Hak5 Packet Squirrel

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search

Summary

The Packet Squirrel is the perfect pen testing tool because it operates as an Ethernet Man in the Middle and comes preloaded with three exploit scripts.

File:Packet Squirrel Connectors.jpg


Description

Packet Squirrel

The Packet Squirrel has an switch to choose between the three exploit payloads for logging the TCP dump, Using VPN Tunnelling and for DNS spoofing or to est it in arming mode. An arming mode (switch in 4th position) you can easily access the device by ssh to root@172.16.32.1 with the password hak5squirrel. It is also able to gain ssh access to the device during the attack modes with the IP address of the outgiong Ethernet interface.

Basic Cable Setup

  1. Plug the victims Ethernet cable into the "Ethernet In" Port
  2. Plug the gateway Ethernet cable into the "Ethernet Out" Port
  3. Power the device by plugging in the power cable

TCP/UDP Dumping Mode

  1. A USB Stick with an NTFS file system needs to be plugged in the USB-A Port before the Squirrel is Powered up.
  2. Flip the first position (which is nearest to the micro USB power in).
  3. Connect the Ethernet cable of the victim into the Ethernet port, which is at the same side as the power in USB connector and Connect the Gateway Ethernet cable to the other Port.
  4. Plug the power cable in and wait the one minute long start up sequence. The device can be either by the victim be self or by an USB power bank.
  5. The data traffic will be captured, if the LED starts blinking Yellow. If otherwise the LED circles between red, green and blue, then the USB stick has the wrong file system.
  6. Stop the capturing process by pressing the Button. Then the device takes some seconds to write it to the USB Storage. As soon as the LED glows red the saving process ended and you are good to go
  7. you can now analyse the captured pcap file with wireshark.

DNS Spoofing Mode

  1. For this mode we have to start in arming mode (switch at fourth position)
  2. After gaining access with ssh we change to the DNS spoofing directory with cd /payloads/switch2.
  3. There we can define the Spoofed domain names by editing the spoofhost file
Example: address=/abc.com/216.58.207.164
This Example would DNS spoof abc.com with an google IP, but this didn't work because Browser checks the Certificates and discovers the Spoofed IP.
  1. Unplug the Packet Squirrel and shift the switch to the second position.
  2. Plug it in and wait until the startup sequence is finished and the LED starts blinking yellow.


OpenVPN Mode

The VPN payload implements VPN access mode and VPN tunnelling mode. If you want to Setup your own OpenVPN (OVPN) server follow the instructions at the hak5 webpage. For the purpose of testing we use use an existing server from freeopenvpn.org.

  1. Start by selecting the desired server and download the the OVPN access certificate.
  2. Set the Packet Squirrel in Arming Mode and connect to its shell
  3. Copy the certificate with scp user@server:downloadfolder/filename.ovpn /root/payloads/switch3/config.ovpn
  4. Steer to the directory with cd /root/payloads/switch3/
  5. Edit the config.ovpn at line 30 to auth-user-pass credentials.txt
  6. Add an credentials file with nano credentials.txt and add the two lines:
    1. freeopenvpn
    2. <the displayed password>
  7. Before starting the VPN we choose the VPN mode:
    1. Open the payload.sh
    2. Set the For_Clients= to
      1. 0 for Access Mode
      2. 1 for Tunneling Mode


Packet Squirrel VPN1.jpg cat Packet Squirrel VPN2.jpg




Access Mode
Tunneling Mode

Used Hardware

Packet Squirrel

References

Retrieved from "https://wiki.elvis.science/index.php?title=Hak5_Packet_Squirrel&oldid=4005"