Tips, tricks, & pitfalls
Mind the gap!
Finally, we collect some tips, tricks, and common pitfalls to watch out for.
TIP: Including files
It's easy to include text-based files in your payload, so that the user does not have to edit or upload a second file. This trick is used in the OpenVPN configuration example:
This trick will dump everything between the cat line and the EOF line to the specified file.
TIP: Directing output to stdout
Not all tools support this, but many tools will accept - as a special filename indicating data should be written to the stdout (or console) stream instead of a file.
One of the most useful tools that supports this trick is wget. Instead of saving a download to a file, it can be echoed to stdout:
The -O argument specifies the output file to wget, and the - argument sends it to the output stream. We also use the stderr redirect to hide the status output of wget.
TIP: Always set a network mode!
We've said it in other sections, but always remember to set a network mode in your payloads! If there is no NETMODE command in the payload, the Packet Squirrel will remain offline and not pass any traffic from the Target port!
PITFALL: Ligatures and fancy quotes
A ligature is the combination of multiple characters for presentation. Common ligatures combine characters like >= into ≥ and -- into — (notice how it is a subtly longer dash!)
Similarly, "fancy" quotes replace the standard straight double quote (") and straight single quote (') with more legible versions: “ ” and ‘ ’.
Why are these a problem? Because as far as Bash is concerned, these are not the same characters. Fancy and curly quotes are not quotes and will not parse! Similarly, when running a command with a long option like ./script --option-one, a typographically long dash is not the same as a double dash!
These fancy characters can happen when copying examples from online, or from editing code in a more traditional text editor instead of one designed specifically for code editing.
Last updated