Have you heard of Hak5 products? They are favorites among hackers and penetration testers. Many PoC hacking tools have appeared in the popular TV series “Mr. Robot”. Hak5’s PACKETSQUIRREL has been available for several weeks now, and in this article, I will analyze this $59 “gadget” and create a similar tool at a low cost.
What is PACKET SQUIRREL?
This is a multifunctional Ethernet tool that provides us with highly covert remote access, network packet capture, and secure VPN connections. Attackers can directly insert PACKET SQUIRREL into the target computer network and then control it through remote access. Previously, Hak5 launched a popular tool called WiFi Pineapple, and PACKET SQUIRREL can be considered its sibling.
During my search for alternatives, I discovered the SWORD project developed by Bilal Bokhari (@zer0byte), which is a penetration testing tool based on OpenWRT/lede.
SWORD is developed based on OpenWRT and provides an easy-to-use web-based graphical interface that includes various commonly used penetration testing tools, such as URLSnarf, Ettercap, tcpdump, and nmap.
Zer0byte used the TP-Link MR3040 when developing this project, but the method we introduce is applicable to most routers that support OpenWRT. Now, we need a low-cost tool similar to PACKET SQUIRREL, a tool that is functionally similar to the TP-Link router but cheaper. After searching for a while, I found a very suitable tool for our requirements – NEXX WT3020F: it is compact, inexpensive, perfectly supports OpenWRT, and has two Ethernet ports (similar to PACKET SQUIRREL).
Nexx WT3020F is an excellent OpenWRT device with the following basic configuration:
400MHz RAMIPS CPU
64MB RAM
8 MB SPI flash
USB A port
Dual 100/10t ethernet
2.4GHz 802.11n MIMO 2T2R (300Mbit)
The internal structure of Nexx WT3020F is shown in the figure below:
Currently, the price of Nexx WT3020F on Gearbest is $14.5 【Purchase link】. The installation of OpenWRT is relatively simple, and I won’t elaborate on it here, as there are many 【related materials】 online that interested readers can refer to.
Next, we need to install SWORD to transform this small router (Nexx WT3020F) into a portable network attack tool.
The relevant resource addresses for the SWORD project are as follows:
GitHub download link: 【Portal】
Zer0byte’s project introduction: 【SWORD White Paper】
Tool Installation
1. Extract the project files to the router’s /www directory.
2. Ensure that the router has bash installed, or the related scripts will not run properly, e.g., opkg update; opkg install bash –force-depends.
3. Assign 655 permissions to the directory /cgi-bin (chmod -R 655 /www/cgi-bin/*).
4. After the setup is complete, enter “yourrouterip/SWORD” in the browser to access the tool page (192.168.1.100/SWORD).
5. Note: Please ensure that the router has installed tools such as ettercap-ng, reaver, tcpdump, urlsnarf, ettercap, nmap, and mk3 using opkg.
After completing the above configurations, you will have a multifunctional network attack tool with a web interface. In my opinion, the biggest advantage of using OpenWRT-based devices is that it supports us to extend the functionality of SWORD by adding new tools.
Conclusion
I hope this article can help everyone, but please do not use it for malicious purposes. In addition, we must thank Zer0byte because without him, there would be no excellent open-source project.
Source of the article: FreeBuf
Poet: A powerful post-exploitation tool
All-in-one wireless penetration testing tool, done with one LAZY
The best Android penetration tool collection of 2017
