SlideShare ist ein Scribd-Unternehmen logo

Mere Paas Teensy Hai (Nikhil Mittal)

ClubHack
ClubHack

ClubHack 2011 Hacking and Security Conference. Talk - Mere Pass Teensy Hai Speaker - Nikhil MIttal

Technologie
1 von 46
Downloaden Sie, um offline zu lesen
MERE PAAS TEENSY HAI OR COMPROMISING A HIGHLY SECURE ENVIRONMENT PART 2 Nikhil Mittal (SamratAshok)
ABOUT ME  SamratAshok  Twitter - @nikhil_mitt  Penetration Tester with PwC India  I am interested in Offensive Information Security, new attack vectors and methodologies to pwn systems.  Creator of Kautilya and Maareech  Previous Talks  Ultimate Pen Testing: Compromising a highly secure environment Clubhack’10  Here are your Keystrokes Hackfest’11  Upcoming Talks  Kautilya: Teensy beyond shell Blackhat Abu Dhabi’11
OVERVIEW  Why the Title?  Current State of Pentesting  Questions being raised to us  The answer to the questions  What’s done  What we will do  Limitations  Future  Conclusion
WHY THE TITLE?  What I Told to the ClubHack team:  I talked about compromising a highly secure environment last year, let’s continue with the pwnage!!  Thanks to the team for buying that and allowing me to speak.  The real reason:
A TYPICAL PEN TEST SCENARIO  A client engagement comes with IP addresses.  We need to complete the assignment in very restrictive time frame.  Pressure is on us to deliver a “good” report with some high severity findings. (That “High” return inside a red colored box)
CURRENT STATE OF PENTESTING Vuln Exploit Report Scan
 This is a best case scenario.  Only lucky ones find that.  Generally legacy Enterprise Applications or Business Critical applications are not upgraded.  There is almost no fun doing it that way.
SOME OF US DO IT BETTER Enum Scan Exploit Report
SOME OF US DO IT EVEN BETTER Enum Post + Scan Exploit Report Exp Intel
WHY DO WE NEED TO EXPLOIT?  To gain access to the systems.  This shows the real threat to clients that we can actually make an impact on their business. No more “so-what”   We can create reports with “High” Severity findings.  <Audience>  <Audience>
WHAT DO WE EXPLOIT?  Memory Corruption bugs.  Server side  Client Side  Humans  Mis-configurations  Design Problems  <Audience>  <Audience>
QUESTIONS BEING RAISED TO US  Many times we get some vulnerabilities but can’t exploit.  No public exploits available.  Not allowed on the system.  Countermeasure blocking it.  Exploit completed but no session was generated :P Kya hai tumhare paas?
QUESTIONS BEING RAISED TO US  Hardened Systems  Patches in place  Countermeasures blocking scans and exploits  Security incident monitoring and blocking Kya hai tumhare paas?
QUESTIONS BEING RAISED TO US  Just a bad day.  Exploit completed but no session was generated :P Kya hai tumhare paas?
ALTERNATIVES  Open file shares.  Sticky slips.  Social Engineering attacks.  Man In The Middle (many types)  SMB Relay  <Audience>  <Audience>
THE ANSWER TO THE QUESTIONS TEENSY  A USB Micro-controller device.  We will use Teensy ++ which is a newer version of Teensy.  Available for $24 from pjrc.com Mere paas Teensy hai
USING TEENSY  Find an unattended system and insert the teensy device in USB port.  Fool your victim by disguising it as a mouse, USB toy, Thumb drive etc.  Generally Teensy needs just a minute to complete the job.  You can program it according to your needs.  Undetected and unblocked, Teensy works great for popping shells.
WHAT’S DONE  Arduino-Based attack vector in Social Engineering Toolkit by David Kennedy  Contains some really awesome payloads.  Almost all payloads are for popping shells.
WHAT WE WILL DO  Teensy can be used for much more than popping shells.  It can be used to perform pre and post exploitation.  We will have a detailed look at some of these payloads and will understand how to create payloads as per our needs.
DESCRIPTION OF PAYLOADS  More for Windows as desktops are generally based on Windows.  Payloads vary from one line commands to powerful scripts.  If you know powershell scripting, payloads will make more sense and will be easier to customize.
DEMO
WINDOWS USER ADD
THANK YOU
DEFAULT DNS
EDIT HOSTS FILE
ENABLE RDP
BUT  What if even Teensy doesn’t work? With other options not working already?  If USB ports are ripped off?  Would it be impossible to pwn such environment?
ENABLE TELNET
FORCEFUL BROWSING
DOWNLOAD AND EXECUTE
SETHC AND UTILMAN BACKDOOR
UNINSTALL APPLICATION
REGISTRY EXPORT
TWEET
HASHDUMP
CODE EXECUTION
KEYLOGGING
LIMITATIONS  Limited storage in Teensy. Resolved if you attach a SD card with Teensy.  Inability to “read” from the system. You have to assume the responses of victim OS and there is only one way traffic.
FUTURE  Kautilya  Improvement in current payloads.  New payloads for non-traditional shells.  Dropping executables using additional storage (already done).
CONCLUSION  If used wisely Teensy can be used as a complete penetration testing device though with its own limitations.  It’s a cheap device so use it.  Please use Kautilya and give feedback after it is released. Mere paas Teensy hai
THANK YOU  Questions?  Insults?  Feedback?

