General discussion

Locked

Admins MUST think like hackers

By Win0 ·
SECURITY WARNING:
Any network should be considered compromised that does not currently enforce two factor authentication for access control and is without strong physical access control to workstations with PNP OS's !The technique does not require the use of keycatcher devices or keyloggers nor the installation of ANY software on a target workstation.
I have not read of this in any of the books on hacking I've seen nor have I seen this technique advertised in any courses on security / hacking but I would be surprised if its NOT in use. Dont forget to set up a demo. This might cost someone a few bucks at a swap meet so the cost is irrelevant.
Here's the recipe:
Start with two Wireless Keyboard Kits.
Disguise a Wirless keyboard inside a normal keyboard that plugs in as normal with a dummy cable for concealment purposes.
(Dont need to do this for demo purposes)
Now connect the two wireless receivers to the disguised Wireless keyboard (I used Beklin Wireless Keyboard kits).
You now have one keyboard that will be picked up by two separate receivers.
Plug the disguised keyboard into the target workstation along with one of the receivers which is hidden or disguised.
The attacker now plugs the remaining Wireless receiver into his / her Workstation, Laptop etc. Note: Using a modified wireless keyboard
receiver one can obtain a quite decent range !
Now the ingenuity of the attacker only will limit the damage that can be done.
For example, if the password trapping machine is a Windows Domain member then the "Victim" will log on to his / her own Workstation as well as the password trapping machine while the attacker watches ! If password catching is the aim of the attacker then he / she first opens Notepad or other text editor and waits !
The CTL+ALT+DEL login sequence will pop up the logon / lock workstation dialogue on the attacking machine which is quickly "escaped" by the attacker who now watches the user, admin, anyone, type their plain text username and
password into notepad etc.
I decided to try a passcode re-use attack on one particular breed of authentication scheme. The authentication software effectively prevented this on some occassions but mostly just fell over. That issue is to be reported to the vendor.
A last word. If your are using two factor authentication you MUST advise your users NOT TO RE-USE ANY PIN USED FOR BANKING OR OTHER SECURE TRANSACTIONS since this technique will capture their PINS if they're using PIN based TF.
To bust two factor athentication schemes is a little more tricky. I say a little because they can be compromised fairly easily.
Of course this all relies on that beautiful Plug & Play feature that we all love. This would not work on older non PNP OS's so easily for non admin users that is. Windows NT more secure in this case ? Thats a frightening thought !
In summary: The skill level required to do this is almost zero. If someone can plug in a USB cable, disguise a keyboard and be patient they can do this.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Hidden cameras ...

by brett_s_r In reply to Admins MUST think like ha ...

Another technique to capture a password would be to deploy a hidden camera. This has the added advantage that you can re-use the camera later, deployed in the staff kitchen, in order to catch the sodding lunch-thief. You know, the person that is taking other people's lunches and cakes from the fridge. You might even catch the person that over-fills the jaffle maker!

Any password entered through a keyboard is vulnerable. There are known cases of hidden, in-line keyboard wedges and/or cable clamps. Harder even to detect than a fake wireless keyboard.

Collapse -

Disimilar Analogy

by Win0 In reply to Hidden cameras ...

The point of the Wireless keyboard example is the ease of installation and the fact that the victim will login on the attackers workstation for him if this is what the attacker wishes.

Collapse -

Best Advice

by Win0 In reply to Hidden cameras ...

Plug the big holes. All networks require two factor authentication, one time password generators, biometrics. Its not the panacea but increases the difficulty of compromise significantly. Usernames and passwords ,like local milkbars, are soft targets.

Collapse -

Van Eck'ing, cell phone modems....

by admin In reply to Best Advice

If ya want the info bad enough it can be had for a price....

You are right about system admins thinking ahead though... We and the intruders are just on 2 sides of the same fence.

Social Engineering is still probably the weakest link. We tech types can secure stuff technically all we want, but if the end users can be easily duped into giving access, it's mostly all for naught.

That is a clever idea on the wireless though, I am sure those will now sell like hotcakes on e-bay...

Collapse -

just like everyone wlse you have the deffintion of hacker WRONG!

by nathanready In reply to Admins MUST think like ha ...

*ok mabey i was to harsh on my first post*
ok here i go,

1- HAVE ETHICS

2- HACKER IS NOT THE TERM FOR A MAN WHO MADE A VIRUS

The orginal "hackers" did not go around causing havock with virsus and screwing up networks etc.

The term hack means to make a machine do somthing it wasnt orginally ment to.
The term hackers means implusive proggrammer.

Sorry for getting so pissed off but this flew all over me because as a proggrammer the term hacker could be used to describe me, but is so often missused it becomes an insult.

Collapse -

Yep, you're right.

by admin In reply to just like everyone wlse y ...

Stupid Media Blitz took another badge of honor and pretty much destroyed it to the common man for a little excitement and a few bucks.

The term predates programming too. Hackers were proudly hacking hardware and at least one old electronics magazine ran a regular column entitled "Hardware Hacker" teaching one how to mod radios, build home security devices etc.

Amoung those that know it's still a badge of honor, amoung the general public it usually is misunderstood as "Criminal".

Collapse -

hacker

by pgerloff In reply to Yep, you're right.

i would say the term hacker generally reffers to someone with a passion and extra-ordinary knowledge about technical issues be it programming security hardware etc etc.

the term it usually replaces is cracker which is a person with malicious intention breaking into/bringing down systems

back OT if you want to protect against that kind of attack the only viable way i can think of is to use some kind of biological scanner eg thumb scanner. the best way to secure is always something you have and something you know, all the better is the something you have is attached to you

Back to Security Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums