Entries by jd.mubix

So there I was...

Today I was sitting at home watching Irongeek’s post of John Strand’s talk Defense In Depth is Dead, Long Live Defense In Depth. And I had one really evil thought:

Someone (such as Bob), could sit at an airport. We all do this it isn’t difficult. He could then turn on his laptop and connect it the airport wireless. Another task, difficult for some, but lets go with Bob being able to. Bob then, pulls out a Fon with Jasager on it. He then connects it to his newly started laptop running evilgrade. Bob’s setup for evilgrade installs and runs the USB Hacksaw payload. Now, every computer that is duped into connecting through Jasager automatically installs a payload that will copy and send all data from any inserted USB stick to... This post is already evil enough, so I will leave it up to you to figure it out. That is also why I haven’t included any in-post links.

For the cost of an airline ticket, Bob has possibly infected and/or circumvented your whole defense in depth strategy.

In closing. Don’t be like Bob. Bob is in jail.

I got an overwhelming response to me stopping the social engineering challenges, which far out-shadows the large response I got against the challenges. In other words, the “AYE”s have it. As soon as my Maltego series comes to a close I will be starting the challenges back up again. Thank you for your support and I look forward to the continuation of the challenges, I really had fun with the first one.

Also, if you have ideas for scenarios, please email me or hit me up on twitter. Include as much detail as possible, especially with the answer. Or, if you want to, leave the answer out, and we’ll see what we come up with.

Thanks again,
mubix

If you haven’t heard already about Jasager.. well you probably don’t read this blog, but for those who want to know a bit more about the history of Jasager - Karma on the Fon, where the project is now, and where it’s headed, then buckle up, and hang on while we first travel down memory lane.

History:
The time was ShmooCon 2006. It was my very first “HACKER” convention. I was there with my buddies from Hak5 and SploitCast. I just so happened to sit in a talk by Dino (A. Dai Zovi). He was talking about Karma, his project that basically sat in the middle of wireless connections and instead of picking out the special bits directed his way, Karma accepted and responded to them all. I was in love, no not with Dino, but the project. I wrote theta44.org in my notebook (the site Dino noted to find out more) and continued on with the craziness that is any con. Having no money to invest in a wireless card that could handle Karma that page with theta44.org kept hounding me.

In early 2007, boxgamex (a gentlemen from the Hak5 community) sold me a little Fonera router. What’s the first thing I did? Hack it, put OpenWRT and DD-WRT on it. But one day that page in my notebook showed up again and reminded me of Karma. I looked on Dino’s page and was appalled to find that the project hadn’t gone anywhere. Did no one see the potential that this project had? Putting 2 + 2 (=5) I decided to put Karma on the Fon for an ultra portable wifi attack tool. Well, I am by no means the Killer Coding Ninja Monkey that either Dino or Robin Wood are. I scripted my way into it working for one target at a time. The problem? I did all the work on the Fon. You can see where this is going. At DEFCON 15, I brought my scripted up Fon to test it out in the shark infested waters (Wall of Sheep addition?). Got excited to be there, booted the Fon up in my room, connected to the Fon and change a setting. The Fon bricked. No proof that I had done anything, didn’t even get the chance to test it out.

I explained what had happened to my friend Darren Kitchen, and the project really sparked in him. He talked to the Killer Coding Ninja Monkey that I mentioned before, Robin Wood, and before you know it, the project was renewed under a new name “Jasager”, and this time with a better hand at the wheel.

What was the point of this history lesson? If you have idea, and someone else has done it. Take it to the next level, and if you don’t have the time, find a partner who does. Enough history, lets get some information.

Here is the home page of Jasager: http://www.digininja.org/jasager/index.php
HINT: Robin Wood’s main site, while lacking style has some things that you also want to check out. (digininja.org)

If you like reading, here is Darren’s blog post on how to get Jasager going
If you are more of a visual person, check out episode 405 of Hak5

And if you have problems or want to discuss options and configurations with other Jasager users, check out the Jasager Forum

Back to the Furture:
MITM (Man-In-The-Middle) attacks on computer systems have been around since the dawn of time. The natural (rapid) progression of security attacks made it guaranteed that MITM would hit Wireless just as hard.  If you have ever talked on a CB Radio, you know the frustration when the kids with the high powered antenna start playing the Mortal Kombat soundtrack over the CB without letting up the talk button. This is a simple example of how Jasager works. It gets in the middle of wireless communications. How do you protect against something like that? I don’t know. I don’t believe that there is a protection for Jasager or Karma (again, released in 2006). Where is Jasager heading? I think that adding the functionality of Karmetasploit (H.D. Moore’s project) to a portable device and then maybe shipping that device like the guys over at Errata Security did with an iPhone, would be one dangerous route. Or putting it in a box like Richard Mogull did. Or in a wall like Larry Pesce did.

To the future? What if I could put this whole project on a USB stick that didn’t do anything but draw power so it could run Jasager + Karmetasploit? Maybe running it on the NeoPwn? The possibilities are endless with this project. For all those feed readers out there, you can keep up with the latest and greatest form Robin Wood and the Jasager project via their RSS feed.

Well, it’s not the only answer but I will call them that because it’s what worked for me:

 Sitting a couple rows down from the line so that no one would see me from the bus line I was targeting, I waited for the bus to come. As soon as it came rolling up and quickly moved into a dash for the door, timing it so that I could cut in line to be the 4th on. When contronted by the bus driver, I said that I had dropped my wallet a few stops back and and wanted to find it. Dropping my wallet while I ‘looked’ for it allowed me to certify this lie. I asked the busdriver if I could ride the bus back around to my original stop. He said yes and I was allowed to ride free of charge. And, due to all of this drama the target was already seated and others have taken up bubble-room spots (no body likes to sit together), so I didn’t look completely odd sitting next to the target. I even got up when a elderly woman came to sit down. By that time dialog was already started with the target and my honor was solidified by my kindness to others.

These challenges don’t have prizes or winners, it’s just here to make you think. The goal is not to raise too much suspicion and gain trust.

Here is the scenerio:

There is a line of government, and commerical workers that are in line for the bus. The bus is late, and everyone has had a long day of work. Your target is the first person in line. The line is 75 people long for a bus with a max occupancy of 35 people. Your target is the same sex as you and has headphones in their ears. You can use any prop item that would not look out of place in line for a bus with other commuters.

Your goal is to sit next to your target in order to start a dialog. You do not need to be 1st, 2nd or even 3rd in line, but you do have to get on the bus with the least amount of suspicion raised. (That doesn’t rule out being flambouant)

Comment your solutions with detail.

EDIT: I will post how I was able to do it tomorrow. For all of these challenges I will publish the way I succeeded at 11:59 PM EST of the next day.