Difference between revisions of "Hak5 Plunder Bug"

From Embedded Lab Vienna for IoT & Security
Jump to navigation Jump to search
Line 63: Line 63:
== References ==
== References ==


* https://wikipedia.org
* https://docs.hak5.org/hc/en-us/categories/360001482953-Plunder-Bug
* https://google.com


[[Category:Pentesting]]
[[Category:Pentesting]]

Revision as of 10:25, 3 June 2020

Summary

File:.jpg
Plunder Bug


This device is an Pocket sized LAN tap. This device is being used for passive eavesdropping and is small enough to be placed everywhere without being recognized.

Description

The Plunder Bug is an simplistic form of the Hak5 Packet Squirrel. It allows the user to Tap network traffic and to access it for network scanning.

Deployment

Plunder Bug Network Deployment
  1. Connect the Ethernet port of the victim machine with one of the two Ethernet Ports of the Plunder Bug via an short Ethernet cable.
  2. Connect the other Ethernet port with the with the Ethernet cable which was previously plugged in the victim device.
  3. Power up the Plunder Bug by Connecting the USB-C female to USB-A male cable with an device which is under your control (preferably a raspberry pi with an battery shield).

Plunder Bug Modes

The Plunder Bug Allows us to run it in two modes "muted" and "unmuted". The Plunder Bug is mirroring all network traffic and sends it to the USB-C port, when its operating in the muted mode. The unmuted mode gives the USB-C device an IP address that the tapping device is able to connect to the internet or running network scans.

To change between the Plunder Bug modes downlaod the shell script from downloads.hak5.org: Usage:

  • make it executable with chmod +x ./plunderbug.sh
  • run the script as root or superuser:
./plunderbug.sh [options]

Options:
     --mute                 to use mute mode
     --unmute               to use unmuted mode

Sniffing Data

Local Access

If you can access the tapping device locally, open wire shark and use the ethernet interface which gets deployed from the Plunder Bug with the USB cable.

Remote Access

You can capture Sniffing Node

  1. Make sure that tcpdump and ssh-server is installed

Wireshark Machine

  1. Configure the SSH Remote capture Interface
  2. Server Tab:
    1. Enter IP
    2. Enter Port (usually 22)
  3. Server Tab:
    1. Enter Username & Password
  4. Capture Tab:
    1. Enter Capturing Interface into Remote Interface


Save TCP dumps

  1. Make sure tcpdump is installed
  2. Run tcpdump and log it into an file
sudo tcpdump > tcplog.pcap

Used Hardware

Bash Bunny Plunder Bug

References

Retrieved from "https://wiki.elvis.science/index.php?title=Hak5_Plunder_Bug&oldid=4068"