Once
a couple years ago was an
article in a magazine wiyh the name "suitcase of a hacker", in which we reviewed
the devices for everyday life situations - hacking the Wi-Fi, intercepting of keystrokes and so on. But time was passing, technology did not stand at the same point, new challenges and new devices appeared.
On it today we will pat an attention.
Pwn Pad
Pwniepad
Electronic devices penetrate deeper into our lives. Recently,
personal computer was only in elected people. Some time had passed and this
electric helpers appeared almost in each house. Then begun a time of mobile
devices. After the appearance of Apple iPad, people went crazy about tablets. Now it
is a difficult to find a person , who had no smartphone or tablet. Pace of life keeps growing and growing, and
it is needed to fit it , to be in touch , promptly respond on messages to be
ready to join the job at any time. All the same requirements apply to pentest /
hackers - a laptop you will not take everywhere with yourself, but the tablet
is almost always in your hand. So why not to
turn it into a full-fledged tool for pentest? And such decision is
coming. Look at - Pwn Pad from people
from PwnieExpress. The device is equipped with a powerful quad-core processor
(Qualcomm Snapdragon S4 Pro, 1,5 GHz), 7-inch screen 1900 × 1200 and a powerful
battery that provides up to nine hours of active work (3950 mAh), 2 GB of RAM
and 32 GB of internal memory. There are three adapters: two powerful external
antennas for pentest 802.11b / g / n wireless networking and Bluetooth, also
USB adapter - Ethernet, that allows you to check the strength of the wired
network. But the main is a software
component: Metasploit, SET, Kismet, Aircrack-NG, SSLstrip, Ettercap-NG,
Bluelog, Wifite, Reaver, MDK3, FreeRADIUS-WPE, Evil AP, Strings Watch,
Full-Packet Capture, Bluetooth Scan and SSL Strip. What else do you need for
happiness? So let ‘s ordinary people dream about iPad, and at present the
hacker must be exactly with such tablet.
CreepyDOL
~60 $ (bit.ly/1qt28gV)
CreepyDOL
I thin all people
remember a story when Google was accused of gathering information of Wi-Fi-points by car Google Street View. The
collected information could be used for many purposes, including the
geolocation of users, which caused numerous holivary in the web. How it was, but now you have the
opportunity to build your own geolocation service through the development
called CreepyDOL (Creepy Distributed Object Locator), which was presented at
the last conference last year by Black
Hat. What is it? This is a special software and device based on the Raspberry
Pi, they can be used to create a network that will intercept the Wi-Fi-traffic
and collect sensitive information about users - in fact, in practice, any
modern smartphone sends a large amount of information about the owner openly .
And the most important - using CreepyDOL can position the device owner. All
information is processed on a central server, where you can monitor in real
time the movement of the user and his captured data.
Positioning of the
individual with the help of CreepyDOL
And from the surveillance
will not help usage of VPN, since, for example, on iOS devices, you can connect
to the VPN, you must connect to Wi-Fi, and during this time apple phone already
manages somewhere to climb. Thus,
considering the small size of the devices (it can be easy to hide), low
price (about $ 60) you can afford to build a network to track users and it can
now do not only government agencies. To create a network of ten devices you
need only $ 600.
DEMYO POWER STRIP
750 $ (bit.ly/PpUpCw)
DEMYO POWER STRIP
Another device that it will be useful to have in the
arsenal - it Demyo Power Strip. But it is not budget, it costs 750 dollars. But
on the other hand, his colleague in the shop and the main competitor Power Pwn costs
$ 1,495. As you already have guessed, Demyo Power Strip is designed to test the
strength of Ethernet-, Wi-Fi- and Bluetooth-networks. It is built on the
popular Raspberry Pi single-board computer and is equipped with ARM-processor
700 MHz, which can be overclocked to 1 GHz. Also on board there are 512MB of
RAM, SD-card to 32 GB, and, of course, Ethernet-, Bluetooth-, Wi-Fi-adapters.
As used Debian Linux OS with a set of pre-defined security-TOOLS: Nmap,
OpenVPN, w3af, aircrack-ng, btscanner, ophcrack, John the Ripper, and others.
