Simple Hacking Tools

Alex | | CiscoLive Barcelona

These are the notes of a talk about tools you can use for educate yourself in hacking. If you know the tools, you can find and defend yourself against them. These articles are just notes and may be missing some specific context or could be already outdated.

How secure is your network?

Weakest link are people. Invest in training for your employees. At least the same amount of money than for technical tools in IT security.

Be the hacker for a day

Get a responsible letter, to be allowed to do this. Otherwise it is crime and you can loose at least your job!

Tools

  • Kali of course
  • Metasploitable2 Linux (vulnerable linux by intend to learn!)
  • Windows VM

Hardware (USB) hacking tools

If you have physcial access!

Rubber Ducky

Ducky Script just text code. Precoded stuff on Github available.

How to stop?

Doesnt really help, because Rubber Ducky can emulate Keyboard, CD Drive, Ethernet Adapter and so on:

  • Block USB
  • Disable AutoRun/AutoPlay
  • Deploy USB Firewall

LAN Turtle

Gives you a Shell inside the network.

USB and Ethernet Port on it. Man in the middle. It has it's own DHCP Server on it and gives the PC a IP and takes an IP from the corporate DHCP.

  • Meterpreter included
  • Many modules
  • ICMP capsulated and many more

How to stop?

  • Close SSH outbound
  • 802.1x
  • USB AutoRun will not block, because it's MITM

Bash Bunny

How safe is your unattended locked computer?

  • Switch with 2 different payload, mode 3: arming mode
  • RNDIS_Ethernet (Windows) driver. Shows up as eth interface
  • ECM_Ethernet (ohter OS)
  • Serial
  • Storage
  • HID (Human Interactive Device) Keyboard f.ex.
  • Drag and Drop Attack, it shows up as storage device to upload payload.

Take the hash from the credentials.

How to stop?

Python based script to inform with SMS or Slack if there was USB activity.

  • The only solution is to block USB completely.

Software hacking tools

Metasploitable 2 as victim machine. Then use metasploit to attack it:

  • Check the rank, to get a success :)
  • Set options
  • show exploits
  • exploit (pwnd)

Metasploitable 3 is Windows 2008 vulnerable.

Social Engineering

BeFF
Webserver to send users to websites to exploit the browser. With social engineering, there can be started multiple attacks against the user. Live! And then pops up in the browser session.

How to stop?

Educated the user!