intruder-deployer

Adversaries may introduce computer accessories, networking hardware, or other computing devices into a system or network that can be used as a vector to gain access - Mitre

Getting started

git clone https://github.com/nchgroup/intruder-deployer.git
cd intruder-deployer
bash installer.sh
# add pub key in your vps

# edit config.sh with your vps configs
bash config.sh

# done

Tools installed

• firewalld
• nmap
• autossh
• nbtscan
• prips
• python3-pip
• python3-dev
• tcpdump
• macchanger
• ettercap
• arp-scan
• netdiscover
• traceroute
• tshark
• wipe
• libpcap-dev
• sslh
• proxychains4
• scapy
• Responder
• crackmapexec
• Golang
• simplehttpserver
• chisel
• bettercap

Tested on root user only

• Nanopi Neo 512MB: https://redirect.armbian.com/nanopineo/Jammy_current
• Orange pi Zero2 1GB (Ubuntu 22.04): http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/service-and-support/Orange-Pi-Zero-2.html

Hardware Info

• Nanopi Neo: https://www.friendlyelec.com/index.php?route=product/product&path=69&product_id=132
• Orange pi Zero2: http://www.orangepi.org/html/hardWare/computerAndMicrocontrollers/details/Orange-Pi-Zero-2.html

Reference

• Hardware Backdoor (ES):
  • https://vay3t.medium.com/red-team-caso-de-uso-de-un-backdoor-f%C3%ADsico-e1a6254ce29a
  • https://vay3t.medium.com/red-team-caso-de-uso-de-un-backdoor-f%C3%ADsico-parte-2-498066cfa411
• Hardware Additions: https://attack.mitre.org/techniques/T1200/

Authors

• Gonzalo Villegas - https://twitter.com/pwner666 - https://gitlab.com/gvillegas
• Vay3t - https://twitter.com/vay3t - https://gitlab.com/vay3t