Missing tools you can always bring your own. For example, to get Metasploit
Framework you can use the following commands:
|
wget
http://downloads.metasploit.com/data/releases/framework-latest.tar.bz2
tar
-xvvf framework-latest.tar.bz2
apt-get
update
apt-get
dist-upgrade (can take a bit)
apt-get
install postgresql-9.1 postgresql-client-9.1
postgresql-contrib-9.1 postgresql-doc-9.1
postgresql-server-dev-9.1
gem
install pg
|
Dimensions of this device are 5,56 × 5,72 × 20,96 sm,
so it is quite possible to always carry with you.
Glitch
(bit.ly/1fAsydr)
There is no ack of hacker HID-device in the network.
We have once examined in detail the Teensy, talked briefly about the USB Rubber
Ducky (so if you have not heard about the data Soup, I highly recommend you to
learn the material). But that's not all. If you dig, you can find a
sufficiently similar in functionality projects, which, however, will require
the user manual polishing to fit your needs. Glitch is an another interpretation of this idea that is
based on Arduino. According to the author, who, incidentally, collects for its
project money on Kickstarter'e, his creation is designed to simplify the work
of a pentest without requiring that
delve into the device and write firmware for it. That is all well and works out
of the box. Glitch can emulate keyboard and when it is connected to a computer
it quickly types text (which can be used for quick configuration of Windows /
Linux, and for the execution of some peyloadov). However, the same can do and
Teensy c Rubber Ducky. The advantage of this device that it is able logging -
that is, it can be connected to the USB-keyboard and it will record all the
keystrokes on a microSD-card. Also, due to the small size Glitch can hide
inside other electronics, such as inside the mouse. Find a third-party device
will be extremely difficult. Underestimate the usefulness of this device is not
possible, so I recommend you get to know it better. I can say with absolute
certainty that once a situation arises in which it will be very useful.
PlugBot
Unfortunately, not all devices, created for pentest
were created to went out and to be producted. For example, such situation had
happened with a device PlugBot, whose author was not able to dial in the desired amount
Kickstarter'e. PlugBot based on a mini-computer and Marvell is intended to
carry out a physical pentest. The idea is as old as the world - if access to
the studied network is securely closed by a firewall, take this device,
secretly set it on the object under study (and its size allows it to do so) and
immediately get into the internal network, by passing any firewalls.
BeagleBone + BeagleBoard + The Deck
(bit.ly/NXIef7)
BeagleBoard-xM $ 125
About the Raspberry Pi device has been discussed many times, the usage of
this tiny device just a bunch, in the field of penetration testing. But it also
has an alternatives. One of them - a single board computers, developed jointly
by Texas Instruments and Digi-Key: BeagleBoard and BeagleBone. However, to be absolutely precise, the latest
versions of these cards are already the names of BeagleBoard-xM and BeagleBone
Black respectively. Both devices are equipped with ARM-based processors clocked
at 1 GHz and 512 MB of RAM. BeagleBone can be called a younger sister, as it
is smaller, cheaper and not so rich in stuffing. It has in its arsenal just one
USB-, HDMI- and Ethernet-port. The older model is equipped with already four
USB-ports, boasts of having outputs DVI-D and S-Video. However, in the latter
there is no ROM, so to store the operating system and other Stafa have to use
an external micro SD-card.
BeagleBone Black $ 45
But for pentest this devices have no value - just a
set of transistors, resistors and other elements. What is making from baseboard excellent instrument for
penetration? That's right - it's the
software. And here I would like to
pay attention on very interesting development called The Deck -
operating system based on Ubuntu, capable of operating on the specified
single-board computers. If you try to describe it briefly, we will say this -
it's all what you would like to have from Kali Linux (BackTrack), ported on
ARM-platform.