Empfohlen

10 Reasons Why You Fix Bugs As Soon As You Find Them
10 Reasons Why You Fix Bugs As Soon As You Find Them10 Reasons Why You Fix Bugs As Soon As You Find Them
10 Reasons Why You Fix Bugs As Soon As You Find Them
Rosie Sherry
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Adrian Sanabria
 
Security - The WLF Principle
Security - The WLF PrincipleSecurity - The WLF Principle
Security - The WLF Principle
Marco Gralike
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014
TonikJDK
 
Testing web security security of web sites and applications
Testing web security security of web sites and applicationsTesting web security security of web sites and applications
Testing web security security of web sites and applications
Huong Muoi
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
SeniorStoryteller
 
How to prevent a laptop crash
How to prevent a laptop crashHow to prevent a laptop crash
How to prevent a laptop crash
Shae
 
Sai devops - the art of being specializing generalist
Sai devops - the art of being specializing generalistSai devops - the art of being specializing generalist
Sai devops - the art of being specializing generalist
Odd-e
 

Empfohlen

10 Reasons Why You Fix Bugs As Soon As You Find Them
10 Reasons Why You Fix Bugs As Soon As You Find Them10 Reasons Why You Fix Bugs As Soon As You Find Them
10 Reasons Why You Fix Bugs As Soon As You Find Them
Rosie Sherry
 
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Stranded on Infosec Island: Defending the Enterprise with Nothing but Windows...
Adrian Sanabria
 
Security - The WLF Principle
Security - The WLF PrincipleSecurity - The WLF Principle
Security - The WLF Principle
Marco Gralike
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014
TonikJDK
 
Testing web security security of web sites and applications
Testing web security security of web sites and applicationsTesting web security security of web sites and applications
Testing web security security of web sites and applications
Huong Muoi
 
Silver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security SolutionsSilver Lining for Miles: DevOps for Building Security Solutions
Silver Lining for Miles: DevOps for Building Security Solutions
SeniorStoryteller
 
How to prevent a laptop crash
How to prevent a laptop crashHow to prevent a laptop crash
How to prevent a laptop crash
Shae
 
Sai devops - the art of being specializing generalist
Sai devops - the art of being specializing generalistSai devops - the art of being specializing generalist
Sai devops - the art of being specializing generalist
Odd-e
 
Security Theatre - PHP UK Conference
Security Theatre - PHP UK ConferenceSecurity Theatre - PHP UK Conference
Security Theatre - PHP UK Conference
xsist10
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Benelux
xsist10
 
The complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenanceThe complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenance
eyob eshetu
 
Protecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsProtecting Data in Untrusted Locations
Protecting Data in Untrusted Locations
Jan Schaumann
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy Style
Rob Fuller
 
Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?
Noah Sussman
 
CS5032 Lecture 2: Failure
CS5032 Lecture 2: FailureCS5032 Lecture 2: Failure
CS5032 Lecture 2: Failure
John Rooksby
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014
Rob Fuller
 
App locker
App lockerApp locker
App locker
Concentrated Technology
 
Macintosh Myths
Macintosh MythsMacintosh Myths
Macintosh Myths
jaberg
 
Basic computer and RAM troubleshooting
Basic computer and RAM troubleshootingBasic computer and RAM troubleshooting
Basic computer and RAM troubleshooting
Leah Gonzales
 
avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license key
HayWhitfield72
 
Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)
Charity Majors
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
Joe McCray
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
E Hacking
 
AEPWP09292016
AEPWP09292016AEPWP09292016
AEPWP09292016
Demi Washington
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
Joe McCray
 
Defense at Scale
Defense at ScaleDefense at Scale
Defense at Scale
Jan Schaumann
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
Joe McCray
 
Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007
ClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
ClubHack
 

Weitere ähnliche Inhalte

Was ist angesagt?

