Hak5 Packet Squirrel

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

Summary

The Packet Squirrel is the perfect pen testing tool because it operates as an Ethernet Man in the Middle and comes preloaded with three exploit scripts.

Description

The Packet Squirrel has an switch to choose between the three exploit payloads for logging the TCP dump, Using VPN Tunnelling and for DNS spoofing or to est it in arming mode. An arming mode (switch in 4th position) you can easily access the device by ssh to root@172.16.32.1 with the password hak5squirrel. It is also able to gain ssh access to the device during the attack modes with the IP address of the outgiong Ethernet interface.

TCP/UDP Dumping Mode

  1. A USB Stick with an NTFS file system needs to be plugged in the USB-A Port before the Squirrel is Powered up.
  2. Flip the first position (which is nearest to the micro USB power in).
  3. Connect the Ethernet cable of the victim into the Ethernet port, which is at the same side as the power in USB connector and Connect the Gateway Ethernet cable to the other Port.
  4. Plug the power cable in and wait the one minute long start up sequence. The device can be either by the victim be self or by an USB power bank.
  5. The data traffic will be captured, if the LED starts blinking Yellow. If otherwise the LED circles between red, green and blue, then the USB stick has the wrong file system.
  6. Stop the capturing process by pressing the Button. Then the device takes some seconds to write it to the USB Storage. As soon as the LED glows red the saving process ended and you are good to go
  7. you can now analyse the captured pcap file with wireshark.

DNS Spoofing Mode

  1. For this mode we have to start in arming mode (switch at fourth position)
  2. After gaining access with ssh we change to the DNS spoofing directory with cd /payloads/switch2.
  3. There we can define the Spoofed domain names by editing the spoofhost file
Example: address=/abc.com/216.58.207.164
This Example would DNS spoof abc.com with an google IP, but this didn't work because Browser checks the Certificates and discovers the Spoofed IP.
  1. Unplug the Packet Squirrel and shift the switch to the second position.
  2. Plug it in and wait until the startup sequence is finished and the LED starts blinking yellow.


VPN Mode

Used Hardware

Packet Squirrel

References

Retrieved from "https://wiki.elvis.science/index.php?title=Hak5_Packet_Squirrel&oldid=3990"