HAK5/packetsquirrel-payloads
1
0
Fork 0
mirror of https://github.com/hak5/packetsquirrel-payloads.git synced 2025-12-19 17:58:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

added Meterpreter-via-SSH payload (#27)

Browse Source
This commit is contained in:
Zappus
2017-12-26 23:53:25 -05:00
committed by Sebastian Kinne
parent 06479075e0
commit 261fb62b10
3 changed files with 133 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
payloads/library/remote-access/Meterpreter-via-SSH/README.md Normal file
View File

@@ -0,0 +1,50 @@
# Meterpreter-via-SSH
## Overview
This payload starts Packet Squirrel in NAT mode and awaits for user input. When the button is pressed, the payload connects to a remote SSH server and creates a local port tunnel. It then launches a meterpreter shell over said tunnel.
The intent is to get a meterpreter shell on a target network in a way that hides meterpreter network traffic behind legitimate SSH activity.
## Operational Design Considerations
* Payload remains silent on the network until user presses the button.
* Payload stops the SSH connection if meterpreter shell fails.
* Payload always keeps only 1 copy of SSH+meterpreter processes running (even if the button is pressed many times).
## Getting Started
Copy the payload to Packet Squirrel into desired switch folder, then edit the script to configure your server options:
* SSH_USER - username on remote SSH server
* SSH_HOST - ip/domain of remote SSH server
In case you choose to change the default meterpreter port, don't forget to change it on the metasploit side as well.
* MSF_PORT - port of meterpreter listener
### Generate SSH Key on Squirrel
You will likely have to generate an ssh key-pair (use default location and empty password) on your Packet Squirrel:
```
root@squirrel:~# ssh-keygen
```
### Allow Squirrel on SSH Server
Then you will need to copy the contents of /root/.ssh/id_rsa.pub from Packet Squirrel to the SSH server authorized file:
```
user@server:~# mkdir ~/.ssh
user@server:~# echo 'paste id_rsa.pub contents inside this quote' > ~/.ssh/authorized_keys
```
### Run Metasploit with Resource
```
msf@server:~# msfconsole -r server.rc
```
## LED Definitions
1. Configure NETMODE
* Solid Magenta
2. Connect to SSH Server
* SUCCESS - Blink Amber 5 Times
* FAIL - Blink Red 2 Times
3. Launch meterpreter
* SUCCESS - Blink Cyan 1 Time
* FAIL - Blink Red 1 Time
## Hardening Recommendations
1. Use an account with limited privileges for SSH access on the server.
2. Use a dedicated account for Packet Squirrel device (audit usage with SSH access logs).
3. Disable PasswordAuthentication in sshd_config on the server.