Pwn Plug Command Execution Using USB Sticks
This is something I’ve been meaning to do for a while, and whilst the title may not sound all that intuitive, it’s actually referring to something pretty simple. When I got my Pwnie Express Pwn Plugs, there were several times when I wished I could run commands on them when I couldn’t connect to them over SSH, for example when I couldn’t remember the last static IP I’d set. Yes, I could use the serial connection, but somehow that didn’t fully appeal to me.
So I came up with the idea of being able to use a USB stick to carry a command ‘payload’ that would get automatically executed upon being plugged into the Pwn Plug. Now I can run commands such as ifconfig, kick off an nmap scan, whatever I need; and all the results are output back onto the USB stick.
Note that I chose to do this on my Pwn Plug, but it should work equally well on other embedded devices such as the MiniPwner with a bit of tweaking.
Creating a Secure Mac/PC Portable USB Drive
Ever since the release of the IronKey I’ve been drooling over the device (good thing it’s waterproof I guess). Due to not wanting to pay so much for a USB key, I decided to make my own. I grabbed myself a 32GB USB key, and got to work on making it as close to the IronKey as possible.
USB ‘Dead-drops’ in New York City
Alright, so this guy has been going around New York embedding USB devices, known as ‘dead drops’, into walls and other objects in public spaces. The idea behind it is to provide an offline place for people to exchange files. While in principle I find this to be an awesome idea, unfortunately we live in the digital age, and in real terms this is about as safe as trading needles with other addicts in the alleyway.
Initially people will use these legitimately and trade some interesting files, pictures and videos; then it’ll be warez and pr0n, and then the things will become malware-infested USB ‘needles’ sticking out of walls. The malware may or may not be intentional – many people don’t have an antivirus, or don’t update it – but I’m sure some kids will be happy to teach a lesson to those naive enough to plug themselves in.
Apart from malware-infected files that will inevitably end up on there, people will soon start joining in and create their own USB dead drops. Some of these could be USB switchblades, USBsploit, or custom devices intended to perform USB driver exploitation [pdf] (Hi Rafa).
As art installations like these become more technologically interactive, people will have to think twice about the risks that may be involved.
Loading ...
