Oli

Yep, or whoever it is who doesn't know how to manage code releases / use github :) A bit of a lack of professionalism really if it is all meant to be hush hush until DEFCON.

You still have some links up. Note to self - don't post code to public source repositories if you don't want it to be public.

Not much, just all the module code and the link to the bin that can be unsquashed to get ALL the turtle code :) Having all the code tells you the architecture, whether wifi is present, etc

Search github for lanturtle, it was forked. The files have a link to the bin file that can then be unsquashed to get the openwrt code.

No love for the turtle? Anybody downloaded the code and firmware yet and had a poke around like me? I was expecting some news after the open house - especially as it was supposed to be on show.

I'd recommend using the latest version from github and if the problem is still there open an issue: https://github.com/mushorg/conpot/issues

Google is your friend: http://stackoverflow.com/questions/7475223/mysql-config-not-found-when-installing-mysqldb-python-interface

Indeed. Cory Doctorow and Bruce Schneier have interesting input on this. I doubt any backdoor would be easy to find as the code would typically be proprietary and/or on a server somewhere, but eventually it is inevitable that they would be exploited by someone.

Don't get me started ranting about lack of decent documentation! :) It is all a bit of a mess, but appears to be slowly getting better (with a mdwiki etc). Best thing would be to google the underlying tool for the infusion (usually pretty obvious) or search the forums for the relevant introduction / support thread.

Use a payload that is known to work and use delays.

Without releasing any spoilers, it does look like the deployment method is actually a USB to ethernet provider where the "victim" gets internet via the turtle - or at least this is one scenario. Yep, usb powered. ​ ​Edit: Got my hands on the firmware so I pretty much know all I need to now! :)

I downloaded the zip whilst it was live, it answered some of my questions as to what the turtle is. I'm still a bit baffled as to the deployment usecase: a pineapple should be able to do the same + with wifi. I guess the USP is just a small form factor?

Looks like wiki is live: https://github.com/sebkinne/lanturtle-wiki

Good luck! Hope you can afford the loss. I'd say the chance of this been delivered in "two weeks" is essentially zero (especially if he doesn't even have a ducky yet). I'd suggest paying after delivery of working code...

Yep, probably a significant percentage and potentially a 'brokerage' fee + more chance of a customs delay. At least if you are buying from within the EU you know the exact amount you are paying upfront.

Isn't it the composite duck stuff in the link you originally posted? https://github.com/midnitesnake/USB-Rubber-Ducky/tree/master/Firmware/Source

I'm not. Suppose someone is interested, what proof do you even have that you are capable of doing it? Judging by your post elsewhere, you want to use a ducky, which is a seemingly bizarre choice for hardware too...

Tax, duties and shipping speed to take into account too though - make sure you are comparing apples to apples.

There are duck-like devices that you get easily in the EU (paying with paypal) too: teensy, leonardo, etc.

Just saw this and it reminded me of this topic: http://xkcd.com/1425/

Maybe just get a teensy and program that before veering into (essentially) advanced robotics. The rest of the stuff is certainly non-trivial and pretty pointless when a remote shell would normally be 100x easier and more efficient.

An announcement would be features and maybe price and availability as far as I'm concerned - not "some people saw something" and "if you grok twitter you can find some vague stuff...". Guess I'll just build something based on my own concept of what an ethernet pentest tool should encompass :)

OSH Park or, if you want cheap and are willing to wait, Seeed. Or just good old perma-proto.

My brain just can't handle massive impenterable blocks of text in this heat :) Yep, a teensy has a usb port and the FTDI cable adds a second so you can hook that into your PC. You get a ducky that can be sent keystrokes in real time (plus mouse movements). I don't have all the details to hand but you will need: Teensy LC 3.3V FTDI cable Perma-proto board A bit of wire Micro USB to USB A Male adapter An Arduino sketch runs on the Teensy with (in my case) python (with pyserial library) script running on the PC. Total hardware cost about $40. More if you want to get fancy and add OLED displays, switches, etc.

Doh! The first self-imposed deadline has been missed: "The "Turtle" is Hak5's forthcoming penetration testing tool to be announced in Q2-2015"