packetsquirrel-payloads icon indicating copy to clipboard operation
packetsquirrel-payloads copied to clipboard

Published 20 hours ago verified publisher icon hak5

Target machine becomes unresponsive

Open infoskirmish opened this issue 6 years ago • 4 comments

Hardware Set Up (Rough Diagram)

www ^ Router <- Squirrel <- Target ^ | | <-----> Eval Machine

Description: I am using two machines and one router

  • Target (machine) has an Ethernet going into the Squirrel Ethernet In port (port next to power)
  • Squirrel has Ethernet going from Ethernet Out port (next to USB storage) to router
  • Eval (machine) is direct connected (like "normal") to the router
  • Internet connection cable is also plugged into the appropriate spot on the router
  • Router is a Linksys EA7300 with up-to-date firmware
  • Eval is Ubuntu 16.04 (up-to-date)
  • Target is an up-to-date Raspbian Stretch Lite running on a Raspberry Pi 3

Observations:

  • When Squirrel is in arming mode and on the Eval I can SSH into Target
  • When Squirrel is in arming mode and on the Target I can SSH into the Squirrel with no issues.
  • When Squirrel is in arming mode and on the Target I can access the internet, Eval machine, etc.
  • When Squirrel is in arming mode and on the Squirrel I can access Target, internet, Eval, etc.
  • Payloads execute as they should; accessing the LAN without apparent issues

I therefore believe I likely have the Squirrel physically connected correctly. Because I have tried switching the Ethernet cables and things obviously do not work right.

Issues:

I am using Switch1 with the standard (unedited) TCPDump payload that comes pre-installed. Though I have also tried other payloads with the same results.

  • When I power up Squirrel into switch that uses NETMODE TRANSPARENT I:
  • lose access to Target from Eval
  • After restarting Target I can only access it via IP address
  • Once back on Target I cannot access internet from Target
  • When switch payload stops I again loose all access to Target; this access is lost until either Squirrel is back in arming mode (with a reboot of Target) or Target is rebooted directly connected to router

It would seem that placing the Squirrel between the router/LAN and target and then firing off the standard TCPDump payload causes some pretty dramatic connectivity issues with Target. These connection issues are only partially resolved with rebooting. I still lack internet access on the Target even after reboot and can only access Target via the LAN using the IP address.

The falling off the network of a machine would surely cause huge red flags to go up. Sure if you have access to the machine you probably can also hit the reboot button or unplug and re-plug the power cable to force a reboot. However, the target user will surely notice that their internet access is gone and IT will be on the scene to find the "problem."

Placing the Squirrel between the router and the internet connection causes the same issues while in Switch1 mode. The router has to be reset and internet connectivity is very tenuous.

Can you please offer some guidance, help, suggestions on maybe something I am doing that could help these issues or a way to fix these hiccups?

infoskirmish avatar Nov 03 '17 06:11 infoskirmish