Category «Security»

RIPT 1 – Background

RIPT stands for Remote Internal Penetration Test. The following posts document the development of a small, cheap, reliable, and secure device for sending to clients when an onsite presence is not possible. Our goal as a security organization is to become trusted advisors to our clients. Such a relationship is typically built on extended direct contact …

“Long Range” Proxcard Reader

I recently purchased a Proxmark3 clone from GeZhi Electronic. Being able to duplicate a proxcard is very cool, but the requirement to have almost direct contact between the card and the antenna is a less than desirable situation during a real world penetration test. This project was inspired by “HID Reader + Arduino = RFID …

Trojan Pineapple, Activate!

To activate a Silent but Fruity Trojan Pineapple, either assign a static IP address to the bridge interface – based on the target environment – or obtain a DHCP address by runnning udhcpc -i br0. Now you can interact with the network…

Trojan Pineapple – Silent but Fruity (SbF) Edition

The Trojan Pineapple can be placed inline with the target to passively snarf all traffic using the following rc.local (Scripts -> On Boot in the Jasager web interface). wifi hostapd_cli -p /var/run/hostapd-phy0 karma_disable #Don’t touch anything above this line swapoff -a && swapon -a #SbF – Silent but Fruity Configuration ifconfig wlan0 down iptables -F ifconfig …

Trojan Pineapples

While the Wi-Fi Pineapple is very compact and fairly discreet, it could still catch the eye of an observant employee. Since the intention is to use this device as a pentest dropbox, it has to be as close to undetectable as possible. Making Copies Special power filters/surge suppressors are sold for office photocopiers. They often sell …

Dr. Who – Penetration Tester

From 1978, Dr. Who “The Pirate Planet: Part 2”. The doctor is trying to unlock a door with his sonic screwdriver. The attempt against the high-tech lock fails, upon which he pulls out a bent hairpin and utters, “the more sophisticated the technology, the more vulnerable it is to primitive attack. People often overlook the …