CS5032 Lecture 2: Failure
CS5032 Lecture 2: FailureCS5032 Lecture 2: Failure
CS5032 Lecture 2: Failure
John Rooksby
 
avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license key
HayWhitfield72
 
Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)
Charity Majors
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
Joe McCray
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
Joe McCray
 

Was ist angesagt? (19)

Security Theatre - PHP UK Conference
Security Theatre - PHP UK ConferenceSecurity Theatre - PHP UK Conference
Security Theatre - PHP UK Conference
 
Security Theatre - Benelux
Security Theatre - BeneluxSecurity Theatre - Benelux
Security Theatre - Benelux
 
The complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenanceThe complete-guide-to-home-computer-maintenance
The complete-guide-to-home-computer-maintenance
 
Protecting Data in Untrusted Locations
Protecting Data in Untrusted LocationsProtecting Data in Untrusted Locations
Protecting Data in Untrusted Locations
 
Practical Exploitation - Webappy Style
Practical Exploitation - Webappy StylePractical Exploitation - Webappy Style
Practical Exploitation - Webappy Style
 
Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?Software Entomology or Where Do Bugs Come From?
Software Entomology or Where Do Bugs Come From?
 
CS5032 Lecture 2: Failure
CS5032 Lecture 2: FailureCS5032 Lecture 2: Failure
CS5032 Lecture 2: Failure
 
Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014Attacker Ghost Stories - ShmooCon 2014
Attacker Ghost Stories - ShmooCon 2014
 
App locker
App lockerApp locker
App locker
 
Macintosh Myths
Macintosh MythsMacintosh Myths
Macintosh Myths
 
Basic computer and RAM troubleshooting
Basic computer and RAM troubleshootingBasic computer and RAM troubleshooting
Basic computer and RAM troubleshooting
 
avast 7.0.1474 license key
avast 7.0.1474 license keyavast 7.0.1474 license key
avast 7.0.1474 license key
 
Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)Observability for Emerging Infra (what got you here won't get you there)
Observability for Emerging Infra (what got you here won't get you there)
 
So you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you howSo you wanna be a pentester - free webinar to show you how
So you wanna be a pentester - free webinar to show you how
 
Unmasking or De-Anonymizing You
Unmasking or De-Anonymizing YouUnmasking or De-Anonymizing You
Unmasking or De-Anonymizing You
 
AEPWP09292016
AEPWP09292016AEPWP09292016
AEPWP09292016
 
Getting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking CompetitionGetting ready for a Capture The Flag Hacking Competition
Getting ready for a Capture The Flag Hacking Competition
 
Defense at Scale
Defense at ScaleDefense at Scale
Defense at Scale
 
Building a low cost hack lab
Building a low cost hack labBuilding a low cost hack lab
Building a low cost hack lab
 

Andere mochten auch

Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007
ClubHack
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
ClubHack
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
ClubHack
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
ClubHack
 
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
IntelCollab.com
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
festival ICT 2016
 
Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007
ClubHack
 

Andere mochten auch (20)

Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007Amish Umesh - Future Of Web App Testing - ClubHack2007
Amish Umesh - Future Of Web App Testing - ClubHack2007
 
Infrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy HiremathInfrastructure Security by Sivamurthy Hiremath
Infrastructure Security by Sivamurthy Hiremath
 
One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)One link Facebook (Anand Pandey)
One link Facebook (Anand Pandey)
 
Implementing Agile Marketing at e-FOOD.gr
Implementing Agile Marketing at e-FOOD.grImplementing Agile Marketing at e-FOOD.gr
Implementing Agile Marketing at e-FOOD.gr
 
