SWORD dropbox: A $15 OpenWRT based DIY disposable pen-test tool.

If you haven’t heard of Hak5 products, they inspire a lot of passion. Hackers and pentesters love. Popping up in popular shows like Mr. Robot, their hacking tools are bold proof of concepts. The Packet Squirrel by Hak5 has been around for some weeks. In the spirit of this blog I will review this $59 device and create something similar at a lower cost.

Packet Squirrel: $59 “disposable” Hardware Backdoor

Packet Squirrel What is it? This Ethernet multi-tool is designed to give you covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. Basically is a LAN attack tool cousin of the popular Wifi Pineapple also from hak5. Packet Squirrel is a “drop box” It can be quickly plugged into target computer network and then used to access it remotely from afar.

Looking for alternatives I found the SWORD project developed by Bilal Bokhari (zer0byte), a pentest dropbox based on OpenWRT / lede.

S.W.O.R.D is a web based UI for OpenWRT including common pentest tools: URLSnarf, Ettercap, tcpdump , nmap, etc.

Zer0byte started this project on TP-Link MR3040 but it will work on pretty much on any thing which has OpenWRT on it. Now we need a low cost disposable device similar to packet squirrel, something smaller and cheaper than TP-Link Router, after looking for alternatives NEXX WRT3020F fits perfectly: small, cheap, great OpenWRT support with dual ethernet port (like packetsquirrel).

NEXX WT3020F

The Nexx WT3020F is a great OpenWRT device.

  • 400MHz RAMIPS CPU
  • 64MB RAM
  • 8 MB SPI flash
  • USB A port
  • dual 100/10t ethernet
  • 2.4GHz 802.11n MIMO 2T2R (300Mbit)

From factory a Chinese build of u-boot that has a web interface for directly flashing the mtd partition that OpenWRT is on, so it essentially becomes unbrickable from bad OpenWRT builds.

Inside the NEXX WT3020F

You can buy them from Gearbest around $14.50 USD in single quantity with free shipping. The installation of openWRT is widely documented and is something straightforward.

Now you need to install SWORD to convert our small router into a disposable network attack tool. SWORD project can be downloaded from the mirror below.

Download Link (Github)

Project Slides from Zer0byte

HOW TO INSTALL
Extract these files /www directory of your router
Make sure you have bash installed on your router otherwise the scripts wont work (opkg update; opkg install bash –force-depends)‏
give 655 to the /cgi-bin directory (chmod -R 655 /www/cgi-bin/*
when done simply navigate to it by typing “yourrouterip/SWORD” in your web browser (192.168.1.100/SWORD)
Pre- Reqs
Make sure you have ettercap-ng , reaver, tcpdump, urlsnarf, ettercap, nmap , mk3 installed on your router using opkg install <<tool>>.

After this you will have a functional network attack tool manageable from a web interface. OpenWRT provides great package repositories of network tools, including pen-testing. So it is very easy to add you own features to SWORD. For example, if you want to make a SWORD dropbox resistant to forensic analysis use a ramfs RAM disk to save logs and credentials, all comprising data will be lost forever if someone disconnects the device from the power supply.

All credit to Zer0byte he’s the man after this great open source project.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.