Latest YouTube Video

Thursday, January 19, 2017

[FD] Tap 'n' Sniff

Content Table 1. Introduction 2. Failsafe mode 3. Installing Openwrt 4. Configuring Openwrt 5. Testing 1. Introduction The goal of this guide is to provide a reliable and fast way for creating a lan tap for red team assessments of networks. While this was our main target this tap is also quite helpful if you want to have a great device for your daily analysis of network attached computers. Before we started with our implementation we made a list of things which were mandatory. The hardware had to be small, have at least two lan ports and wifi, cheap and opensource included or available. After some research we choose the TL-WR810N, a 20 euro Pocket Router which should be available in most electronic stores. It features two lan ports and a wifi card, which allows us to bridge the lan interfaces and create a hidden AP to connect to the device. It should be said that the device only supports Fastlan (100 Mbit/sec) and not Gigabit lan (1000 Mbit/sec) but at this size you can't be picky and it's quite difficult to find something better even online when ordering from a foreign country so there is that. After we are finished we want to be able to listen to the network traffic between the taped sources, manipulate packets or directly pivot into the network. For our setup we are going to use openwrt instead of the default TP-Link firmware. We are currently working on creating an image that will make the configuration of openwrt obsolete so stay tuned for info regarding this. And this is how it actually looks: [wr810n_front] [wr810n_back] [wr810n_ports] [wr810n_led_switch] On the inside we find a SoC (System on Chip), namely the Qualcomm Atheros QCA9533 which is capable of wireless ABGN communication and has a clock speed of 560 MHz according to wikidevi. There is also 64 MB of Ram and we can use 4.6 MB of flash storage with 1.1 still availiable after finishing this guide. Below is the output of cpuinfo, free and df. It is interesting that when we opened the device later on we actually found the cpu to be a different one, the Qualcom QCA9531-BL3A but apparently they are identical. Basic information found via commandline: root@OpenWrt:~# cat /proc/cpuinfo system type : Qualcomm Atheros QCA9533 ver 2 rev 0 machine : TP-LINK TL-WR810N processor : 0 cpu model : MIPS 24Kc V7.4 BogoMIPS : 432.53 wait instruction : yes microsecond timers : yes tlb_entries : 16 extra interrupt vector : yes hardware watchpoint : yes, count: 4, address/ irw mask: [0x0ffc, 0x0ffc, 0x0ffb, 0x0ffb] isa : mips1 mips2 mips32r1 mips32r2 ASEs implemented : mips16 shadow register sets : 1 kscratch registers : 0 package : 0 core : 0 VCED exceptions : not available VCEI exceptions : not available

Source: Gmail -> IFTTT-> Blogger

No comments: