broadsworde Posted April 13, 2017 Share Posted April 13, 2017 I want to get into penetration testing, and want to use a dedicated PC for the task. I was thinking about getting a cheap second hand machine, but I'm stuck on believing that pre-used computers can no longer be trusted because of possible badUSB firmware infections that are undetectable and unfixable... am I correct in this belief? Thanks in anticipation. Quote Link to comment Share on other sites More sharing options...
Bob123 Posted April 27, 2017 Share Posted April 27, 2017 So I read this post a while back and thought about it several times, each time thinking of a new reply but then rethinking about it again. So let's give it a whirl. What exactly are your concerns? Your concerned your going to buy a used PC that has been infected by badUSB? Wouldn't you want to wipe the hard drive anyways? I'll probably end up going way off topic here but let's look at it from several angles. First of all depending on your funds...just build your own PC. Much more fun. Ok that angle is done now let's look at a few more...so you have a pc in front of you and you don't know what lies inside. I'd power it up without it being connected to your network and look around. See if there is anything of interest on it. I don't want to get into any trouble here but if you "own" it now then I would guess if you want to salvage the OS or any other programs on it you could waste a USB thumb drive and install some software on there to relieve the PC of it's keys. If there is nothing else of interest on there then blast it and install a fresh OS. If your still concerned that the firmware of certain devices may be compromised due to a badUSB hack them break down the items you have to worry about. If the hard drive firmware is questionable ditch it and buy a new hard drive. If the optical drive firmware is questionable ditch it all together since those are going by the wayside anyways. CPU/RAM should be fine. Motherboard BIOS...replace motherboard? Order a new BIOS chip? Same goes with add on cards (network, video, sound, etc.) Unless you live in an area where everyone and their cousin are running around infecting PCs with badUSB I'd think that would be the least of your worries. Not to freak you out but when you do a fresh install of say Windows...who owns it? It definitely isn't you or I. Maybe back with good old XP but current OS's...nope. MS will constantly have that computer phone home without telling you. I installed a fresh install of Windows 10 a few weeks back. I knew I was wasting my time but I bothered to delete all of the apps I knew I wouldn't use...I gave it about an hour and MS decided I really needed those apps and reinstalled them without me asking. So obviously I don't own it. Same with Mac. Good luck assuming you have any control over that OS. It'll just straight up ignore a command if it doesn't feel like doing it. Sorry Mac guys but it's true. And even some bigger brand Linux OS's are doing that now too. I'd be a bit more concerned about that than a random attack on a machine. That's just my two sense on the matter. I get random PCs all the time and there's nothing more fun then just diving in and looking around. Quote Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted May 11, 2017 Share Posted May 11, 2017 On 4/27/2017 at 11:30 PM, Bob123 said: So I read this post a while back and thought about it several times, each time thinking of a new reply but then rethinking about it again. So let's give it a whirl. What exactly are your concerns? Your concerned your going to buy a used PC that has been infected by badUSB? Wouldn't you want to wipe the hard drive anyways? I'll probably end up going way off topic here but let's look at it from several angles. First of all depending on your funds...just build your own PC. Much more fun. Ok that angle is done now let's look at a few more...so you have a pc in front of you and you don't know what lies inside. I'd power it up without it being connected to your network and look around. See if there is anything of interest on it. I don't want to get into any trouble here but if you "own" it now then I would guess if you want to salvage the OS or any other programs on it you could waste a USB thumb drive and install some software on there to relieve the PC of it's keys. If there is nothing else of interest on there then blast it and install a fresh OS. If your still concerned that the firmware of certain devices may be compromised due to a badUSB hack them break down the items you have to worry about. If the hard drive firmware is questionable ditch it and buy a new hard drive. If the optical drive firmware is questionable ditch it all together since those are going by the wayside anyways. CPU/RAM should be fine. Motherboard BIOS...replace motherboard? Order a new BIOS chip? Same goes with add on cards (network, video, sound, etc.) Unless you live in an area where everyone and their cousin are running around infecting PCs with badUSB I'd think that would be the least of your worries. Not to freak you out but when you do a fresh install of say Windows...who owns it? It definitely isn't you or I. Maybe back with good old XP but current OS's...nope. MS will constantly have that computer phone home without telling you. I installed a fresh install of Windows 10 a few weeks back. I knew I was wasting my time but I bothered to delete all of the apps I knew I wouldn't use...I gave it about an hour and MS decided I really needed those apps and reinstalled them without me asking. So obviously I don't own it. Same with Mac. Good luck assuming you have any control over that OS. It'll just straight up ignore a command if it doesn't feel like doing it. Sorry Mac guys but it's true. And even some bigger brand Linux OS's are doing that now too. I'd be a bit more concerned about that than a random attack on a machine. That's just my two sense on the matter. I get random PCs all the time and there's nothing more fun then just diving in and looking around. Usually, if you make a dedicated hacking PC, wouldn't you just go with a few Linux distros anyway? Linux distros (depending on which distro) don't phone home. Most have no homes. I would check out Debian and Kali if I were you. Ubuntu is good as well, but it's more of a user-friendly environment built to be a desktop. Kali is specifically a pen-testing environment while Debian is a mix of the two. I have a multi-boot USB with 3 different distros on it (one of which is a custom one I made), a few system tools and a Windows 7 installer. Never know when you need to clean a PC from the outside or use Kali/Debian to access files on the HDD. Quote Link to comment Share on other sites More sharing options...
broadsworde Posted May 11, 2017 Author Share Posted May 11, 2017 Thanks Bob and Davee. I will certainly be using Linux, most probably Kali. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.