Advanced payloads

We've mentioned the abilities of advanced payloads throughout the introduction, but what is an advanced payload?

The Packet Squirrel uses the Bash shell to execute payloads. While a payload can consist of nothing but DuckyScript commands, the full power of the bash scripting language and system commands is also available.

Advanced payloads can leverage this to perform much more complex actions.

Introduction to programming

The advanced payload tutorial will attempt an introduction to basic programming concepts, with examples to apply them to common payload tasks. Programming can be a deep rabbit hole, though, and there is always more to explore! Don't be afraid to learn from other scripting tutorials and try new things in your payloads!

Bash tutorials

Here are several complete tutorials on Bash scripting which may be useful when writing payloads.

NOTE: Hak5 does not specifically endorse these tutorials, but we feel they may be useful.

• https://linuxconfig.org/bash-scripting-tutorial-for-beginners

• https://www.redhat.com/sysadmin/learn-bash-scripting

Payloads vs testing

In many of the examples in the coming chapters, we'll use the echo command to print text to the terminal. This is a great method for testing that what we're writing performs as we expect.

Payloads, of course, do not generally run interactively in a terminal, so an echo statement in a payload won't print out anywhere useful - but remember, payloads are just scripts and can be run in the terminal over the web UI or via ssh.

It's often extremely useful when developing a payload to run it in the terminal - especially when developing more advanced logic that might operate on files. When the Packet Squirrel is in Arming & Configuration mode, the network is also in NAT mode. While developing and debugging payloads, a useful trick is to boot in Arming & Configuration mode, and comment out the NETMODE command in the payload to leave the Packet Squirrel in NAT mode. Now you can test the payloads effects real-time!

Manually running a payload

Payloads are just scripts. You can run them from a terminal by calling them:

root@squirrel:~# bash /root/payloads/switch1/payload

Notice how we launch them explicitly using the bash command? This makes sure that the payload runs under the bash interpreter, and bypasses problems where the payload file may not be marked as an executable script. When booting into a payload mode, the Packet Squirrel takes care of this for you!

Writing test payloads

You can always write a test payload in a separate file and run it from a terminal, too. Typically a convenient place to upload test scripts is to the root users home directory (/root/), you can also make your own test directories to store development files. You can run test scripts the same way as a payload.

root@squirrel:~# mkdir /root/tests
# [upload some test scripts or edit them on the device]
root@squirrel:~# bash /root/tests/some-test.sh