Can you be hacked by a Rubber Duck? HIVE Live Hack

Can you be hacked by a Rubber Duck? HIVE Live Hack


in this episode we’re going to be
showing you the importance of keeping your device protected against hackers
don’t go anywhere hello to you and welcome to the hive now
if this is your first time here my name is Ryan and if you want to keep up to
date with all things tech all you need to do is make sure that you hit
subscribe and hit the bell so you don’t miss anything. Now hacking attacks can
happen to anyone on any device and anywhere and today we are joined by
Stuart from chess hello to you welcome back to the hive. Now hacking
attacks that can happen to anyone anywhere on on any device and we’re
going to touch on one that I’m particularly interested in too and I
think it would affect people in the workplace possibly if they’re at home
talk us through kind of the hacking attack that you’re gonna do
today sure so today we’re going to be focusing
on unlocked and unattended workstations okay an attack known as a rubber ducky
attack where we take a USB stick with a pretended script we plug it into the USB
port and it acts as a keyboard and can type a couple hundred characters a
second all right okay interesting so and it’s all done just through on here all
pre-done so what are the dangers then how is it how can that USB stick then
what can that do even for the attack so as soon as we plug it into the laptop it
can present itself to the to the workstation as a keyboard and because
it’s a keyboard it can type characters so if a malicious person was to access
an unattended and unlocked workstation they could type the commands in
themselves right it might take them a bit of time but they could use a rubber
ducky attack plug it in have the payload executed within a matter of seconds
unplug it and walk away but we’re going to take it one step further and we’re
gonna use a wireless rubber ducky attack as well okay so so to demonstrate this
if we plug the USB stick into the workstation so this is now a mock up
this is imagine this is a just a normal computer at work absolutely of that so
someone’s you know they’ve gone to they’ve gone to click the posts or
they’re going to make me a cup of coffee or something I’ve asked them do that
they’ve walked away they’ve left it unlocked and unattended so what’s gonna
happen as soon as I plug this in is it’s preloaded to execute a payload
straightaway okay the first one is gonna be benign it’s just to demonstrate the
power of the device right we plug this in it picks up it opens up
command prompt it executes notepad and it types
never leave your workstation unlocked yeah and that happened within a couple
of seconds and then I can take that out literally seconds yeah so now now you’ve
done that can they access anything that or is that in this particular instance
no these are just to demonstrate what can be done and how fast it can type so
the next attack will do is will actually execute something malicious and take
full remote control from the Windows 10 machine to the attackers machine over
here yeah so as you can see we’ve got two devices so we’ve got this is yours
are that what would be the hackers device yeah and then this would be the
workstation over there absolutely so what we do to set this up
is on the workstation is the environment quickly so all we’re looking at here on
the left hand side is I’ve started a web server in Python that’s hosting the
malicious payload right so this is gonna host what I want the windows 10 machine
to download right thank you and on the right hand side we’re just looking at
the temperature which is basically a hacking hacking framework used in the
industry to what we call cat shells as well so a shell being remote control of
a machine right okay so from there I can do things such as open up the command
prompt remotely open up the web cam still passwords look at files in the
machine it’s crazy to think that you can do that all just from here you in and by
the end of it you’ll be nowhere near the machine as well is so in this instance
the scenario is now that the workstation is locked so let’s assume that I’ve got
access to an organization maybe I’ll just walk through the front door okay
dressed as someone who’s supposed to be there I’ve you know
brought myself in with confidence I’m supposed to be there no one’s
questioning me I can’t find an unlocked workstation but I can’t find a locked
unattended workstation okay I can slip the USB stick into the back of the PC so
it doesn’t look obvious to the user well I said a lot of businesses still use
towers don’t they where like you know yourself that the wires are all hidden
at the back indeed then the other things that I would get missed easily
absolutely you wouldn’t you would never know
you never know so when the user attends their work session again and unlocks it
I just need to socially engineer them to turn away pretty well because what
they’re about to see on isn’t their scream will only flash up for you sit
for a few seconds but it might alert them so that’s quite simple you know
would you like a cup of coffee they hit they say yes I hit the pay load on my
phone magic happens and how do cannot let you just take a couple of seconds
attention just need to go away just for five seconds it depends on the payload
you’re using in this particular instance yeah I mean like sort of for five
seconds and we should be good right so show me what what’s got what we got
going on so the scenario is we’ve plugged this in the users they’ve come
back they’ve unlocked and I’ve noticed they’ve unlocked so I’m gonna connect to
the USB stick over a wireless signal so when it plugs in not only does it act as
the keyboard but it broadcasts a wireless signal for me to connect to and
then I can interact with the computer through the USB stick as a keyboard
that’s as a wireless keyboard right so you’ve got your phone here yep so then
you’re gonna so I’m just trying to imagine the scene now so you’ve got that
in your in this office environment you’ve got that on there you could
literally now be talking to the person you’ve just been trying to distract so