Do not be in a hurry and buy hacker Soup - in the presence of direct
hands and head on his shoulders analogues for some of them are quite capable to
build yourself. For example, you can save a lot of independently collected
analogue MiniPwner, which, incidentally, is 99 dollars, which is too much. To
do this, you will need to purchase a router TP-Link TL-WR703N (or TP-Link
TL-MR3020), which will cost just $ 20-25, plus a USB flash drive to it (better
to take some miniature, such as Cruzer Fit), as well as charging by phone on 5
with microUSB-connector. All together in the end it will cost about $ 50 that will be a
two-time savings compared to the original (which, incidentally, is based on the
same router). Once all the electronics come from China (or wherever you booked
there), you will need to download the installation package MiniPwner. After
that, you need to merge with the web OpenWrt-firmware for the router, for
example here, and install on your computer utility netcat, to carry out further
manipulation with the router. In addition, it will be necessary to prepare a
USB flash drive, breaking it into two sections (the first - swap-partition, the
second - ext4), and insert it into the router. After OpenWrt download, reflash
the device. I do not need to explain how it's done - all is rather corny, I
will connect via the web interface (the address of the router in a standard -
192.168.1.1), enter the username / password admin / admin, and from the menu
choose your firmware. In general, as usual. The next point we will need to
transfer the downloaded package MiniPwner on the router. To do this on the
computer go to the folder where it lies, and execute the following command:
|
nc -l -p 3333 <minipwner.tar
|
Then using Telnet connect to the router and perform:
|
cd
/usr/share
nc
192.168.1.111 3333 > minipwner.tar
|
where 192.168.1.111 –is an address of the computer.
Well, then unzip the downloaded file and follow the instructions for setting up
of this manual (from step 19). Perform a sequence of the remaining 14 items,
you will receive a full MiniPwner all at half price. Profit!
HackRF & bladeRF
~ 300 $ (bit.ly/1gtRJxg) & (kck.st/1gqXiba)
HackRF
A lot of interesting things in recent years can be
found on kickstarter.com. This applies to different electronic / hacking
devices. In particular, a universal transmitter (SDR) is able to read and
transmit a signal over a sufficiently wide frequency range. The range includes
almost all the frequencies that are used by mankind for data transmission,
whether 3G, Wi-Fi, FM, GPS, police radio, remote control key from the machine
or RFID-tag - unimportant.
To recent time , the only available SDR-platforms with
a wide range of companies was USRP Ettus, which costs about thousand dollars (based on it was even built
project OpenBTS). But as time had
passed, appeared new solutions, primarily focused on the amateur radio
enthusiasts and hackers. Two of the most notable of them are presented on
Kickstarter.
The first, developed by legendar hacker Michael
Haussmann, bears the name of HackRF. The device supports a frequency range of
30 MHz - 6 GHz sampling rate up to 20 MHz and works in Half-duplex'nom mode.
Sample size is 8 bits, and to connect to the computer using the interface USB
2.0. This device is fully open - from circuit design to firmware and management
software, all of this is in the official repositories. Therefore, it is able to
collect by yourself. But as the project gained an amount seven times the
statement, in the near future there will be the emergence of serial samples.
The second successful project - bladeRF.
BladeRF
He is the brainchild of a California team Nuand.
Support the frequency range of 300 MHz - 3.8 GHz sampling rate up to 28 MHz and
Full-duplex mode. The size of the sample is 16 bits, and the USB interface is
already 3.0. Both projects provide a minimum set of software for working with
devices, as well as support for their software layer gr-osmosdr, so you can use
it in conjunction with iron monstrous that
combine signal processing GNURadio. So now the hacker movement have the
tools to look into the most remote, previously available only to specialized
devices corners of radio.
Telephone - gun pentest
In general, if you do not want to solve some specific
problems, the complete tool of pentest can turn an ordinary phone based on Android.
Fortunately, the relevant applications for this OS is enough.
1. dSploit - a set of utilities for the pentest with your smartphone. It consists of: a
utility for port scanning, vulnerability scanner, the application for the
selection of a login / password tool for MITM-attacks and much more. In order
to use the whole set, you must first install the compromised device and it
BusyBox.
2. Network Spoofer - utility for spoofing websites on
wireless networks.
3. Network Discovery - utility that allows you to find
all the devices and networks that are connected to your Wi-Fi-point
4. Shark for Root - network sniffer, works perfectly
with 3G- and Wi-Fi-networks. The resulting dump can then be analyzed in the
Shark Reader or Wireshark.
