A Chinese hardware hacker who goes by the pen name of ‘SexyCyborg’ has built a penetration testing toolkit built into her high-heeled shoes. She used a 3D printer to get herself a set of hollow high heels, with the purpose of secretly carrying a penetration testing kit around.
SexyCyber made a post on Imgur giving details of her creation. Apparently, the gadget is inspired by the currently running and very popular TV show ‘Mr. Robot’
She explains, “I’ve been watching the TV show “Mr. Robot” and while I know not all of it is accurate some of it is and it got me curious. I’m already pretty comfortable with command line and remote server administration from my web development work, and it turns out a lot of ‘hacking’ tools are just testing tools any sensible IT professional would use- just without a GUI. So I spent this month hitting the books (well web pages) watching lots of videos and learning a bit about information security and penetration testing (I wonder how many idiot jokes that phrase is going to cause…). I still don’t know much, but I know a tiny bit more than I did. Enough to ask people who know more than me the right questions- and enough for a fun project.”
Her entire project is given below :
So I got to thinking- if I had to do penetration testing on a corporate facility, how would I do it? Social engineering for one- I’m a natural honeypot. I think there’s a reasonable chance that a guy might invite me back to their office after a few drinks in the neighborhood? 😛 But a handbag would be suspicious and leaving cell phones at the gate would be standard practice in any reasonably secure facility. My typical clothing does not leave room to hide anything- but that’s all the more reason they would not be suspicious of me.
So I devised the Wu Ying Shoes (无影鞋)! – Penetration Testing Platform Heels! “Wu Ying” means “shadowless”, the name is from the folk hero Wong Fei Hung’s (黄飞鸿) famous “shadowless kick” (无影脚). Wong Fei Hung is from Foshan, which is my ancestral home as well as the ancestral home of Bruce Lee. As legend has it, to execute the “shadowless kick” Wong would distract his opponent with a punch or upper body move while striking with his foot. With my shadowless shoes I distract the target with my…upper body and they don’t see the real danger on my feet:-) Also I get tired of English names for everything. If we are ever going to stop copying Western things we should stop copying Western names as well right? So “Wu Ying Shoes”.
Each shoe has a drawer that can be slid out without my having to take the shoes off. This drawer can be customized for various payloads. (Just FYI- of course I asked the staff for spray and a cloth to wipe off the table carefully after I took these pictures).
For the purposes of this first test version, my right shoe contains a pen testing drop box. This is a wireless router running OpenWRT with a built in rechargeable battery that could either be left running inside the shoe (for war-walking, wifi sniffing and logging etc) or could be removed and plugged into a convenient open network jack as soon as I was inside and had direct access to the LAN. Once this is done you can gain remote access anytime you want via SSH tunnel.
Installing OpenWRT on the TL-MR10U is just like upgrading the firmware on any router. It’s two links and a button- nothing to it. There’s a lot of different software you can run once you have OpenWRT flashed. This router may-or-may-not be running a custom version of Wispi for the TP-Link TL-MR10U because if it was it would probably be illegal in China so maybe its not. But if it was I could run Jasager/Karma which lets you can fake being a friendly/known wifi access point and setup a fake login page to capture passwords, among other cool tricks. Wispi also has a few other handy utilities that you should never use in the real world but are pretty cool to try at home once or twice just so you know how.
In my left shoe there is a USB keystroke recorder. This is a pass-through device that goes into the back of the computer where you normally plug the keyboard in and records everything typed on the keyboard (so all passwords) in it’s built in memory.
…and a basic lock pick set for gaining access to network cabinets, file drawers etc. I learned how to use the picks at a Locksport meet-up. I can only do simple locks but still loads of fun! Like little metal puzzles…
24
Here’s the model I made for 3D printing. I’m sticking with TinkerCAD just to annoy all the CAD snobs who keep commenting on it ;-P
As always- thanks to my friends for helping to clean up my English above. I had a ton of technical help but I follow a strict “don’t do it for me, show me how” rule so learned a tremendous amount. As I’ve also mentioned before, I’m not much more technical than my female friends but I am patient, good at following tutorials and and asking questions. If you can follow a recipe I assure you that you could do this sort of thing also.
