A long time ago when WiFi and Bluetooth were new and ‘wardriving’ was still a word, a few guys put a big antenna on a rifle and brought it to DefCon. Times have changed, technology has improved, and now [Hunter] has built his own improved version.
The original sniper Yagi was a simple device with a 2.4 GHz directional antenna taped onto the barrel, but without any real computational power. Now that displays, ARM boards, and the software to put this project all together are cheap and readily available, [Hunter] looked towards ubiquitous computing platforms to make his Sniper Yagi a little more useful.
This version uses a high gain (25dBi) antenna, a slick fold-out screen, and a Raspberry Pi loaded up with Raspberry Pwn, the pentesting Raspi distro, to run the gun. There’s a button connected to the trigger that will automatically search the WiFi spectrum for the best candidate for cracking and… get cracking.
[Hunter] says he hasn’t taken this highly modified airsoft rifle outside, nor has he pointed out a window. This leaves us with the question of how he’s actually testing it, but at least it looks really, really cool.
A pentesting dropbox is used to allow a pentester to remotely access and audit a network. The device is dropped onto a network, and then sets up a connection which allows remote access. As a final project, [Kalen] built the Rogue Pi, a pentesting dropbox based on the Raspberry Pi.
The Rogue Pi has a few features that make it helpful for pentesting. First off, it has a power on test that verifies that the installation onto the target network was successful. Since the install of a dropbox needs to be inconspicuous, this helps with getting the device setup without being detected. A LCD allows the user to see if the installation was successful without an additional computer or external display.
Once powered on, the device creates a reverse SSH tunnel, which provides remote access to the device. Using a reverse tunnel allows the device to get around the network’s firewall. Aircrack-ng has been included on the device to allow for wireless attacks, and a hidden SSID allows for wireless access if the wired network has issues. There is a long list of pentesting tools that have been built to run on the Pi.
Check out a video demonstration of the dropbox after the break.
Continue reading “Rogue Pi: A RPi Pentesting Dropbox”
Over the last few months, we’ve seen our fair share of pentesting appliances. Whether they’re in the form of a Raspberry Pi with a custom distro, or an innocuous looking Internet-connected wall wart, they’re all great tools for investigating potential security vulnerabilites at home, in the workplace, or in someone else’s workplace. Pwnie Express, manufacturers of pentesting equipment, are now releasing one of the best looking and potentially most useful piece of pentesting equipment we’ve ever seen. It’s called the PwnPad, and it allows you to get your pentesting on while still looking stylish.
Based on Google’s Nexus 7 tablet, the PwnPad combines all the goodies of a really great tablet – the ability to read NFC tags and multiband radios – with open source tools and a USB OTG cable with USB Ethernet, Bluetooth, and WiFi adapters. Everything in the PwnPad is designed for maximum utility for pentesting applications.
Of course, for those of us that already have a $200 Nexus 7, Pwnie Express says they’ll be giving away the source for their software, enabling anyone with knowledge of make to have the same functionality of the PwnPad. Of course you’ll need to get yourself a USB OTG cable and the WiFi, Bluetooth, and Ethernet adapters, but that should only add up to about $100; combined with a $200 Nexus 7, building your own is more than just a bit cheaper than Pwnie Express’ asking pre-order price of $795.
While some people know that you should be wary of USB drives with unknown origins, the same care is rarely, if ever exercised with USB peripherals. The security firm Netragard recently used this to their advantage when performing a penetration test at a client’s facility. When the client ruled out the use of many common attack vectors including social networks, telephones, social engineering, and unauthorized physical access from the test, the team at Netragard knew they would have to get creative.
They purchased a Logitech USB mouse and disassembled it in order to add their clever payload. A Teensy uC was programmed to emulate keyboard input, entering commands via the mouse’s USB connection once it had been connected to a computer. Using an undocumented exploit in McAfee’s antivirus suite, they were able to evade detection while their system entered commands to install malware from the flash drive they hid along side the Teensy.
Once the mouse was reassembled, they repackaged it along with some marketing materials to make it look like part of a promotional event. They purchased a detailed list of employees and singled out an easy target, sending their malicious mouse on its way. Within three days, their malware was loaded onto the victim’s computer and their test was deemed a success.
Hackaday forum member [Emeryth] recently posted his newest creation, the Wifon 2.0, which is an update to a project we featured last year. The second iteration of the device looks to make several improvements on the already solid concept.
Ditching the simple 16×4 LCD, version 2 sports a full color 320×240 touch panel LCD. A faster STM32 micro controller replaces the Atmega88 he used the first time around, allowing him to create a much more advanced user interface. The micro runs the ChibiOS/RT real time operating system, which enables multitasking, making the entire project a lot easier. Like the first version, an original Fonera performs all of the pen testing, though this time around he has ditched the vanilla DD-WRT distro for Jasager, which is purpose-built for running the Karma attack.
The project is coming along nicely, and [Emeryth] says he has a few simple apps running on the device already. He has found that running several applications on the device simultaneously is testing the practical limits of the Foneras capabilities, though he may add more memory to the router in order to squeeze a little more life out of it.
[via Hackaday forums]
[EverestX] works in the Security industry and is often required to recover or penetrate various systems for a variety of reasons. He wanted to create an all-in-one tool that he could easily carry from job to job which would provide him with several essential functions. He required that the device house a bootable operating system through which he can perform his work, have an Internet connection capable of injection, and have enough storage capacity to back up passwords, images, etc.
He decided to build the system inside an old IBM M-type keyboard, which provides a solid typing experience and plenty of real estate for his various components. After converting the keyboard from PS/2 to USB, he installed a USB hub along with his flash drive and WiFi card.
Once he gets everything reassembled, it should prove to be a pretty stealthy and useful piece of equipment. A word to the wise – if you happen to see someone sneaking around your office with a 20-year old Type-M keyboard, be wary.
[Nicholas Petty] has posted a guide to setting up your iPhone as a penetration tester. You already carry it around with you and, although not too beefy, it does have the hardware you need to get the job done. So if you’re not interested in building a drone or carrying around a boxy access point try this out. The first step is to jailbreak your device and setup OpenSSH so that you can tunnel in for the rest of the setup. From there the rest of the setup is just acquiring build tools and compiling pentesting programs like Aircrack-ng, Ettercap, Nikto2, and the Social Engineering Toolkit. You’ll be up to no good testing your wireless security in no time.