HUMINT Analysis Resume
HUMINT Analysis ResumeHUMINT Analysis Resume
HUMINT Analysis Resume
 
The Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas KurianThe Difference Between the Reality and Feeling of Security by Thomas Kurian
The Difference Between the Reality and Feeling of Security by Thomas Kurian
 
Global Cyber Threat Intelligence
Global Cyber Threat IntelligenceGlobal Cyber Threat Intelligence
Global Cyber Threat Intelligence
 
Fatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep KambleFatcat Automatic Web SQL Injector by Sandeep Kamble
Fatcat Automatic Web SQL Injector by Sandeep Kamble
 
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
Scenatio based hacking - enterprise wireless security (Vivek Ramachandran)
 
Critical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh BelgiCritical Infrastructure Security by Subodh Belgi
Critical Infrastructure Security by Subodh Belgi
 
Development of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and OrganisationDevelopment of National Cybersecurity Strategy and Organisation
Development of National Cybersecurity Strategy and Organisation
 
Osint overview 26 mar 2015
Osint overview 26 mar 2015Osint overview 26 mar 2015
Osint overview 26 mar 2015
 
IA/UX Spy School
IA/UX Spy SchoolIA/UX Spy School
IA/UX Spy School
 
Competitive Intelligence Analysis
Competitive Intelligence AnalysisCompetitive Intelligence Analysis
Competitive Intelligence Analysis
 
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
How Internal Human Intelligence Networks (HUMINT) Develop External Primary So...
 
India legal 31 october 2014
India legal 31 october 2014India legal 31 october 2014
India legal 31 october 2014
 
OSINT for Attack and Defense
OSINT for Attack and DefenseOSINT for Attack and Defense
OSINT for Attack and Defense
 
Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)Open Source Intelligence (OSINT)
Open Source Intelligence (OSINT)
 
COMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCECOMPETITIVE INTELLIGENCE
COMPETITIVE INTELLIGENCE
 
Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007Shreeraj - Hacking Web 2 0 - ClubHack2007
Shreeraj - Hacking Web 2 0 - ClubHack2007
 

Ähnlich wie Mere Paas Teensy Hai (Nikhil Mittal)

From 🤦 to 🐿️
From 🤦 to 🐿️From 🤦 to 🐿️
From 🤦 to 🐿️
Ori Pekelman
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Dan Kaminsky
 
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docxCTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
annettsparrow
 
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Burr Sutter
 
Matt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one everMatt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one ever
DevSecCon
 

Ähnlich wie Mere Paas Teensy Hai (Nikhil Mittal) (20)

More fun using Kautilya
More fun using KautilyaMore fun using Kautilya
More fun using Kautilya
 
Teensy Programming for Everyone
Teensy Programming for EveryoneTeensy Programming for Everyone
Teensy Programming for Everyone
 
Hacking the future with USB HID
Hacking the future with USB HIDHacking the future with USB HID
Hacking the future with USB HID
 
Kautilya: Teensy beyond shell
Kautilya: Teensy beyond shellKautilya: Teensy beyond shell
Kautilya: Teensy beyond shell
 
Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)Broken by design (Danny Fullerton)
Broken by design (Danny Fullerton)
 
Chaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just ChaosChaos Engineering Without Observability ... Is Just Chaos
Chaos Engineering Without Observability ... Is Just Chaos
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
A Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdfA Big Dashboard of Problems.pdf
A Big Dashboard of Problems.pdf
 
From 🤦 to 🐿️
From 🤦 to 🐿️From 🤦 to 🐿️
From 🤦 to 🐿️
 
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of TryingShowing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
Showing How Security Has (And Hasn't) Improved, After Ten Years Of Trying
 
Application compatibility final
Application compatibility finalApplication compatibility final
Application compatibility final
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous Deployment
 
Puppet for SysAdmins
Puppet for SysAdminsPuppet for SysAdmins
Puppet for SysAdmins
 
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docxCTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
CTTS CASE STUDY - Milestone 2 Problem AnalysisPage 2-7MILEST.docx
 
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
Teaching Elephants to Dance (and Fly!): A Developer's Journey to Digital Tran...
 
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.02014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0
2014-10 DevOps NFi - Why it's a good idea to deploy 10 times per day v1.0
 
Matt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one everMatt carroll - "Security patching system packages is fun" said no-one ever
Matt carroll - "Security patching system packages is fun" said no-one ever
 
30 days or less: New Features to Production
30 days or less: New Features to Production30 days or less: New Features to Production
30 days or less: New Features to Production
 
BNI, 10-Minute Pres, IT Business
BNI, 10-Minute Pres, IT BusinessBNI, 10-Minute Pres, IT Business
BNI, 10-Minute Pres, IT Business
 
Backtrack Manual Part9
Backtrack Manual Part9Backtrack Manual Part9
Backtrack Manual Part9
 

Mehr von ClubHack

Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
ClubHack
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
ClubHack
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
ClubHack
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
ClubHack
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
ClubHack
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
ClubHack
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
ClubHack
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
ClubHack
 

Mehr von ClubHack (20)

Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ BangaloreCyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
Cyberlaw by Mr. Pavan Duggal at ClubHack Infosec KeyNote @ Bangalore
 
Cyber Insurance
Cyber InsuranceCyber Insurance
Cyber Insurance
 
Summarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threatSummarising Snowden and Snowden as internal threat
Summarising Snowden and Snowden as internal threat
 
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
Stand Close to Me & You're pwned! Owning Smart Phones using NFC by Aditya Gup...
 
Smart Grid Security by Falgun Rathod
Smart Grid Security by Falgun RathodSmart Grid Security by Falgun Rathod
Smart Grid Security by Falgun Rathod
 
Legal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara AgrawalLegal Nuances to the Cloud by Ritambhara Agrawal
Legal Nuances to the Cloud by Ritambhara Agrawal
 
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar KuppanHybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
Hybrid Analyzer for Web Application Security (HAWAS) by Lavakumar Kuppan
 
Hacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish BomissttyHacking and Securing iOS Applications by Satish Bomisstty
Hacking and Securing iOS Applications by Satish Bomisstty
 
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman GuptaContent Type Attack Dark Hole in the Secure Environment by Raman Gupta
Content Type Attack Dark Hole in the Secure Environment by Raman Gupta
 
XSS Shell by Vandan Joshi
XSS Shell by Vandan JoshiXSS Shell by Vandan Joshi
XSS Shell by Vandan Joshi
 
Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012Clubhack Magazine Issue February 2012
Clubhack Magazine Issue February 2012
 
ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012ClubHack Magazine issue 26 March 2012
ClubHack Magazine issue 26 March 2012
 
ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012ClubHack Magazine issue April 2012
ClubHack Magazine issue April 2012
 
ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012ClubHack Magazine Issue May 2012
ClubHack Magazine Issue May 2012
 
ClubHack Magazine – December 2011
ClubHack Magazine – December 2011ClubHack Magazine – December 2011
ClubHack Magazine – December 2011
 
Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)Pentesting Mobile Applications (Prashant Verma)
Pentesting Mobile Applications (Prashant Verma)
 
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)How Android Based Phone Helped Me Win American Idol (Elad Shapira)
How Android Based Phone Helped Me Win American Idol (Elad Shapira)
 
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
Handle Explotion of Remote System Without Being Online (Merchant Bhaumik)
 
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
Dom XSS - Encounters of the 3rd Kind (Bishan Singh Kochher)
 
Android forensics (Manish Chasta)
Android forensics (Manish Chasta)Android forensics (Manish Chasta)
Android forensics (Manish Chasta)
 

Kürzlich hochgeladen

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Kürzlich hochgeladen (20)

The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Mere Paas Teensy Hai (Nikhil Mittal)

