Eka, Eka, what the ‘Ek is Eka.

This my friend, is a project I am working on. Currently on hold as of Nov-Dec 2013 but will be continued in Jan 2014.

It is a Raspberry Pi project aimed specifically for Penetration Testers and System Administrators.
So what is it, what does it do?

Well, as a professional penetration tester I find myself repeating many of the same exploits across the majority of clients. Whether they are government organisations, multi-million pound companies in the private sector or small management enterprises. Granted, that most tests are unique but the concept is the same.

One of the quickest and dirtiest ways in to the majority of networks is largely though Netbios spoofing. Please refer back to my previous post about this particular exploit/vulnerability regarding Netbios Spoofing.

If you have gotten the chance to read through that blog post you will see the dangers this vulnerability poses and really just how quick it can be done.

 This is why it is one of the favourites when performing a social engineering assessment on a client’s site. If you can gain access to the building and find an open network port. within a couple of minutes you can find yourself plugged in to their network and harvesting user’s domain credentials and if your lucky you might snag a Domain Admin or two. Although, one would hope that you would not be able to crack their hash, but that is just a matter of time. The longer you are plugged into their network capturing user credentials, both hashed and plain text! then the more you are likely to obtain.

The only downfall is time is of the essence and depending on the situation you might stand out like a sore thumb and draw unwanted attention to yourself.

Well this is where my project comes in. What if you had a device, a small device that could be discreetly hidden. A device that can automate the entire Netbios spoofing process. All you have to do is plug the device into the network and Boom. Auto Netbios Spoofing.

Now you can leave it for 5 minutes, 15 minutes, 1 hour or if you wanted to you could leave it there all day if you feel it is not going to be detected. Netbios spoofing in itself is pretty low key, It just depends what software they run on their network to detect such responses or how on the ball their IT guys are with network traffic and logging etc…

Version 1.0 of Eka currently, will write all results to a local database. This is so then you can grab it and get out of there and analyse the results locally on the device from the comfort of your Lair, err, I mean office or home office.  Eka will also produce a webpage on the local web service so you have a nice GUI to review your results. This will format it in a way you can easily sort your results by hash type.

Version 2.0 has the intention of having a call back home function built in. This can allow it to perform checks to see if it can get outbound access to the internet via multiple methods and web filtering bypass techniques. If the device can get outbound access then all the data will be securely sent over an SSH tunnel to your configured machine, in the event you are unable to retrieve the device. A possible self-destruct protocol may also be implemented.

I have recently purchased a small 3.5″ screen to attach to the device. Allowing for a graphical interface for seeing results on screen or diagnostic purposes.

So as you can see, the uses for this device can come in handy when security testing a network. This also holds true for network/system administrators. As they can also perform this attack on their own network to see if any credentials are freely begin sent across a network and if indeed any are being sent in plain text but also see exactly which machines they are coming from.
I will be accepting feature requests once I officially release the device for public consumption. Please contact me for any beta access if you wish to help test out the device or if you wish to contribute to the project.

More updates will come as i get to work on the device once again.

Ill give away a free copy of the program to  the first person who can work out why this project is called “Eka” ;)


Popular posts from this blog

Null Session Domain Controller Enumeration

MS15-034: Vulnerability in HTTP.sys Could Allow Remote Code Execution

NetBIOS / NBNS Spoofing