy
|
||||||
|
read -r tortle_enabletrans
|
||||||
|
read -r tortle_gateway
|
||||||
|
read -r tortle_forwarding
|
||||||
|
|
||||||
|
uci set tortle.enablehidden="$tortle_enablehidden"
|
||||||
|
uci set tortle.tport="$tortle_tport"
|
||||||
|
uci set tortle.lport="$tortle_lport"
|
||||||
|
uci set tortle.enableproxy="$tortle_enableproxy"
|
||||||
|
uci set tortle.enabletrans="$tortle_enabletrans"
|
||||||
|
uci set tortle.gateway="$tortle_gateway"
|
||||||
|
uci set tortle.forwarding="$tortle_forwarding"
|
||||||
|
uci commit tortle
|
||||||
|
rm $CONF
|
||||||
|
};;
|
||||||
|
$DIALOG_CANCEL)
|
||||||
|
rm $CONF
|
||||||
|
clear
|
||||||
|
exit;;
|
||||||
|
$DIALOG_HELP)
|
||||||
|
dialog --title "Help" \
|
||||||
|
--msgbox "\
|
||||||
|
TORtle V$tortle_version\n\n\
|
||||||
|
TOR SHELL\n\
|
||||||
|
=========\n\
|
||||||
|
Hostname: $tortle_hostname\n\
|
||||||
|
TOR Port: $tortle_tport (Redirected to localhost:$tortle_lport)\n\
|
||||||
|
\n
|
||||||
|
TOR GATEWAY\n\
|
||||||
|
===========\n\
|
||||||
|
TOR Proxy is at $tortle_socksip:$tortle_socksport\n\
|
||||||
|
TOR Transport is at $tortle_socksip:$tortle_transport\n\
|
||||||
|
TOR Dnsport is $tortle_dnsport\n\
|
||||||
|
\n\n\n\
|
||||||
|
For support, please use the LAN Turtle forum at:\n\n\
|
||||||
|
https://forums.hak5.org/index.php?/forum/88-lan-turtle/\n\n\
|
||||||
|
I need YOUR feedback to help me improve TORtle!\n\n\
|
||||||
|
- Shad.\n" 27 60
|
||||||
|
configure
|
||||||
|
;;
|
||||||
|
$DIALOG_ESC)
|
||||||
|
clear;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
function start {
|
||||||
|
tortlecfg
|
||||||
|
if [ ! -e "/usr/sbin/tor" ]; then
|
||||||
|
opkg update && opkg install tor
|
||||||
|
fi
|
||||||
|
if [ ! -e "/var/lib/tor" ]; then
|
||||||
|
(
|
||||||
|
mkdir -p /var/lib/tor
|
||||||
|
chown sshd.sshd /var/lib/tor
|
||||||
|
mkdir -p $tortle_hiddendir
|
||||||
|
chown sshd.sshd $tortle_hiddendir
|
||||||
|
) 2> /dev/null
|
||||||
|
fi
|
||||||
|
if [ ! -e "$tortle_hiddendir" ]; then
|
||||||
|
(
|
||||||
|
mkdir -p $tortle_hiddendir
|
||||||
|
chown sshd.sshd $tortle_hiddendir
|
||||||
|
) 2> /dev/null
|
||||||
|
fi
|
||||||
|
|
||||||
|
(
|
||||||
|
echo "User sshd"
|
||||||
|
echo "RunAsDaemon 1"
|
||||||
|
echo "PidFile /var/run/tor.pid"
|
||||||
|
echo "DataDirectory /var/lib/tor"
|
||||||
|
if [ "$tortle_enableproxy" == "1" ]; then
|
||||||
|
echo "SocksPort $tortle_socksip:$tortle_socksport"
|
||||||
|
fi
|
||||||
|
if [ "$tortle_enablehidden" == "1" ]; then
|
||||||
|
echo "HiddenServiceDir $tortle_hiddendir"
|
||||||
|
echo "HiddenServicePort $tortle_tport 127.0.0.1:$tortle_lport"
|
||||||
|
fi
|
||||||
|
if [ "$tortle_enabletrans" == "1" ]; then
|
||||||
|
echo "VirtualAddrNetworkIPv4 10.192.0.0/10"
|
||||||
|
echo "AutomapHostsOnResolve 1"
|
||||||
|
echo "TransPort $tortle_transport"
|
||||||
|
echo "TransListenAddress $tortle_socksip"
|
||||||
|
echo "DNSPort $tortle_dnsport"
|
||||||
|
echo "DNSListenAddress $tortle_socksip"
|
||||||
|
fi
|
||||||
|
if [ "$tortle_enablecontrol" == "1" ]; then
|
||||||
|
echo "ControlListenAddress $tortle_controladdr"
|
||||||
|
echo "ControlPort $tortle_controlport"
|
||||||
|
echo "HashedControlPassword $tortle_hashedpass"
|
||||||
|
fi
|
||||||
|
) > /tmp/tortlerc
|
||||||
|
tor -f /tmp/tortlerc
|
||||||
|
if [ "$tortle_gateway" == "1" ]; then
|
||||||
|
iptables -t nat -A PREROUTING -i br-lan -p udp --dport 53 -j REDIRECT --to-port $tortle_dnsport
|
||||||
|
iptables -t nat -A PREROUTING -i br-lan -p tcp --dport 53 -j REDIRECT --to-port $tortle_dnsport
|
||||||
|
iptables -t nat -A PREROUTING -i br-lan -p tcp --dest $tortle_socksip -j ACCEPT
|
||||||
|
# Should I add here a rule to allow reaching eth1 network? Perhaps... but is it secure?
|
||||||
|
iptables -t nat -A PREROUTING -i br-lan -p tcp -j REDIRECT --to-port $tortle_transport
|
||||||
|
fi
|
||||||
|
echo "$tortle_forwarding" > /proc/sys/net/ipv4/ip_forward
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function stop {
|
||||||
|
tortlecfg
|
||||||
|
killall -9 tor
|
||||||
|
# if [ "$tortle_gateway" == "1" ]; then
|
||||||
|
(
|
||||||
|
iptables -t nat -D PREROUTING -i br-lan -p udp --dport 53 -j REDIRECT --to-port $tortle_dnsport
|
||||||
|
iptables -t nat -D PREROUTING -i br-lan -p tcp --dport 53 -j REDIRECT --to-port $tortle_dnsport
|
||||||
|
iptables -t nat -D PREROUTING -i br-lan -p tcp --dest $tortle_socksip -j ACCEPT
|
||||||
|
iptables -t nat -D PREROUTING -i br-lan -p tcp -j REDIRECT --to-port $tortle_transport
|
||||||
|
) 2> /dev/null
|
||||||
|
# fi
|
||||||
|
echo "1" > /proc/sys/net/ipv4/ip_forward
|
||||||
|
echo "All TORtle services and redirections have been disabled."
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function status {
|
||||||
|
if pgrep -x tor > /dev/null; then
|
||||||
|
echo "1"
|
||||||
|
else
|
||||||
|
echo "0"
|
||||||
|
fi
|
||||||
|
}
|
Loading…
Reference in New Issue