Level: Technical
Abstract:
In this presentation, I will show you how I made a portable gadget suitable for red teamers. The gadget is more or less plug and play type, which is put in a unique custom-made enclosure. The main component of gadget is Raspberry Pi 3, which has an option to be powered over battery or power adapter, connected to the network over Ethernet cable or Wi-Fi. As soon as it is connected, it automatically creates an encrypted tunnel connection (SSH/TLS) over port 443 to the C2 server. I will also explain why SSH/SSL connection was preferred to TCP or SSH protocol. As soon as the connection is obtained, penetration testing could be performed remotely, from any part of the world. In addition, to avoid easy detection in an attacked network, I decided to mask Raspberry Pi into a different type of equipment. In my case, I did my best to mask it into a router. I spoofed MAC address into address of the router, SSH protocol version was hidden, fake router settings login page was created, which looks like a real one, and apache service name was changed into router’s one. At the end, when you compare the scan results with a real router, it almost looks identical. In addition, this page is also a phishing page, which waits for naive admin to try to login into router settings. As soon as login is attempted, its harvested credentials are sent over the email. The gadget also includes Wi-Fi access point, so you can connect and control it over phone or PC. It is very suitable if you try to infiltrate the gadget over Wi-Fi network, and you do not have its network Wi-Fi password in advance, so you can add it during the on-site visit.
Bio:
Boško Banjac is a 35-year-old engineer of chemistry technology from Slovenia, working in the pharmaceutical industry. For years his biggest passion has been hacking, which he does for a hobby. In a hacking field, he is focusing on hacking gadgets, network hacking, creating malware and coding tools/scripts.
Blog: