Ethical Hacking through Raspberry Pi W Zero

Pakistan is the sixth most populous country in the world with a large internet users base. It has a huge banking sector, security apparatus, public sector services, and a private sector comprising of more than 85000 companies that need security when connected to internet yet according to the latest

Project Title

Ethical Hacking through Raspberry Pi W Zero

Project Area of Specialization

Cyber Security

Project Summary

Pakistan is the sixth most populous country in the world with a large internet users base. It has a huge banking sector, security apparatus, public sector services, and a private sector comprising of more than 85000 companies that need security when connected to internet yet according to the latest report of Comparitech, published on February 6th 2019, Pakistan ranks 7th among the countries having the worst cybersecurity. Only Algeria, Indonesia, Vietnam, Tanzania, Uzbekistan and Bangladesh have been ranked worst than Pakistan.  More recently and importantly in October 2018, Pakistani banking system lost up to 2.6 million Rupees in a major cyber attack. Websites of many ministries such as defence, water and power, information technology has been defaced several times in the past. Like the banking sector, many other sectors of Pakistan such as E-governance, the industrial sector, the agricultural sector, the health sector etc are equally vulnerable and appropriate measures are needed at an emergency level.

One of the ways to improve the cybersecurity situation of Pakistan is to build human resources in cybersecurity by providing state of the art information security training together with equipping the personnel with the latest and preferably locally produced pentesting hardware. Currently very few pentesting companies are operating in Pakistan and literally no commercial grade pentesting equipment is being produced locally. Local production of the pentesting equipment is necessary because off the shelf pentesting equipment (consisting of both hardware and software, imported from abroad) are not only expensive and take longer durations in shipment but such equipment could also have hidden backdoors, thus tempering the results and defeating the very purpose for which pentests are carried out.  The current project aims to build such state of the art hardware and software tools in Pakistan that could help the pentesters in identifying, prioritizing and defending key cyber terrain of their clients against integrated cyberspace operations. The project will also focus on assessing and improving the capabilities of the pentesting hardware and software produced during the course of the project as well as educating the masses about it. During this endeavour we aim to build, upgrade and commercialize the following products that are currently not available in Pakistan.    

• HID attack devices of various form and functionalities
• HID payloads for the HID attack devices
• Routers with completely modified firmware and added payloads that can act as penetration test power houses  

Non of these devices are currently being produced in Pakistan. 

Project Objectives

Pentesting is a process in which the security of an organization is tested with the aim to find any vulnerabilities that could be exploited by the bad actors. Such vulnerabilities are brought into the notice of the higher echelon with the hope that they are patched up before they could be exploited. Pentesting is carried out by highly trained people who are equipped with the state of the art technology, consisting of specialized hardware and software. With the right combination of tools, techniques and procedures, pentesters can simulate a real world adversary and guide their clients on their security posture and steps needed to improve it. In Pakistan there are currently very few pentesting companies and literally no commercial grade pentesting equipment is being produced locally. Local production of the pentesting equipment is necessary because off the shelf pentesting equipment (imported from abroad) could have within themselves backdoors, thus tempering the results and defeating the very purpose for which pentests are carried out. The hardware and software imported from abroad are also expensive and take longer durations in shipment. The current project aims to build such state of the art hardware and software tools in Pakistan that could help the pentesters in identifying, prioritizing and defending key cyber terrain of their clients against integrated cyberspace operations. The project will also focus on assessing and improving the capabilities of the pentesting hardware and software produced during the course of the project as well as educating the masses about it. This is important because if the good guys are not building such hardware, assessing their capabilities and Educating (BAE) the masses about it, someone else will be . . .

Project Implementation Method

By using a 340 Rupees Arduino Leanardo, we plan to compromise a fully patched computer. The same hardware will then be used to exfilterate other sensitive data such as wifi passwords, documents, movies, hashes etc from a computer using either email and internet. The modified hardware however will not be carry more than one payload and that too of a size of less than a few hundred Kilobytes. The capability to carry multiple payloads, each having a very big size will be acquired by interfacing a micro-sd card to a microcontroller. The resulting hardware will provide the capability to carry a number of payload of any size. Moreover the payload will no longer be required to be burnt into the internal memory of the microcontroller but could be read simply at the run time from the micro sd card.  However before any engagement, the payload will required to be selected manually by modifying the selection code and burning it into the internal memory of the microcontroller. The selection code has a much smaller size compared to the payload and can be burnt easily into microcontroller’s flash memory.

