We've mentioned the abilities of advanced payloads throughout the introduction, but what is an advanced payload?
The Packet Squirrel uses the Bash shell to execute payloads. While a payload can consist of nothing but DuckyScript commands, the full power of the bash scripting language and system commands is also available.
Advanced payloads can leverage this to perform much more complex actions.
The advanced payload tutorial will attempt an introduction to basic programming concepts, with examples to apply them to common payload tasks. Programming can be a deep rabbit hole, though, and there is always more to explore! Don't be afraid to learn from other scripting tutorials and try new things in your payloads!
Here are several complete tutorials on Bash scripting which may be useful when writing payloads.
NOTE: Hak5 does not specifically endorse these tutorials, but we feel they may be useful.
In many of the examples in the coming chapters, we'll use the
echocommand to print text to the terminal. This is a great method for testing that what we're writing performs as we expect.
Payloads, of course, do not generally run interactively in a terminal, so an
echostatement in a payload won't print out anywhere useful - but remember, payloads are just scripts and can be run in the terminal over the web UI or via ssh.
It's often extremely useful when developing a payload to run it in the terminal - especially when developing more advanced logic that might operate on files. When the Packet Squirrel is in Arming & Configuration mode, the network is also in
NATmode. While developing and debugging payloads, a useful trick is to boot in Arming & Configuration mode, and comment out the
NETMODEcommand in the payload to leave the Packet Squirrel in NAT mode. Now you can test the payloads effects real-time!
Payloads are just scripts. You can run them from a terminal by calling them:
root@squirrel:~# bash /root/payloads/switch1/payload
Notice how we launch them explicitly using the
bashcommand? This makes sure that the payload runs under the
bashinterpreter, and bypasses problems where the payload file may not be marked as an executable script. When booting into a payload mode, the Packet Squirrel takes care of this for you!
You can always write a test payload in a separate file and run it from a terminal, too. Typically a convenient place to upload test scripts is to the root users home directory (
/root/), you can also make your own test directories to store development files. You can run test scripts the same way as a payload.
root@squirrel:~# mkdir /root/tests
# [upload some test scripts or edit them on the device]
root@squirrel:~# bash /root/tests/some-test.sh