If you haven’t heard of Hak5 products, they inspire a lot of passion. Hackers and pentesters love. Popping up in popular shows like Mr. Robot, their hacking tools are bold proof of concepts. The Packet Squirrel by Hak5 has been around for some weeks. In the spirit of this blog I will review this $59 device and create something similar at a lower cost.

Packet Squirrel: $59 “disposable” Hardware Backdoor

Packet Squirrel What is it? This Ethernet multi-tool is designed to give you covert remote access, painless packet captures, and secure VPN connections with the flip of a switch. Basically is a LAN attack tool cousin of the popular Wifi Pineapple also from hak5. Packet Squirrel is a “drop box” It can be quickly plugged into target computer network and then used to access it remotely from afar.

Looking for alternatives I found the SWORD project developed by Bilal Bokhari (zer0byte), a pentest dropbox based on OpenWRT / lede.

S.W.O.R.D is a web based UI for OpenWRT including common pentest tools: URLSnarf, Ettercap, tcpdump , nmap, etc.

Zer0byte started this project on TP-Link MR3040 but it will work on pretty much on any thing which has OpenWRT on it. Now we need a low cost disposable device similar to packet squirrel, something smaller and cheaper than TP-Link Router, after looking for alternatives NEXX WRT3020H fits perfectly: small, cheap, great OpenWRT support with dual ethernet port (like packetsquirrel).

NEXX WT3020H

The Nexx WT3020H is a great OpenWRT device.

400MHz RAMIPS CPU

64MB RAM

8 MB SPI flash

USB A port

dual 100/10t ethernet

2.4GHz 802.11n MIMO 2T2R (300Mbit)

From factory a Chinese build of u-boot that has a web interface for directly flashing the mtd partition that OpenWRT is on, so it essentially becomes unbrickable from bad OpenWRT builds.

Inside the NEXX WT3020H

You can buy them from Gearbest around $14.50 USD in single quantity with free shipping. The installation of openWRT is widely documented and is something straightforward.

Now you need to install SWORD to convert our small router into a disposable network attack tool. SWORD project can be downloaded from the mirror below.

Download Link (Github)

Project Slides from Zer0byte

HOW TO INSTALL Extract these files /www directory of your router Make sure you have bash installed on your router otherwise the scripts wont work (opkg update; opkg install bash –force-depends)‏ give 655 to the /cgi-bin directory (chmod -R 655 /www/cgi-bin/* when done simply navigate to it by typing “yourrouterip/SWORD” in your web browser (192.168.1.100/SWORD) Pre- Reqs

Make sure you have ettercap-ng , reaver, tcpdump, urlsnarf, ettercap, nmap , mdk3 installed on your router using opkg install <<tool>>. It is possible to save some precious kilobytes by removing unused web components like jQuery examples and documentation from /SWORD/development-bundle

UPDATE: Getting all the components in the 8mb NEXX is not an easy task, among others steps you can delete unnecessary SWORD files and remove/install only the openwrt packages needed. If you are having problems an easier way is to mount an external storage USB. I recommend to check the comment by Adam Linux Hemmerly at the end of this post or SNM Nexx 3020H LAN Dropbox Build.

After this you will have a functional network attack tool manageable from a web interface. OpenWRT provides great package repositories of network tools, including pen-testing. So it is very easy to add you own features to SWORD. For example, if you want to make a SWORD dropbox resistant to forensic analysis use a ramfs RAM disk to save logs and credentials, all comprising data will be lost forever if someone disconnects the device from the power supply. If your problem is the storage space (additional openwrt packages, large packet captures, etc) simply mount an external usb flash pendrive formatted as ext2/3/4 as Rootfs External Storage, the micro size ones are perfect for this function.

All credit to Zer0byte he’s the man after this great open source project.