Why write this?
This tiny hardware implant could be a cute little backdoor into your corporate network.
Latest years I was involved on personal projects as IoT pentesting looking the classical issues on IoT software and protocols , a little bit (RE) reverse engineering and classical attacks on protocols using Fuzzing techniques, but there is more than this, as Redteamer, some of them (IoT hardware) could be used as good hardware implant during a Red Team Engagement, I was looking something small to close my “Zovek” project with an important piece , the Ethernet port should be embedded and avoid connect more cables than necessary, leave all USB ports dedicated for “HID attacks”, interfaces as WIFI , Bluetooth those will be dedicated for inter connectivity to my Redteam C&C infra or dedicated with virtual interfaces for more attacks (Recon, sniffing, Rouge APs, etc), as well the software should be the latest one using open source , kernel and packages as python3 and Go, finally I found a good “hat” for my hardware, while a get tuning my own Redteam C&C infra and development my own and better software implants , now playing and interconnecting my hardware implants, this post could guide the RedTeamers to start building their own hardware implants…
The Hardware
Latest years I was experimented with IoT devices and looking to get a good balance between software, drivers, firmware , cost and I did a lot of experiments with hardware and Linux embedded , so I noticed the incredible “Fashion” into the market on this devices for RedTeamers, while there are several pre-built devices on the market that promise party tricks or an expensive price tag , so finally I decided to build my own IoT offensive implant, with resources available by my “personal wallet” , cost and effectiveness.
I recommend have a look of this document by Sean T Smith, it’s describe perfectly the costs , effort , time etc. “How to Build the Perfect Red Team Hardware Implant: Source: https://github.com/sean-t-smith/T-Mobster_Implant
Here my list of hardware suggested:
(1) Raspberry PI Zero W:
(2) PoE Ethernet/USB HUB Hat for Raspberry Pi Zero
(3) Waveshare 1.3inch IPS LCD Display
The Software
There a lot of resources available on internet to built at least basic stuff e.g, WIFI Rouge/AP configuration, provide access to Internet, VPN access , Firmware and drivers for Raspberry Pi, personally I preferred build my own with latest Raspberry software and by using native tools and customize tools as RaspAP .
Here my list of software suggested :
Choose an OS image
- Option (A), choose kali Raspberry Pi Zero W
- Option (B), choose any kind of flavor for your Raspberry Pi Zero W
- Option (C), choose P4wnP1 A.L.O.A Framework
(*) Note: There are a lot of resources on internet how to flash your SD card and get access to your Raspberry device via WiFi (wpa_supplicant config) or SSH to start your configuration, that procedure it’s not posted here.
Once get full access , I suggests the following commands
alex@raspberrypi:~ $ sudo apt update
alex@raspberrypi:~ $ sudo apt full-upgrade
alex@raspberrypi:~ $ sudo apt install raspberrypi-kernel-headersSee your interfaces WIFI, Ethernet and Bluetooth available
alex@raspberrypi:~ $ sudo ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
[../snip]
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
[../snip]
alex@raspberrypi:~ $ hcitool dev
Devices:
hci0 B8:27:EB:XX:XX:XX
LCD Display drivers:
All commands and procedures are available online here:
Be creative…
RasAP , WIFI AP (Access Point)
I have started to perform experiments to use WIFI AP and client , VPN access at the same time , here the link: https://raspap.com/
Quick Installer:
alex@raspberrypi:~ $ curl -sL https://install.raspap.com | bash
In Conclusion:
The RedTeam operations can be challenging, but utilizing an affordable hardware platform and open source software can produce results, highlighting notable findings to the customer if your team are involved on this.
All my sources here:
(1) How to Build the Perfect Red Team Hardware Implant
(2) Offensive IoT for Red Team Implants — Part 1