5. Penetrate Pro - pretty nice app to decrypt the
Wi-Fi-traffic, which is able to calculate the WEP / WPA-keys for some models of
routers: Discus, Thomson, Infinitum, BBox, Orange, DMax, SpeedTouch, DLink,
BigPond, O2Wireless and Eircom (the original version of the utility was sawn
from Goole Play, therefore, downloaded from the installation package, be sure
to check it before installing).
6. DroidSheep - a tool to hijack sessions, with which
you can quickly gain access to other accounts Facebook, Twitter, LinkedIn and
Gmail.
7. WPScan - Vulnerability Scanner for popular engine
WordPress.
8. FaceNiff - another tool to intercept web sessions.
9. WebSecurify - cool web vulnerability scanner
available for all desktop and mobile platforms.
And this is not an exhaustive list, so as you can see,
for the initial exploration and enough conventional smartphone.
F-BOMB
250 $ (bit.ly/1fUSwIR)
F-BOMB
Sufficiently curious development, presented to the
world at the conference Shmoocon'12 by the researcher named Brendan O'Connor.
The name of this device represents a reduction of Falling /
Ballistically-launched Object that Makes Backdoors. It was founded by a
mini-computer equipped with PogoPlug and several small antennas, 8 GB of flash
memory and the body, printed on the 3D-printer. The aim was to create a cheap
Brendan spy device that could be discreetly mounted on the object under study
(in the ventilation shaft under the ceiling), and it would collect the
information and sends it back through the available Wi-Fi-network. And at the
same time that it was peaty to leave or
to lose - in fact, if you set the device costs several dollars, it will have to
take. And if it is discovered, there is a chance not to get it back. In this
regard, with the F-BOMB is much easier -
PogoPlug worth $ 25 on Amazon, further equipment used in the prior art,
there were Brendan back in a few tens of dollars. Total first prototype cost
somewhere $ 50. Now F-BOMB is available for purchase from the online store
Brendan already for $ 250. The latest version of device is based on the
Raspberry Pi, includes two Wi-Fi-adapter, USB-hub and SD-card to 8GB. At the
rear of the unit is now located USB-connector, however, it is intended not to
connect the device to the computer and to the power.
Considering the small size and light weight of device, it can be placed on the drone (eg,
controlled with iPhone Parrot 'AR.Drone, powering F-BOMB from its battery, and
thus deliver the spy to the place of "special operations." It can
also be easily hidden in a carbon monoxide detector, where it will operate
undetected for months. And if invisibly connect the device to the power supply
does not work, you can use normal AA batteries, which last for about a few
hours of battery life.
I must say that you can use this device everywhere not
just in hacking. For example, further equipping the device temperature and
humidity sensors, can do your own his small laboratory.
OpenVizsla
OpenVizsla
Well, the last device on which I would like to
pay attention, - OpenVizsla. It is
developed by a group of enthusiasts, cheap device for reading from
USB-connector mobile data, which are then used in the procedures of engineering
analysis and debugging. I just need to jailbreak techniques now in demand and
removal of operator binding. The project has already collected on Kickstarter'e
donations in the amount of 81 thousand dollars, so the creators are ready to
begin large-scale production of inexpensive sniffer-products. If we consider
that current hardware analyzers USB-data rather expensive toy (price starts at
$ 1,400), OpenVizsla sure will be very popular among hackers and security
researchers. After removal of USB-data stream at one time helped to break the
spatial controller Microsoft Kinect, give Apple-Linux-support equipment, as
well as to carry out jailbreak Sony PlayStation 3. am particularly pleased that
the project is completely open - circuit device, but also the source code of the
firmware and client software to work with the device can be downloaded from the
official website of the project. Therefore, if you are friends with a soldering
iron, you made OpenVizsla by yourself. Or wait for the device in the series.
Finally
Here ia an end of our small review. Unfortunately (or
perhaps fortunately), the subject of hacking devices we can not fit in a single
article, we are only able slightly look at what's new had happened in this area
in recent years. But the web is still full of manual about how to gather such a
device by yourseelf. I hope that one day I will see great stuff on the subject,
written by you. Good luck!
Source : xakep.ru
No comments:
Post a Comment