N0whereN0WHERE:83502Tactical Exploitation: WarBerryPi
The WarBerry was built with one goal in mind; to be used in red teaming engagement where we want to obtain as much information as possible in a short period of time with being as stealth as possible. Just find a network port and plug it in. The scripts have been designed in a way that the approach is targeted to avoid noise in the network that could lead to detection and to be as efficient as possible. The WarBerry script is a collection of scanning tools put together to provide that functionality.
Tactical Exploitation and Usage
To get a list of all options and switches use:
Options:
--version show program's version number and exit
-h, --help show this help message and exit
-a ATTACKTYPE, --attack=ATTACKTYPE Attack Mode. Default: --attack
-p PACKETS, --packets=PACKETS Number of Network Packets to capture
-I IFACE, --interface=IFACE Network Interface to use. Default: eth0
-N NAME, --name=NAME Hostname to use. Default: Auto
-i INTENSITY, --intensity=INTENSITY Port scan intensity. Default: T4
-Q, --quick Scan using threats. Deafult: Off
-P, --poison Turn Poisoning on/off. Default: On
-H, --hostname Do not Change WarBerry hostname Default: Off
-e, --enumeration Disable Enumeration mode. Default: Off
-M, --malicious Enable Malicious only mode. Default: Off
-B, --bluetooth Enable Bluetooth scanning. Default: Off
-r, --recon Enable Recon only mode. Default: Off
-W, --wifi Enable WiFi scanning. Default: Off
-S, --sniffer Enable Sniffer only mode. Default: Off
-C, --clear Clear previous output folders in ../Results
-m, --man Print WarBerry man pages
example usage: sudo python warberry.py -a -T Attack all TCP Ports
sudo python warberry.py --attack --toptcp Scan only the top tcp ports
sudo python warberry.py -r Use only the recon modules
sudo python warberry.py -H -I wlan0 Use the wlan0 interface and dont change hostname
sudo python warberry.py -I eth0 -i -T3 Use the eth0 interface and T3 scanning intensity
sudo python warberry.py -I eth0 -N HackerPC Use the eth0 interface and change hostname to HackerPC
Installation
Run the installation script
sudo bash setup.sh
Manual Installation of dependencies
Optional: Change the hostname of the RaspberryPi to WarBerry
sudo nano /etc/hosts
sudo nano /etc/hostname
Reboot the WarBerry for the changes to take effect
Create the Results subdirectory in /WarBerry
sudo mkdir Results
Download WarBerry by cloning the Git repository:
sudo git clone https://github.com/secgroundzero/warberry.git
Dependencies
- sudo apt-get install nbtscan
- sudo apt-get install python-scapy
- sudo apt-get install tcpdump
- sudo apt-get install nmap
- sudo pip install python-nmap
- sudo apt-get install python-bluez
- sudo pip install optparse-pretty
- sudo pip install netaddr
- sudo pip install urlib3
- sudo pip install ipaddress
- sudo apt-get install ppp
- sudo apt-get install xprobe2
- sudo apt-get install sg3-utils
- sudo apt-get install netdiscover
- sudo apt-get install macchanger
- sudo apt-get install unzip
- sudo wget http://seclists.org/nmap-dev/2016/q2/att-201/clamav-exec.nse -O /usr/share/nmap/scripts/
- sudo git clone https://github.com/SpiderLabs/Responder.git
Optional and Mandatory Tools for Post Exploitation. Install in …/WarBerry/Tools/ directory
- sudo git clone https://github.com/DanMcInerney/net-creds.git
- sudo apt-get install onesixtyone
- sudo apt-get install bridge-utils
- sudo apt-get install ettercap-text-only
- sudo apt-get install ike-scan
- wget https://labs.portcullis.co.uk/download/enum4linux-0.8.9.tar.gz -O /home/pi/WarBerry/Tools/
- tar -zxvf enum4linux-0.8.9.tar.gz
- mv enum4linux-0.8.9 enum4linux
