SWORD dropbox: A $15 OpenWRT based DIY disposable pen-test tool.
If you haven’t heard of Hak5 products, they inspire a lot of passion. Hackers and pentesters love. Popping up in popular shows like Mr. Robot, their hacking tools are bold proof of concepts. The Packet Squirrel by Hak5 has been around for some weeks. In the spirit of this blog I will review this $59 device and create something similar at a lower cost.
Packet Squirrel What is it? This Ethernet multi-tool is designed to give you covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. Basically is a LAN attack tool cousin of the popular Wifi Pineapple also from hak5. Packet Squirrel is a “drop box” It can be quickly plugged into target computer network and then used to access it remotely from afar.
Looking for alternatives I found the SWORD project developed by Bilal Bokhari (zer0byte), a pentest dropbox based on OpenWRT / lede.
S.W.O.R.D is a web based UI for OpenWRT including common pentest tools: URLSnarf, Ettercap, tcpdump , nmap, etc.
Zer0byte started this project on TP-Link MR3040 but it will work on pretty much on any thing which has OpenWRT on it. Now we need a low cost disposable device similar to packet squirrel, something smaller and cheaper than TP-Link Router, after looking for alternatives NEXX WRT3020F fits perfectly: small, cheap, great OpenWRT support with dual ethernet port (like packetsquirrel).
The Nexx WT3020F is a great OpenWRT device.
- 400MHz RAMIPS CPU
- 64MB RAM
- 8 MB SPI flash
- USB A port
- dual 100/10t ethernet
- 2.4GHz 802.11n MIMO 2T2R (300Mbit)
From factory a Chinese build of u-boot that has a web interface for directly flashing the mtd partition that OpenWRT is on, so it essentially becomes unbrickable from bad OpenWRT builds.
You can buy them from Gearbest around $14.50 USD in single quantity with free shipping. The installation of openWRT is widely documented and is something straightforward.
U-Boot 1.1.3 (Jan 3 2014 - 09:12:42) MAX Board: Ralink APSoC DRAM: 64 MB relocate_code Pointer at: 83fb4000 enable ephy…wiki.openwrt.org
Now you need to install SWORD to convert our small router into a disposable network attack tool. SWORD project can be downloaded from the mirror below.
HOW TO INSTALL
Extract these files /www directory of your router
Make sure you have bash installed on your router otherwise the scripts wont work (opkg update; opkg install bash –force-depends)
give 655 to the /cgi-bin directory (chmod -R 655 /www/cgi-bin/*
when done simply navigate to it by typing “yourrouterip/SWORD” in your web browser (192.168.1.100/SWORD)
Make sure you have ettercap-ng , reaver, tcpdump, urlsnarf, ettercap, nmap , mk3 installed on your router using opkg install <<tool>>.
After this you will have a functional network attack tool manageable from a web interface. OpenWRT provides great package repositories of network tools, including pen-testing. So it is very easy to add you own features to SWORD. For example, if you want to make a SWORD dropbox resistant to forensic analysis use a ramfs RAM disk to save logs and credentials, all comprising data will be lost forever if someone disconnects the device from the power supply.
All credit to Zer0byte he’s the man after this great open source project.