Jump to content


Dedicated Members
  • Content Count

  • Joined

  • Last visited

  • Days Won



About overwraith

  • Rank
    Hak5 Ninja
  • Birthday 10/30/1990

Profile Information

  • Gender

Recent Profile Visitors

6,561 profile views
  1. I have come up with another USB vector attack. This involves a flash drive which has had it's firmware tampered with in such a way that it allows the user to copy files to it, but after a number of plug in's the flash drive becomes unresponsive. I am not sure if this would require special firmware, or multiple sd cards to accomplish this. Another alternative is the same idea except with a remote wifi shut-off switch. The idea is that somebody stops by with promotional flash drives, which work, then they shut off all of a sudden and end up in the user's trash bin. Such a device would require a push button in order for the hacker to re-access the contents. Wifi cards are relatively small, I have one I use for my raspberry pi's which is small outline. Approximately the size of my thumb nail. If practical please consider making this to add to the arsenal. If one goes the SD route, one could be the data SD, and the other could contain some sort of file which contains the number of times the drive has been plugged, or other such info. If one goes the wifi route one could turn it off via a rouge AP.
  2. The reason for this tool is to simulate someone exfiltrating data off a corporate network. The dial-able pot switch makes the signal lesser to a degree that you get a personal area network around your wifi nic. The wifi nic i have in mind is actually usb based, and only about the size of my thumbnail. People war-driving around the building to test security wouldn't even be able to see your network/ssid unless they were feet from you. I am surprised no-body has thought this up before. Your phone becomes the endpoint which communicates with the wifi NIC. Furthermore I may have seen one of these in the wild. No-one really said anything, or suspected. I put two and two together months later after I had left the job. If anybody see's any wierd SSID's that are only in the general locale of a single desk, you now know they exist and how to report them.
  3. Another aspect of this could be if somebody was not supposed to be looking in your desk drawer as per company policy, and you happened to acquire a fake grenade (Training Grenade Blue, no explosives already spent fuse). You stick the fake trainer in the desk drawer, and some point later in the day the bomb squad gets called and you know exactly who is snooping. Probably give the bomb squad and police a courtesy call first along with your address etc.
  4. A while back I discovered that elicitation could be used in order to protect the company from intrusions from unscrupulous employees. I do believe that one of Mitnick's books or someone else's describes how a savvy net admin discovered a chat box on his computer and used elicitation to make the hacker believe he was one too. On doing this the hacker revealed how he had broken into the company using some sort of VPN vulnerability. One method in a pharmaceutical company is to have a Vikodin trap. Essentially people are informed as to the whereabouts of unsecured vikodin, for example using an encrypted document that has a few developers, and therefore only a few possible recipients, loose talk around the office, and or water-cooler talk, or any other means of targeting specific people. The manner in which you reveal the information is the manner in which the employees will find out. Obviously the trap is monitored by unobtrusive security, like a camera etc. Anybody caught stealing the cardboard box of vitamins is summarily let go from the company due to the fact that it is cheaper to let them go than to navigate tort law. Vikodin could be replaced with anything of value at your workplace, but you should in fact be leaving out fakes or just cardboard packages rather than the expensive items. This would not be considered entrapment if sufficiently bland, for instance you do not actually dominate the person in order to make them fall into the trap, or otherwise trick them. It has to be their own decision as opposed to trickery. You want to demonstrate a clear and willful act that can't be refuted.
  5. RSA is the only asymmetric algorithim available to the .NET C# API. It is useful for moving data from one computer to another without malicious Mallory intercepting or changing the transmission. The RSA part is actually ideal for transmitting keys to the destination computer. Use the key transmission and apply it to a separate symmetric transmission for large files for increased performance. Big files or transmissions get symmetricly encrypted. Doing a lot of C# development and research lately. I could probably make $50 per company by tooling around my city, and trading the printouts for money, but I am not currently interested. My contribution to the security of the business environment. The algorithm works by swapping public keys between computers, then sending the information along to the destination computer. The network code is not included, but you could see how this could be broken up into controllers or client server programs. using System; using System.Collections.Generic; using System.Linq; using System.Security.Cryptography; using System.Text; using System.Threading.Tasks; namespace RSA_Login { class Program { static void Main(string[] args) { RSALogin client = new RSALogin(); RSALogin server = new RSALogin(); client.PublicKey = server.GetPublicKey(); server.PublicKey = client.GetPublicKey(); byte[] cipherText = server.Encrypt("Hello"); String password = client.Decrypt(cipherText); }//end method }//end class /// <summary> /// RSALogin object used to preform Asymmetric trade of data. /// </summary> public class RSALogin { RSACryptoServiceProvider alg = new RSACryptoServiceProvider(); HashAlgorithm hashAlg = HashAlgorithm.Create("SHA1"); public RSAParameters PublicKey { get; set; } public RSALogin() { } /// <summary> /// Get other computer's public key. Used to trade keys. /// </summary> /// <returns></returns> public RSAParameters GetPublicKey() { alg = new RSACryptoServiceProvider(); RSAParameters