  • 1. MERE PAAS TEENSY HAI OR COMPROMISING A HIGHLY SECURE ENVIRONMENT PART 2 Nikhil Mittal (SamratAshok)
  • 2. ABOUT ME  SamratAshok  Twitter - @nikhil_mitt  Penetration Tester with PwC India  I am interested in Offensive Information Security, new attack vectors and methodologies to pwn systems.  Creator of Kautilya and Maareech  Previous Talks  Ultimate Pen Testing: Compromising a highly secure environment Clubhack’10  Here are your Keystrokes Hackfest’11  Upcoming Talks  Kautilya: Teensy beyond shell Blackhat Abu Dhabi’11
  • 3. OVERVIEW  Why the Title?  Current State of Pentesting  Questions being raised to us  The answer to the questions  What’s done  What we will do  Limitations  Future  Conclusion
  • 4. WHY THE TITLE?  What I Told to the ClubHack team:  I talked about compromising a highly secure environment last year, let’s continue with the pwnage!!  Thanks to the team for buying that and allowing me to speak.  The real reason:
  • 5.
  • 6. A TYPICAL PEN TEST SCENARIO  A client engagement comes with IP addresses.  We need to complete the assignment in very restrictive time frame.  Pressure is on us to deliver a “good” report with some high severity findings. (That “High” return inside a red colored box)
  • 7. CURRENT STATE OF PENTESTING Vuln Exploit Report Scan
  • 8.  This is a best case scenario.  Only lucky ones find that.  Generally legacy Enterprise Applications or Business Critical applications are not upgraded.  There is almost no fun doing it that way.
  • 9. SOME OF US DO IT BETTER Enum Scan Exploit Report
  • 10. SOME OF US DO IT EVEN BETTER Enum Post + Scan Exploit Report Exp Intel
  • 11. WHY DO WE NEED TO EXPLOIT?  To gain access to the systems.  This shows the real threat to clients that we can actually make an impact on their business. No more “so-what”   We can create reports with “High” Severity findings.  <Audience>  <Audience>
  • 12. WHAT DO WE EXPLOIT?  Memory Corruption bugs.  Server side  Client Side  Humans  Mis-configurations  Design Problems  <Audience>  <Audience>
  • 13. QUESTIONS BEING RAISED TO US  Many times we get some vulnerabilities but can’t exploit.  No public exploits available.  Not allowed on the system.  Countermeasure blocking it.  Exploit completed but no session was generated :P Kya hai tumhare paas?
  • 14. QUESTIONS BEING RAISED TO US  Hardened Systems  Patches in place  Countermeasures blocking scans and exploits  Security incident monitoring and blocking Kya hai tumhare paas?
  • 15. QUESTIONS BEING RAISED TO US  Just a bad day.  Exploit completed but no session was generated :P Kya hai tumhare paas?
  • 16. ALTERNATIVES  Open file shares.  Sticky slips.  Social Engineering attacks.  Man In The Middle (many types)  SMB Relay  <Audience>  <Audience>
  • 17. THE ANSWER TO THE QUESTIONS TEENSY  A USB Micro-controller device.  We will use Teensy ++ which is a newer version of Teensy.  Available for $24 from pjrc.com Mere paas Teensy hai
  • 18. USING TEENSY  Find an unattended system and insert the teensy device in USB port.  Fool your victim by disguising it as a mouse, USB toy, Thumb drive etc.  Generally Teensy needs just a minute to complete the job.  You can program it according to your needs.  Undetected and unblocked, Teensy works great for popping shells.
  • 19. WHAT’S DONE  Arduino-Based attack vector in Social Engineering Toolkit by David Kennedy  Contains some really awesome payloads.  Almost all payloads are for popping shells.
  • 20. WHAT WE WILL DO  Teensy can be used for much more than popping shells.  It can be used to perform pre and post exploitation.  We will have a detailed look at some of these payloads and will understand how to create payloads as per our needs.
  • 21. DESCRIPTION OF PAYLOADS  More for Windows as desktops are generally based on Windows.  Payloads vary from one line commands to powerful scripts.  If you know powershell scripting, payloads will make more sense and will be easier to customize.
  • 22. DEMO
  • 24.
  • 25.
  • 26.
  • 31. BUT  What if even Teensy doesn’t work? With other options not working already?  If USB ports are ripped off?  Would it be impossible to pwn such environment?
  • 32.
  • 36. SETHC AND UTILMAN BACKDOOR
  • 39. TWEET
  • 43. LIMITATIONS  Limited storage in Teensy. Resolved if you attach a SD card with Teensy.  Inability to “read” from the system. You have to assume the responses of victim OS and there is only one way traffic.
  • 44. FUTURE  Kautilya  Improvement in current payloads.  New payloads for non-traditional shells.  Dropping executables using additional storage (already done).
  • 45. CONCLUSION  If used wisely Teensy can be used as a complete penetration testing device though with its own limitations.  It’s a cheap device so use it.  Please use Kautilya and give feedback after it is released. Mere paas Teensy hai
  • 46. THANK YOU  Questions?  Insults?  Feedback?