In most office environments, power strips or surge protectors are a normal, everyday device that most of our computers, printers, copiers, etc. are plugged into. They’re fairly innocuous and probably something we take for granted, right? Just a normal piece of equipment in our office. What if that power strip was actually a hacker’s tool, and was quietly facilitating the exfiltration of private data from your organization?
Check out the Power Pwn – a fully functional 8-outlet, 120V power strip, that also contains anything you would need to penetrate a network, including dual Ethernet ports, a high-gain wireless antenna, Bluetooth, and optional 3G/LTE. Once this device is carefully placed in your environment, a hacker can remotely access and control it, and begin to explore and attack anything it can see on your network.
Maybe your network team have things locked down fairly tight, and plugging this thing into an Ethernet port for a photocopier isn’t going to get access to anything important. Then an employee decides they need more power outlets at their desk and quietly moves this shiny new surge protector off the copier, and to their desk. I mean, that copier only needs one power outlet, why waste 8 perfectly good outlets there? Now, they happily “protect” their desktop computer with this device once it has been relocated to their office. Let’s say this employee is a member of your Finance team, or Human Resources…and their desktop Ethernet port has a lot more access to sensitive information on your network…
This is one example of some of the toys tools available to anyone interested in doing a little hacking. More often than not they are sold as ‘Penetration Testing’ devices for use by security professionals who might be hired by private companies to do a vulnerability assessment or penetration test on their networks.
These are also tools that you, the IT Pro can use to do a little hacking of your own, allowing you to learn more about the potential threats to your environment, and further protect it with that knowledge.
A Pineapple, a Ducky, and a Turtle walk into a bar…
As we’ve progressed through the last 50 years of technology advanced according to Moore’s Law, the size of processors and devices that use them have scaled down considerably as well. This has allowed the emergence of tiny microcomputers that are as powerful or more powerful than their full-sized counterparts from 3-5 years past.
The Power Pwn is just one example of a pre-fabricated, plug-and-play hacking device, with a tiny embedded computer, capable of running a fully functional operating system and tool package that allows for penetration and possible attack of an unsuspecting network.
Check out the store at Hak5Shop for some of these other great tools.
For those interested in lurking about the airwaves, there is the Wifi Pineapple. This nefarious little device allows you to scan and analyze wireless networks. With it you can create your
own ad-hoc network, or mimic your local coffee shop’s wireless network and intercept and analyze traffic across it from other patrons, while they check their bank balances sipping on a latte.
I hope this goes without saying but I’ll say it anyway - DO NOT DO THIS. This is about hacking without getting arrested.
It would be perfectly okay to use a Wifi Pineapple at home, and intercept your teenager’s Snapchat conversations perhaps…
The USB Rubber Ducky looks like a harmless USB key, but plug it into the USB port of your Windows, OSX, Android, or Linux device, and it will fool any of those operating systems into believing it’s just a keyboard (getting around any pesky security policy blocking USB drives by acting as a HID – Human Interface Device) and then dropping a malicious payload, opening a reverse shell, or logging keystrokes.
Right, but people don’t put strange USB keys into their devices, right? Well, it turns out about half of them still do. A presentation from Blackhat 2016 discussed an experiment in which almost 300 USB keys were randomly dropped around the campus of the University of Illinois, and 48% of them reported back into the researchers, indicating they had been plugged in and were able to establish connectivity to the researcher’s command and control server. There was no malicious payload here obviously, but it shows that what we as IT Pros may see as common sense, isn’t all that common. People see a free 32GB USB key sitting on a park bench and think it’s perfectly okay to plug it in and check it out.
Pick up a few Duckys and set up a quick test at your office, with permission of course, and see if Dave from HR likes free USB keys. I bet he does.
Another cool tool from this site is the Lan Turtle. This little guy looks like a USB Ethernet adapter – perfect for the latest lightweight notebooks that don’t have Ethernet, right? Well, now you’ve provided an attacker with remote access, network scanning, and man-in-the-middle capabilities.
Finally, if you haven’t already bought one, get yourself a Raspberry Pi. These micro computers are the perfect platform for doing some playing/hacking in your home lab or at work, especially coupled with one of the OS or software packages I will talk about next.
Sharks and Dragons
I’ll caveat this segment by suggesting that you get comfortable with Linux, of any flavor. I don’t mean you need to grow a ridiculous beard and lose the ability to walk outside in daylight, but at least be able to navigate the filesystem, install applications, do some basic configuration (networking, users, permissions), and edit text. I don’t want to open the Nano vs. Vi can of worms here, but let’s just say I opened Vi once, and I’m still stuck in it, so use Nano if you’re a ‘Nix rookie like me.
Also if you know how to get out of Vi, please let me know.
The reason here is that many of the popular pentest/hacking software packages are Linux-based. Many of the tools are open source, and community-driven, and so they are written to run in a command line on an open source platform like Linux.
There are some that have Windows/OSX variants or some sort of GUI, but if you want to get your hands on all the bells and whistles, the shell is your friend.
Having said all of that, I’ll start with a tool that actually doesn’t need Linux, and that is the packet capture tool – Wireshark. Wireshark does one thing and it does it really well, it captures network traffic at the packet level, wired or wireless, and allows you to actually see the traffic crossing your network in extreme detail. It’s a cornerstone tool for network administrators for troubleshooting, and it’s a powerful tool for security professionals who want to take a deep granular view of the information crossing their networks.
Wireshark 101 by Laura Chappell – the preeminent expert on Wireshark, is recommended reading if you want to build a solid foundation on packet capture and analysis.
Next up, Kali Linux. I warned you about the Linux, right? Often referred to as simply “Kali” – this is a Debian-based Linux distribution that is actually a package of over 600 penetration testing and hacking tools. It’s the Swiss Army Knife for security professionals, and hackers wearing hats of any color. While the underlying platform is still Linux, it does have a great GUI that allows access to the tools within. Not to mention, the really cool dragon logo that has made its way into popular culture, making appearances in Mr. Robot.
Mr. Robot is required viewing if you’re interested in hacking, by the way.
Kali also has a fantastic resource available for learning how to properly use it – Kali Linux Revealed should also be added to your reading list if you want to take a deeper look at using Kali for your own purposes.
Less of a hacking tool, and more of a security analysis product is Nessus. Nessus is primarily a vulnerability scanner, allowing you to discover and assess any significant security flaws in your environment. This isn’t a penetration test mind you, but an assessment of software and operating systems within your network. It will identify devices that are exposed or vulnerable to malware, un-patched operating systems, and common exploits. It is free to use for individuals, and another software product I highly recommend testing within your own environment.
All of the tools outlined here are simply that, tools. They can be used to learn and assess, or they can be used maliciously and illegally. For us, we want to learn and develop skills, rather than end up with lengthy prison terms because we packet-captured a bunch of credit card numbers at our local Starbucks.
So, please don’t do that.
If you are interested in hacking, as an IT professional, I’d highly encourage you to try and get your hands on the software I’ve outlined here at the very minimum. It’s all free, and doesn’t require a lot of resources to run. If you want to take things a bit further, get your hands on some of the hardware tools as well. The combined creative potential between the hardware and software here is limitless.
Mr. Robot was already mentioned as required viewing, but there’s more! If you haven’t already seen these multiple times, you budding hackers have a homework assignment – to watch the following movies:
Wargames (How about a nice game of chess?)
Hackers (Hack the planet!)
Sneakers (Setec Astronomy)
Please comment below and let me know of any other tools, hardware or software you'd recommend to a greenhorn hacker. What movies, books, or TV should be required viewing/reading?