The hardware mentioned above will make payload design easy as the payload needs not to be burnt into the memory of the microcontroller each time (except the selection code) however any change in the payload and its testing will require taking out the micro sd card from the HID attack device, modifying the payload by inserting the micro-sd card into the computer and after modification, ejecting it from the computer and finally inserting it back to the HID attack device. This can be cumbersome especially if the payload consist of dozens of lines each of which requires fine tuning. One way to solve this issue is to allow the payload in the micro-sd card to be modified remotely. This would also allow one payload out of many, to be selected and be modified at the run time. This will not only reduce the wear and tear but will also diminish drastically the time needed to design an appropriate payload for a task at hand. All thiscan be accomplished by interfacing a small wifi device to a micro sd card and a microcontroller. Along with these benefits, addition of wifi allows the attacker to control the victim without any need of internet thus allowing the attacker to penetrate air-gapped systems as well.

Despite acting as a keyboard or a mouse, the hardware mentioned in the previous paragraph cannot act as a USB mass storage device. Hence it cannot be used to mount those attacks in which the device needs to act as a mass storage device, required for  exfilterating data from the victim machine. This is where a Raspberry pie w 0 comes into picture. With the said hardware, and a little bit tweaking with the open source software p4wnpie, a raspberry pie device can be made to act as a mass storage device with variable storage capacity that can be changed on the go. The device will also be able to emulate keyboard functionality, mouse functionality, USB Ethernet etc.

Benefits of the Project

1. To check features as well as strength of a network or system

2. Protects sensitive data from being threatened.

3..By this we can identify the vulnerabilities of a system or network

4. Hid attacks are the hardest to prevent and as a consequence hid devices are frequently used to break into the system (by pentesters). Currently, no one is producing commercial grade hid devices in Pakistan.  This project aims to do exactly that.

5. No one in Pakistan is currently working on the design, obfuscation and testing of HID based payloads that can be delivered to the target using HID attack devices. No one is providing training in the design and use of HID based payloads and attack devices .We intend to do that exactly.

6. No one is producing commercial grade routers in Pakistan that can covertly act as powerful penterter’s box. We plan to do that exactly.

7. Development of local industry in an area of sensitive nature

Technical Details of Final Deliverable

A Human interface device or HID is a type of computer device that takes input from the human and gives output back to the human. Example of HID devices are Keyboard, mouse, game controllers etc. These device donot usually require external drivers to operate. They are mostly ignored by Data loss prevention (DLP) tools as well as Antiviruses. In an HID attack, an attacker modifies the firmware of an embedded device such an Arduino or Teensy.  Such a device with modified firmware, on its outlook, looks like a USB flash drive but when plugged into a computer system through a usb port behaves like a keyboard, thereby entering into system predefined keystrokes at an extremely fast speed. These keystrokes can be used to write and execute an entire payload on the target system while making the antivirus and other defences believe during the entire process that it is an authenticated user who is writing and executing these commands.  As HID devices are extremely cheap and the payload that can be delivered using such devices are extremely versatile, HID attacks are one of hardest attacks to prevent. 

An Arduino pro-micro that carries atmega 32u4 chips can be made to behave as a keyboard if properly programmed. The same Arduino pro micro can then be interfaced with an sd card to increase the number as well as the size of payloads to be delivered by the HID device.  If an esp8266 is further added to the assembly, it can give to the HID device, its own wifi thereby providing the attacker the capability to penetrate air-gapped systems. The capabilities of HID attack devices can be improved significantly if instead of a microcontroller, a Raspberry pie with a built in wifi and Bluetooth capability is used. Such a device can give the attacker the capability to emulate not only keyboard and mouse but literally all usb based devices. The wifi and bluetooth will allow the attacker to penetrate air-gapped system while at the same time allowing wifi pentesting if required.

Once a system in the target network is compromised, the next step is to pivot through the compromised system to the network gateway and compromise it.  This can be achieved by accessing the firmware of the network gateway, modifying it, rebuilding the firmware and installing it back to the target device. Once done, the target device is permanently compromised and could be used in future for network sniffing and all other kinds of attacks including man in the middle attack, DNS poisoning, SSL stripping etc.

Final Deliverable of the Project

Hardware System

Core Industry

Security

Other Industries

Education

Core Technology

Internet of Things (IoT)

Other Technologies

Sustainable Development Goals

Industry, Innovation and Infrastructure

Required Resources

If you need this project, please contact me on contact@adikhanofficial.com