Gumstix PXE?

[moonlit]

Right, I came up with this idea on IRC, and while I know it's similar to the USB hacks, this one's a little more difficult to do without knowing your stuff. I don't wanna hear about kids doing this to pwn shit, but I thought it was an interesting thought... anyway, enough disclaimer...

We had the USB hacks, we all know about them, and hopefully we all know how to prevent them being used. So you've disabled your USB ports and you're safe... but... what about PXE booting (booting via ethernet)?

Say you had a little gumstix computer with an ethernet port on it, running a dhcpd and a PXE server. This solves the problem of having disabled USB ports, you can boot your own OS from it much like a USB stick or CDROM with a live distro on it.

I'm sure you could all think of a million ways to use this, and it can be easily fixed if your machine doesn't usually boot via your NIC - turn off PXE booting in your BIOS and add a password (if you haven't already, to prevent USB booting). If your machine boots from ethernet by default though, you might have a problem. What if someone pulled out the ethernet cable and plugged in a crossover with a battery powered gumstix on the end of it? They'd be able to boot their own OS without any access to the USB ports or CDROM/floppy drives.

It's a fairly simple idea, and I may not have been the first to think of it, but it could still easily be a risk.

Thoughts?

Another idea that's been batted around, since we're on the subject of gumstix, is a dual-NIC'd gumstix that could be used as an inline sniffing device. Perhaps a little MITM action? gumstix rogue access point? Again, probably ideas that are far from original, but hey, they're new to me...

Discuss!

Edit: Ok, I couldn't let it go without another disclaimer. I posted this as a genuine thought for security, not as a call to "HEY LETS GO PWN SHIT". If you're going to test this stuff, don't be a fucking retard about it, ok?

[SmoothCriminal]

A very interesting idea, but most PC's your going to find won't boot to NIC by default, and any decently secured PC will have a bios password.

[moonlit]

A very interesting idea, but most PC's your going to find won't boot to NIC by default, and any decently secured PC will have a bios password.

But what if it was an office machine where it boots via ethernet by default? You then end up with the problem of not being able to disable it without breaking your entire setup.

[SomeoneE1se]

once you get physical access it's over.  Most people I know keep a IDE/SATA to USB with them (I do) and if you can reboot and get a MITM at what point does it become faster to just pull HD?

[Darren Kitchen]

I gotta say the idea of a Ethernet logger that just sits between the jack, whoa. How obvious and awesome. I want!

Now, what embedded device already exists with two ethernet ports thats easily hackable. Too bad the Fon only has one... Still a little big. Tons of linksys and other routers are DD or WRT'able but routers are big too. I've seen those pico computers with single ethernet ports but not with two.

Anyone have any leads on this, I'd really like to give it a go. It wouldnt even need that much storage since you could mirror the data to a third party and essentially eavesdrop in realtime.

Oh yeah, and I'm sure the NSA already has one. =/

[thegubble]

You could go all hardcore and program a PIC or AVR to act as the computer. This way, all you would need is 2-4 surface mount chips (allowing for it to be as small as a 9v battery, possibly smaller) and it could be powered off USB.... ok, i'm going to try it, and fail.

But i like the idea.

[Darren Kitchen]

I like your suggestion too but sadly that is outside the scope of my knowledge and the time it would take me to learn it up and build it I'd have no choice but to neglect the show and well, damnit this is just one of those things were I'll defer to the easier solution. Such is being geek.

[moonlit]

I gotta say the idea of a Ethernet logger that just sits between the jack, whoa. How obvious and awesome. I want!

Now, what embedded device already exists with two ethernet ports thats easily hackable. Too bad the Fon only has one... Still a little big. Tons of linksys and other routers are DD or WRT'able but routers are big too. I've seen those pico computers with single ethernet ports but not with two.

Anyone have any leads on this, I'd really like to give it a go. It wouldnt even need that much storage since you could mirror the data to a third party and essentially eavesdrop in realtime.

Oh yeah, and I'm sure the NSA already has one. =/

What, like this? Dual ethernet with onboard microSD storage for this gumstix motherboard with integrated bluetooth.

[SomeoneE1se]

How about a dectop?  it's small, and has all the power needed to do anything you want to the packets. "Just add water USB Ethernet adapter"

[boxgamex]

probably a little too big but there are some very nice small embedded boards out there, even with dual 10/100 such as http://www.arcom.com/pc104-geode-gx533.htm

[mleo2003]

Not really a hardware man myself, I saw this and started thinking of how to do it on the software side. With any of these dual-nic boards, my instant reaction is Linux (any version) with the NICs setup in an Ethernet Bridge (built in to all the newest linux kernels), and Snort rules to do the watching. I've been looking into doing something like this at my house for intrusion detection, but I can see how it would work this way too.

As far as the PXE boot idea, I like it. I've always thought about setting up a PXE server and seeing just how many PCs I could have connect back to me just because they were setup default like that. A mini way to do it to just 1 machine is one more tool I could use here at work to fix PCs (honestly).

Oh, another sniffer that could be done in a mini way: Go Old school, get a small 3-4 port hub, put it inline with a computer, and use a sniffer cable in another port tied to any computer you want to watch unseen on. For those who don't know, a Sniffer cable is just one that, on one end, has the send and receive pairs tied together, and on the other, just the recieve wires are there. That would essentially be the same setup as above, but on a cheaper budget (the true hacker sense).

[TrinitronX]

I think a couple FPGA boards have ethernet ports.. it'd be pretty awesome to code up some hardware to act as a PXE server with an embedded linux kernel image... which would also be updatable.

Hell, I think a couple boards actually can run embedded linux on them, it's probably just a matter of setting it up to do PXE.

Hopefully eventually I'll get a FPGA dev board to mess with on random projects like this.

[digip]

Could you say, with a crossover cable, use something like this: http://www.tigerdirect.com/applications/Se...3&CatId=589 To attach to your laptop to boot another system off of it? I mean, if you took your system an dplugged the USB side into YOUR machine, and then uses a crossover cable to reverse the connection back to your target machine, couldnt you make the target machine boot off of yours?

[moonlit]

Could you say, with a crossover cable, use something like this: http://www.tigerdirect.com/applications/Se...3&CatId=589 To attach to your laptop to boot another system off of it? I mean, if you took your system an dplugged the USB side into YOUR machine, and then uses a crossover cable to reverse the connection back to your target machine, couldnt you make the target machine boot off of yours?

You could, or even easier, use your laptop's onboard ethernet.

[digip]

You could, or even easier, use your laptop's onboard ethernet.

Yeah, didnt even think of that.

[metatron]

Just make your own device or get something with a dev board so you can add whatever you want hardware wise.