HAK5/packetsquirrel-payloads
1
0
Fork 0
mirror of https://github.com/hak5/packetsquirrel-payloads.git synced 2025-12-19 17:58:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
427ca17cd14dff3722022c903c5dc903e6f360fa
packetsquirrel-payloads/payloads/library/remote-access/SSH-remote-access/readme.md
alaskanhighlander1@gmail.com b9c6d0d322 updated readme
2023-04-15 19:15:20 +00:00

1.4 KiB
Raw Blame History

#Squirrel SSH Remote Access

Concept:

The Packet Squirrel is a powerful tool for network implants. One operational issue with an implant of this nature is that it cannot function beyond the pre-programmed payloads.

Using techniques like Dynamic Port Forwarding (SOCKS/SSH), this payload allows the user to create a Bastion inside a target network. This bastion allows the user to bypass less sophisticated firewall configurations, like so:

Remote SSH Host         Target Behind Firewall
      ___                       ___
     /  /|                     /  /|
    /__/ |   <====[ X ]====>  /__/ |
    |--| |                    |--| |
    | *|/                     | *|/


Remote SSH Host       Packet Squirrel      Target Behind Firewall
      ___               (inside LAN)            ___
     /  /|             _______                 /  /|
    /__/ |   <=====>  /______/`)   <=====>    /__/ |
    |--| |           (__[__]_)/               |--| |
    | *|/                                     | *|/

This assumes SSH is not denied by default on the targets' outbound firewall configuration. One limitation is that this tool is susceptible to detection via NIDS. Multiple outbound connections and high-bandwidth utilization raises suspicion of potential attack, however this is only a concern for more sophisticated targets.

Use at your own risk. Don't do bad things.

Reference in New Issue View Git Blame Copy Permalink