A week ago I orderd some gear from Hak5. A Lan turtle, a Wifi Pineapple and a Lan Turtle. I always watch the video’s from the Hak5 Youtube channel and saw them playing with the gear and I thought why not give it a chance. The Packet Squirrel includes three out of the box payloads for logging packets to USB drives, spoofing DNS and tunneling out through a VPN. I am gonna try the first two functions.

Hak5 Packet Squirrel

Logging packets to USB drives

Turn the switch of the Packet Squirrel to the first position. Plug the network cables and Micro USB cable in shown on the image above. The tcpdump payload will write a pcap file to a connected USB disk until the disk is full. A full disk will be indicated by a solid green LED. After unplugging the cables you can remove the USB flash drive and inspect the stored pcap file with a protocal analyzer such as Wireshark.

If even used this on a assignment for work. We were doing a internal pentest but the network used MAC address authentication. Please don’t use that because of Mac Spoofing. We intercepted the packets with the Packet Squirrel, opened the pcap file with Wireshark and got the Mac address of the printer. Spoofed our own Mac adress and we got acces to the internal network :).

DNS spoofing google.com

To configure the DNS Spoof payload with custom mapping, just power on the Packet Squirrel in Arming Mode (switch to far right position) and edit the /root/payloads/switch2/spoofhost file. Replace # with the domain(google.com) you wish to spoof, and the IP address with the spoofed destination.

With the spoofhost file configured and saved, power off the Packet Squirrel and flip the switch to position 2. Now place the Packet Squirrel inline between a target and the network. When it powers on the DNS spoof payload will run, indicated by a single blinking yellow LED. Here a demo of spoofing google.com on my laptop.

For more info about the Packet Squirrel here is the documentation.