Let's say I want to infect a business close to where I live, What's the best way to physically infect them?
For example; Bad USB, Man in the middle...
For example; Bad USB, Man in the middle...
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Best way to infect a business physically
- Автор темы qGodless
- Дата начала
Find an insider, and then you bingo.
Every scenario is different, it all depends on the real situation. Is it a full scale office with 500+ people, small office with 3 or a gas station? No one can help you without more details.
Btw, I have seen people even applying for a job in order to get access.
- Автор темы
- Добавить закладку
- #4
Do you mean working with him or against him?
it really depends on what kind of access you need, what you're trying to get from them and who you're attacking, their infrastructure, network and environment, as well as what OS' they use, etc.
for simple access, i like to setup a reverse ssh tunnel to a dynamic DNS by having a script drop my ssh key onto the target machine or whatever reverse shell works best for their OS (or infect router itself). then put that script onto a badUSB styled device for quick execution and have it run in a background session with persistence.
you could even then modify a mouse or keyboard on someone's office computer with the badUSB implanted for constant access. from there, it's just getting it to them by whatever way you can think. maybe package up the malicious keyboard and ship it to employee, leave it lying around or replace it with theirs yourself, etc.
for more complex access, setup a raspi zero 2 to connect into ether hub and small antenna. connect device to wifi and find a good area to plug it into the network which also bypasses firewall. then have it auto reverse ssh back to your proxy hop server. from there, move laterally and escalate privs for more access. you could make it look like it's essential and write "do not unplug" so that the normal employee doesn't touch it or question it.
you could also have it connect between a router cable and power, like a cat5 vampire tap. although, most PCI data is encrypted once it leaves the POS terminal, so you couldn't tcpdump traffic to scrape data, but it would still give network access.
most large corporate networks have server-side antiMITM protections like IDS, etc and big businesses are very watchful over their POS machines. smaller shops could work fine though. i could keep saying more and more ways, but you get the idea.
for simple access, i like to setup a reverse ssh tunnel to a dynamic DNS by having a script drop my ssh key onto the target machine or whatever reverse shell works best for their OS (or infect router itself). then put that script onto a badUSB styled device for quick execution and have it run in a background session with persistence.
you could even then modify a mouse or keyboard on someone's office computer with the badUSB implanted for constant access. from there, it's just getting it to them by whatever way you can think. maybe package up the malicious keyboard and ship it to employee, leave it lying around or replace it with theirs yourself, etc.
for more complex access, setup a raspi zero 2 to connect into ether hub and small antenna. connect device to wifi and find a good area to plug it into the network which also bypasses firewall. then have it auto reverse ssh back to your proxy hop server. from there, move laterally and escalate privs for more access. you could make it look like it's essential and write "do not unplug" so that the normal employee doesn't touch it or question it.
you could also have it connect between a router cable and power, like a cat5 vampire tap. although, most PCI data is encrypted once it leaves the POS terminal, so you couldn't tcpdump traffic to scrape data, but it would still give network access.
most large corporate networks have server-side antiMITM protections like IDS, etc and big businesses are very watchful over their POS machines. smaller shops could work fine though. i could keep saying more and more ways, but you get the idea.
Последнее редактирование: