This is a shortlist of some essential hardware for any home lab:
- Single Board Computers
- Routers
- GL-iNet GL-AR750S-Ext [Link]
- An excellent travel router with 3 Gbps ports, independent dual-band access point, MicroSD reader, USB port, native OpenVPN, programmable physical buttons, and more.
- Netgate SG-1100 [Link]
- Professional 3 Gbps port router loaded with PfSense (they are the official developers by the way) plus USB3, USB2, and mini PCIe.
- Protectli Vault [Link]
- Fanless, x64 CPU, from 2 to 6 Gbps ports, capable of running hypervisors (such as XCP-ng and Proxmox), bare-metal Operating Systems (Windows and Linux), and others.
- GL-iNet GL-AR750S-Ext [Link]
- Gadgets and Microcontrollers
- Raspberry Pi Pico [Link]
- $5 microcontroller for all automation projects.
- Digispark ATTINY85 [Link]
- $8 Arduino-compatible USB development board.
- Hak5 Lan Turtle [Link]
- It runs OpenWRT and can be used as a Swiss knife tool (with an internal MicroSD card reader) or as a permanent physical implant for a stable reverse shell, Man-In-The-Middle attack, etc.
- Hak5 Shark Jack [Link]
- A portable network attack and automation tool that runs OpenWRT.
- Raspberry Pi Pico [Link]
LAN Turtle
- IP from the USB side: 172.16.84.1/16
- The default credentials for root:sh3llz
-
ssh -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa [email protected]
-
- To open the configuration menu type: turtle
- Installed modules live at
/etc/turtle/- Example of a script for
httppostmodule:-
echo "Turtle is Online!" echo "" # Wait for IP assigned to eth1 while ! ip a show dev eth1 | grep "global"; do sleep 1; done > /dev/null echo "Internal IPs" ip a | grep global | sort echo "" echo "Gateways" GWAY=$(route | grep default | awk {'print $2'}) echo "$GWAY" echo "" echo "Public IP" PUB=$(wget -q -O- http://ipinfo.io/ip) echo "$PUB" - Then, use pub-sub services such as ntfy [Link] to receive a push notification on the mobile.
-
- An example of a packet sniffer for popular unencrypted traffic that saves to the SD card.
-
( tcpdump -U -C 100 -W 10 -i eth0 port '(21 or 23 or 25 or 53 or 80 or 110 or 143 or 161 or 389)' -w /sd/unencrypted.pcap &> /dev/null ) &
-
killall tcpdump
- It will write the file without buffering, and break it into 100MB chunks for up to 10 pieces. The second command interrupts gracefully.
-
- Example of a script for
- Speed Test
- File transference over SSH: 16.3 Mbps
- Speed test with (first) and without OpenVPN (second):
Shark Jack
- IP from the USB side: 172.16.24.1/16
- The default credentials root:hak5shark
- Switch
- OFF/Charging – Does not boot.
- Armin Mode – Boot but does not trigger the payload, only allows configuration.
- Attack Mode – Boot and immediately start the payload.
- Main directories:
- /root/loot/ (outputs from the payloads)
- /root/payload/ (auto-execute payloads from here)
- /tmp/ (volatile)
- LED status:
- Green blinking (booting up)
- Blue blinking (charging)
- Blue solid (fully charged)
- Yellow blinking (arming mode)
- Red blinking (error or no payload found)
- Payload repository [Link]
- Its RJ-45 connector works as a light guide, and it has an RGB LED for signaling and status.
Since it runs OpenWrt 18, packages can easily be installed with OPKG.
opkg update opkg list opkg install nano opkg install arp-scan opkg install tcpdumpo opkg install nping
BONUS
PCAPdroid is an equivalent of Wireshark for Android devices. Besides capturing and exporting a PCAP dump, it also tracks, analyzes, and blocks the connections made by other apps on the device [Link]. It pretends to be a VPN in order to intercept communication.
BONUS
Find out how to upgrade your Shark Jack to a semi-permanent network implant at: Hacking Hak5 Shark Jack [Link].
Check out the post Installing Hak5 C2 3.1.1 in a Docker [Link].