imagine a guy yeah and you’re gonna take control using your phone yes great
we see on the screen now we’re just gonna connect the wireless signal it’s
broadcasting right okay that’s the one fun date from the usb on the USB stick
absolutely there so this is the interface for the USB stick so I’ve got
things like live input mode right so I can quite literally just move the
cursors up and down I can print characters to the screen or I can choose
a payload so this is these are payloads that are preloaded by myself onto the
stick okay pending on the environment I’m in because I might have lots of
payloads and listed on there ready to execute depending on the environment I’m
in okay so in this instance will execute the inception demo so what inception
will do is it will use cert util which is a Microsoft signed binary write to
download a payload from my attacking machine and then execute a AES encrypted
payload that will eventually give me a meterpreter shell right by parting
antivirus what bypass enhance it by passing antivirus yeah any any anti
viruses or bypass so did don’t get me wrong you still need antivirus but it
about security and depth right yeah it’s about the protection against unknown USB
ports ya know having device endpoint control not allowing people to plug in
unknown devices into USB ports no going down so let’s run the payload and we can
see on the screen here it gets executed the window pops up I’ve destructed them
on the right hand side we see HTTP get request from the victim for the file
update Exe which is my malicious binary but once that’s downloaded the screen
will disappear on the left-hand side and now we can just wait for the reverse
year to come in I think it’s with this so you’ve been under wiser you could
literally take them to a break room couldn’t you are you could take them
away from me for all that to happen and you won’t have a clue all this is
happening in the background absolutely and we can leave this USB stick plugged
in there and instruct that again later on remember this scenario we’re
demonstrating may be plugged into the back of a workstation where they can’t
see it or I could just take that take that away and walk away with it now it
doesn’t need to be left in for me to have control of the machine I’ve
executed something else to give me an outbound remote access to the machine so
as we see on the right hand side we see meterpreter session 1 yeah has opened
just have a look at sessions interact with that so I can do things like drop
into a shell so this is dropping into the Windows command prompt of the remote
machine and execute any command I want look at files do IP config whatever I
want but you’re doing this now and the USB is not even in there yeah I could be
miles away right we we might have a what we call a Red Team engagement where
someone’s trying to bypass the physical security of other building might put one
of these in or Dropbox and then then then leave the premises that was their
job complete what’s happened now is that they’ve given a pen tester or access
could be a couple hundred miles away access to their environment right just
by reaching the physical security an office this is crazy to think that now
like you say you could be hundreds of miles away but yet you you’re now
remotely jumping in and you can I’m assuming you can see anything yeah
anything we want I mean we can download files upload files we can
the passwords I mean for example we could have a look safe as a webcam on
the workstation we can see there’s a HP webcam so we do a webcam streamed and
open up the webcam from wow yeah and does that include the things like
the microphone as well so again if you’re in an office environment with
quite sensitive information would you can you listen in yeah absolutely
there’s an option to record mic as well so we can record mic so for 60 seconds
let’s start recording the microphone on that workstation can save it and save it
to my machine here Wow and I’m just I’m absolute I’m amazed that the speed of it
how and you can just literally go from plugging it in you having a quick chat
with someone pressing something on your phone and it’s you’re in and it’s yeah
yeah absolutely I mean nine times out of ten on engagement this that this will
work I mean I often find at least one workstation that’s unlocked and it just
takes one you’re only a security weakest link right if I managed to walk into the
building and no one’s questioned me it’s only gonna be a matter of time before I
find an unlock where station yeah and if it’s if it’s locked then you know one of
these ones will do and I just need to sit in the carpark connect to this and
you’re done so what why you’re kind of advice tips what’s best practice to
prevent was against kind of any sort of it any sort of hack of attack really
well what are your best practices what it’s all about security in depth and and
really is you know physical security you know challenge people if they’re walking
into your your environment and if it just doesn’t look right challenge them
and raise that endpoint device control so we’re preventing unknown USB sticks
being plugged in yes it’s emulating as a keyboard and not a external flash drive
but get to know the keyboards that your environment are using they have a unique
identifier for them right and maybe you can use a endpoint device control that
only allows those types of keyboards to be plugged in so one of these kids
plugged in it gets blocked that’s phenomenal so just literally keep on top
if you secure it any questions anything like that you can always head over to
our website as well you can hold it over to ChessICT.co.uk and have a look now
let’s do it as always it’s been a pleasure having you in make sure you come back and
join us again but of course if you want to check out some more content you
have a look at the videos that you see on screen right now and if you haven’t
already head over to ChessICT.co.uk/TheHIve to check out
more from us thanks again for joining us we’ll see you next time bye bye for now you you

Only registered users can comment.

Leave a Reply

Your email address will not be published. Required fields are marked *