publicParams = alg.ExportParameters(false); return publicParams; } /// <summary> /// Encrypt data to send to client. /// </summary> /// <param name="plaintext"></param> /// <returns></returns> public byte[] Encrypt(String plaintext) { byte[] plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plaintext); byte[] signature = alg.SignData(plainTextBytes, hashAlg); alg.ImportParameters(PublicKey); byte[] cipherText = alg.Encrypt(plainTextBytes, true); return cipherText; }//end method /// <summary> /// Decrypt the cipher text from the server. /// </summary> /// <param name="cipherText"></param> /// <returns></returns> public String Decrypt(byte[] cipherText) { byte[] plainTextBytes = alg.Decrypt(cipherText, true); byte[] signature = alg.SignData(plainTextBytes, hashAlg); bool sigValid = alg.VerifyData(plainTextBytes, hashAlg, signature); if (!sigValid) throw new CryptographicException("Signature is not valid. "); String plainText = new System.Text.UTF8Encoding().GetString(plainTextBytes); return plainText; }//end method }//end method }//end namespace
  6. I just had a cool new idea for a pen testing tool. If hak 5 thinks it is a good idea they can build it. Would recommend creation of new WIFI NIC with a pot-switch to modulate the power going to the antenna on the circuit board. Is an exfiltration tool, utilized for creating a personal area network around one's desk, phone can connect. Would require vid/pid changing utility. If thought to be a good idea can build. Try to make it small like those thumbnail sized ones, or at least fairly trimmed down. obviously the pot switch changes the dimensions. I only condone white hat pen testing only. Thanks everybody. Possibly also add push button for turning it on or off. Make the switch toggle the radio output to zero, not restart.
  7. After reading that he was plugging into a rpi I thought that might be the problem too, but wasn't sure. Wanted to hear somebody else suggest it.
  8. That doesn't sound right, I plugged mine into an ethernet cable, and then into a computer and it worked fine. Do you mean you plugged it into an ethernet cable and expected it to boot up without a power source? Fast Ethernet does not transmit enough power to power a device unless it is specifically POE. The turtle gets it's power from the USB side. If you do want to power it without connecting to a computer, hook it up to a usb battery pack. Perhaps you are experiencing some kind of MAC address filtering? IDK it could be a couple of things. Could you elaborate?
  9. It isn't that necessary, it's still functional. It's more of an aesthetics thing really. I am sure If I do some googleing I could find something, but if anybody knows anybody good that would be cool too.
  10. Hey, I have had to remove my sticker on my turtle to reset it, I was just wondering if there is a service where I could get manufactured stickers for the lan turtle, like by the roll or something. I am not interested in recording "accurate" info about the MAC, just something generic.
  11. Ok, I can connect now. Password was probably too complex, but it was really wierd that it didn't work at all because typing twice is supposed to alert you if you didn't type it correctly. That's why people do it. It is to make sure you typed as intended. Whoever thought of giving networking devices web pages for setup was pretty smart. It's cool that you can upload via a web control. How much other web stuff can we do with the turtle? Would it be possible to host a webpage during normal configuration procedures?
  12. I was able to set a password after your first post, so the password is set, it's just whenever I type that password in it tells me it is incorrect. So what probably just happened is that the password is set, and I accidentally mistyped something, or there's a bug in the password input program. So essentially now I am ssh-ing into it and I can't get past the login screen. So what I am wondering is if the login setup prompt is programmed correctly. IDK, It is a pretty wierd coincidence that I keep typing my password in and keep getting it wrong, considering I would have had to type it in incorrectly ***twice*** on the turtle setup screen in order to get this problem.
  13. I actually was able to connect to the login screen though. IDK. I will try a few things, perhaps even disconnect from my local net in order to get the reset procedure working. If all else fails, and I still don't have the thing working I will consider an RMA, but not before I exaust a few other alternatives. Your password set program does check input passwords to make sure they are the same right, for example if I typeed password, and pas$word while setting up the turtle?
  14. Yep, that fixed it. How necessary do you think it would be to reset the device to factory defaults? It did just come through the mail. I just hadn't plugged it in since I got it. ... It seems that my password is no longer working. Probably a typo or something, but I guess I will have to reset anyway... Lan turtle is a good idea, it just seems like it's a little difficult to set up correctly...
  15. Ok, so I am trying to get this turtle to work on my computer, unfortunately I am working in a windows environment. This is the first time I plugged the turtle in, and I would like to reflash it. Unfortunately it appears that windows doesn't like the drivers associated with the turtle. The turtle is listed in device manager under "other devices", "USB 10/100" LAN correct? If so then I am actually getting a yellow exclamation mark next to the device. The drivers for this device are not installed. (Code 28) There is no driver selected for the device information set or element. To find a driver for this device, click Update Driver. One goes to update driver, and it doesn't accept a .bin file. Should I use the ducky flashing procedure to flash this? To complicate matters my router seems to use the default ip address that the lan turtle uses. I am a bit tired tonight. I will try to fix this mess tomorow. I just rebuilt my comptuer also, so I will probably have to get all that ducky firmware flashing software working correctly again. Some of this stuff has kinda taken back seat to other things that need doing.
  • Create New...