Nytro Posted October 30, 2015 Report Share Posted October 30, 2015 Hardware assisted penetration testingPenetration testing or pentesting is the practice of attacking your own or your clients’ IT systems in the same way a hacker would to identify security holes. Prior to start with the penetration testing you normally need to clearly define the scope and get a written consent from the client, in other words you need a pre-engagement contract signed by your client. Depending on the information in your possession it could be a white-box or a black-box pentest. You’ll also need to follow a standard methodology while conducting the test in order to ensure quality, reproducibility and comparability of your pentest. I’m not going to talk about this now but I plan to write a series of articles on this matter in the future. Every ethical hacker or penetration tester uses a variety of software in order to accomplish various tasks, some are well known frameworks for vulnerability assessment like Nexpose, Nessus and OpenVAS (just to name a few) or exploitation frameworks like Metasploit, CoreImpact Pro and Immunity Canvas, together with in-house tools. Obviously any software needs a personal computer, a server or a Cloud instance to run. Apart from this, there is a variety of other small devices and appliances that can assist a penetration tester during his job and today I’m going to talk right about this.HARDWARE KEYLOGGERSHardware keyloggers are used for keystroke logging, a method of capturing and recording computer users’ keystrokes, including sensitive information like passwords and credit card numbers. They can be implemented via BIOS-level firmware, or alternatively, via a device plugged inline between a computer keyboard and a computer. They usually are made of a microcontroller, a flash memory and a USB or PS/2 connector.USB KEYLOGGERPS/2 KEYLOGGER KeySweeper Wireless Keyboard Sniffer COVERT KEYLOGGER KEYBOARDHARDWARE VIDEO LOGGER (FRAME GRABBER)SIGINT AND TEMPEST SYSTEMSSIGINT (SIGnals INTellingence) is intelligence derived from electronic signals and systems used by foreign targets, such as communications systems, radars, and weapons systems. SIGINT provides a vital window for our nation into foreign adversaries’ capabilities, actions, and intentions.TEMPEST is a National Security Agency specification and NATO certification referring to spying on information systems through leaking emanations, including unintentional radio or electrical signals, sounds, and vibrations. TEMPEST covers both methods to spy upon others and also how to shield equipment against such spying. The protection efforts are also known as emission security (EMSEC), which is a subset of communications security (COMSEC). For more information about TEMPEST see here: The Complete, Unofficial TEMPEST Information Page . TEMPEST ATTACK Van Eck Phreaking demonstrationAnother interesting demonstration was given in a 2009 BlackHat talk entitled “Sniffing Keystrokes With Lasers/Voltmeters – Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage” by Andrea Barisani and Daniele Bianco of Inverse Path Ltd. https://www.blackhat.com/presentations/bh-usa-09/BARISANI/BHUSA09-Barisani-Keystrokes-SLIDES.pdfWiFi HACKING DEVICESDevices usually made of a router with an antenna capable of packet injection and a custom firmware usually based on a linux distro with hacking tools installed (aircrack-ng and others).An example of such device is WiFi Pineapple: WIFI PINEAPPLEThe WiFi Pineapple Mark V is the latest generation wireless network auditing tool from Hak5. With its custom, purpose built hardware and software, the WiFi Pineapple enable users to quickly and easily deploy advanced attacks using our intuitive web interface.From a man-in-the-middle hot-spot honeypot to an out-of-band pentest pivot box, the WiFi Pineapple is unmatched in performance, value and versatility.Another example of WiFi cracking device is Reaver Pro: REAVER PRO™ IIReaver Pro is able to crack a WEP password in only a few minutes, also WPA cracking is fast in case WPS is enabled.PENTEST BOXESMiniPwner – made up of a portable TP-Link MR3040 running OpenWrt MINI PWNERPwnie Express solutions: PWN PLUG R3 PWN PRO PWN PHONE PWN PAD#r00tabaga is thinner than the MiniPwner, smaller and lighter than the WiFi Pineapple, and has a built-in 2000mAh LI-ON battery #R00TABAGATrustedSec Attack Platform (TAP) – TAP will ensure that the system is always up-to-date with your latest patches and uses the PenTesters Framework (https://github.com/trustedsec/ptf) to automatically install all of your tools and keep them up-to-date. For hardware, it uses the Intel NUC series with a solid-state drive, 16 gigs of ram, wireless alfa attached for wireless assessments and a Verizon LTE card so you don’t have to worry about egress filtering if it isn’t available. TAP is used internally by TrustedSec and isn’t available for sale but the software is open source and can be found here: https://github.com/trustedsec/tap TAP HID ATTACKSA Human Interface Device is a device that can be plugged into the USB port of a computer and is recognized as a keyboard and automatically trusted and executed by the computer (unlike CDs/DVDs and normal USB drives that rely on the Autorun). It can be programmed in order to execute a payload (as keystrokes) that can do many things, even spawning a shell, dumping passwords and escalate privileges.Teensy – a complete USB-based microcontroller development system, in a very small footprint, capable of implementing many types of projects. All programming is done via the USB port. No special programmer is needed, only a standard “Mini-B” USB cable and a PC or Macintosh with a USB port. TEENSYThere are some libraries available for Teensy, like PHUKD by IronGeek, SET, Kautilya and Peensy.Bad USB – a concept of HID attack vector presented at Blackhat 2014 by Karsten Nohl. USB RUBBER DUCKY – a HID attack tool by Hack5 RUBBER DUCKYMAKE YOUR OWN HACKER GADGETAll of us have heard about or used Hacker Gadgets like the WiFi Pineapple, Minipwner, Pwn Plug, R00tabaga etc. They are fantastic to use for demos, in social engineering tasks, explaining security implications in a fun way to non security professionals and in actual pentest task automation! but what does it take to build one? In this course, we will teach you how to build a Hacker Gadget (or Pentest Gadget if you prefer) for less than $50 from scratch. How much technical expertise do you need to follow this course? – if you’ve installed Linux and ever configured an Access Point, you will feel right at home!See the course on PentesterAcademy, a SecurityTube.net initiative.BOOKS Some useful books for creating your own hacker gadget:Happy hacking! Author: Fabio Baroni Date: 2015-10-29 22:46:19Sursa: http://www.pentest.guru/index.php/2015/10/29/hardware-assisted-penetration-testing/ Quote Link to comment Share on other sites More sharing options...
