hak5
/
packetsquirrel-payloads
mirror of https://github.com/hak5/packetsquirrel-payloads.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
packetsquirrel-payloads/legacy-mk1/payloads/library/remote-access/Meterpreter-via-SSH
History
Mike Kershaw / Dragorn d3250b4165 Update repos for Packet Squirrel Mk 2 release 2023-07-24 14:58:18 -04:00
..
README.md Update repos for Packet Squirrel Mk 2 release 2023-07-24 14:58:18 -04:00
payload.sh Update repos for Packet Squirrel Mk 2 release 2023-07-24 14:58:18 -04:00
server.rc Update repos for Packet Squirrel Mk 2 release 2023-07-24 14:58:18 -04:00

README.md

Meterpreter-via-SSH

Overview

This payload starts Packet Squirrel in NAT mode and awaits for user input. When the button is pressed, the payload connects to a remote SSH server and creates a local port tunnel. It then launches a meterpreter shell over said tunnel.

The intent is to get a meterpreter shell on a target network in a way that hides meterpreter network traffic behind legitimate SSH activity.

Operational Design Considerations

  • Payload remains silent on the network until user presses the button.
  • Payload stops the SSH connection if meterpreter shell fails.
  • Payload always keeps only 1 copy of SSH+meterpreter processes running (even if the button is pressed many times).

Getting Started

Copy the payload to Packet Squirrel into desired switch folder, then edit the script to configure your server options:

  • SSH_USER - username on remote SSH server
  • SSH_HOST - ip/domain of remote SSH server

In case you choose to change the default meterpreter port, don't forget to change it on the metasploit side as well.

  • MSF_PORT - port of meterpreter listener

Generate SSH Key on Squirrel

You will likely have to generate an ssh key-pair (use default location and empty password) on your Packet Squirrel:

root@squirrel:~# ssh-keygen

Allow Squirrel on SSH Server

Then you will need to copy the contents of /root/.ssh/id_rsa.pub from Packet Squirrel to the SSH server authorized file:

user@server:~# mkdir ~/.ssh
user@server:~# echo 'paste id_rsa.pub contents inside this quote' > ~/.ssh/authorized_keys

Run Metasploit with Resource

msf@server:~# msfconsole -r server.rc

LED Definitions

  1. Configure NETMODE
  • Solid Magenta
  1. Connect to SSH Server
  • SUCCESS - Blink Amber 5 Times
  • FAIL - Blink Red 2 Times
  1. Launch meterpreter
  • SUCCESS - Blink Cyan 1 Time
  • FAIL - Blink Red 1 Time

Hardening Recommendations

  1. Use an account with limited privileges for SSH access on the server.
  2. Use a dedicated account for Packet Squirrel device (audit usage with SSH access logs).
  3. Disable PasswordAuthentication in sshd_config on the server.