SexyCyborg has also released the 3D-printer blueprints for hackers who want to clone her idea. If you like her invention, kindly upvote her post on Imgur.
SexyCyber made a post on Imgur giving details of her creation. Apparently, the gadget is inspired by the currently running and very popular TV show ‘Mr. Robot’
She explains, “I’ve been watching the TV show “Mr. Robot” and while I know not all of it is accurate some of it is and it got me curious. I’m already pretty comfortable with command line and remote server administration from my web development work, and it turns out a lot of ‘hacking’ tools are just testing tools any sensible IT professional would use- just without a GUI. So I spent this month hitting the books (well web pages) watching lots of videos and learning a bit about information security and penetration testing (I wonder how many idiot jokes that phrase is going to cause…). I still don’t know much, but I know a tiny bit more than I did. Enough to ask people who know more than me the right questions- and enough for a fun project.”
Her entire project is given below :
So I got to thinking- if I had to do penetration testing on a corporate facility, how would I do it? Social engineering for one- I’m a natural honeypot. I think there’s a reasonable chance that a guy might invite me back to their office after a few drinks in the neighborhood? 😛 But a handbag would be suspicious and leaving cell phones at the gate would be standard practice in any reasonably secure facility. My typical clothing does not leave room to hide anything- but that’s all the more reason they would not be suspicious of me.
So I devised the Wu Ying Shoes (无影鞋)! – Penetration Testing Platform Heels! “Wu Ying” means “shadowless”, the name is from the folk hero Wong Fei Hung’s (黄飞鸿) famous “shadowless kick” (无影脚). Wong Fei Hung is from Foshan, which is my ancestral home as well as the ancestral home of Bruce Lee. As legend has it, to execute the “shadowless kick” Wong would distract his opponent with a punch or upper body move while striking with his foot. With my shadowless shoes I distract the target with my…upper body and they don’t see the real danger on my feet:-) Also I get tired of English names for everything. If we are ever going to stop copying Western things we should stop copying Western names as well right? So “Wu Ying Shoes”.
Each shoe has a drawer that can be slid out without my having to take the shoes off. This drawer can be customized for various payloads. (Just FYI- of course I asked the staff for spray and a cloth to wipe off the table carefully after I took these pictures).
For the purposes of this first test version, my right shoe contains a pen testing drop box. This is a wireless router running OpenWRT with a built in rechargeable battery that could either be left running inside the shoe (for war-walking, wifi sniffing and logging etc) or could be removed and plugged into a convenient open network jack as soon as I was inside and had direct access to the LAN. Once this is done you can gain remote access anytime you want via SSH tunnel.
Installing OpenWRT on the TL-MR10U is just like upgrading the firmware on any router. It’s two links and a button- nothing to it. There’s a lot of different software you can run once you have OpenWRT flashed. This router may-or-may-not be running a custom version of Wispi for the TP-Link TL-MR10U because if it was it would probably be illegal in China so maybe its not. But if it was I could run Jasager/Karma which lets you can fake being a friendly/known wifi access point and setup a fake login page to capture passwords, among other cool tricks. Wispi also has a few other handy utilities that you should never use in the real world but are pretty cool to try at home once or twice just so you know how.
A retractable ethernet cable for the OpenWRT router. |
In my left shoe there is a USB keystroke recorder. This is a pass-through device that goes into the back of the computer where you normally plug the keyboard in and records everything typed on the keyboard (so all passwords) in it’s built in memory.
A shim for opening padlocks. |
24
Here’s the model I made for 3D printing. I’m sticking with TinkerCAD just to annoy all the CAD snobs who keep commenting on it ;-P
As always- thanks to my friends for helping to clean up my English above. I had a ton of technical help but I follow a strict “don’t do it for me, show me how” rule so learned a tremendous amount. As I’ve also mentioned before, I’m not much more technical than my female friends but I am patient, good at following tutorials and and asking questions. If you can follow a recipe I assure you that you could do this sort of thing also.
SexyCyborg has also released the 3D-printer blueprints for hackers who want to clone her idea. If you like her invention, kindly upvote her post on Imgur.
No comments:
Post a Comment