hhf/pfatt
1
0
Fork 0
Code Issues 26 Pull requests Projects Releases Packages Wiki Activity Actions

Update README.md

Browse source
This commit is contained in:
Greg Revelle 2020-12-30 16:01:14 -06:00 committed by GitHub
parent 8a057af98e
commit 5baec46e10
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
README.md
View file

@ -47,13 +47,13 @@ See the comments and commands bin/pfatt.sh for details about the netgraph setup.
## Install
1. Edit the following configuration variables in `bin/pfatt.sh` as noted below. `$RG_ETHER_ADDR` should match the MAC address of your Residential Gateway. AT&T will only grant a DHCP lease to the MAC they assigned your device. In my environment, it's:
1. Edit the following configuration variables in `bin/pfatt.sh` as noted below. `$RG_ETHER_ADDR` should match the MAC address of your Residential Gateway. AT&T will only grant a DHCP lease to the MAC they assigned your device.
```shell
ONT_IF='xx0' # NIC -> ONT / Outside
RG_ETHER_ADDR='xx:xx:xx:xx:xx:xx' # MAC address of Residential Gateway
```
2. Copy `bin/pfatt.sh` to `/root/bin` (or any directory):
2. Copy `bin/pfatt.sh` to `/root/bin` (or any directory) and make executable:
```
ssh root@pfsense mkdir /root/bin
scp bin/pfatt.sh root@pfsense:/root/bin/
@ -92,6 +92,15 @@ See the comments and commands bin/pfatt.sh for details about the netgraph setup.
If everything is setup correctly, netgraph should be bridging EAP traffic between the ONT and RG, tagging the WAN traffic with VLAN0, and your WAN interface configured with an IPv4 address via DHCP.
## Extracting Certificates
Certificates can be extracted by the exploitation of the residential gateway to get a root shell. Here is a good way to do it using windows: https://github.com/iwleonards/extract-mfg
References
https://www.devicelocksmith.com/2018/12/eap-tls-credentials-decoder-for-nvg-and.html
https://www.nomotion.net/blog/sharknatto/
https://github.com/MakiseKurisu/NVG589/wiki
# IPv6 Setup
Once your netgraph setup is in place and working, there aren't any netgraph changes required to the setup to get IPv6 working. These instructions can also be followed with a different bypass method other than the netgraph method. Big thanks to @pyrodex1980's [post](http://www.dslreports.com/forum/r32118263-) on DSLReports for sharing your notes.