Page 42 - index
P. 42
This was an email that took them to an identical fake login page that would pass me the
credentials. Although it was functional I showed the owner of the company asked me not to do
it. As he’s the client I did not. I did however send it to him and it was marked as a phishing email
so they were able to verify the integrity of their email system.
Next I knew that they at the main office they used TeamViewer to see what their employees
were doing on their computers. I decided to make a few phone calls to their receptionists. I told
them that they were in trouble as the main office got DMCA notices saying that someone in their
office was illegally downloading movies, and so we needed to log into their computer to see if it
was them or not. With a few phone calls I was able to get a 2 out of 5 of the TeamViewer
numbers I needed to log remotely into their computers.
Lastly I never got an email back from my ducky. Which could mean one of three things. 1. It
failed, however I tested it several times and received results back. So the next two options were
2. They never plugged it into their computer to find out who it belonged to and which I had
hoped would happen. Or 3.
Their computer wasn’t running in administrator mode. This is good for two reasons. One of the
main reasons why computers get viruses is because when you are the administrator of your
computer, programs automatically install themselves without a prompt. That’s why some times
you see programs on your computer that you never installed. However when you are just a
normal client, your computer alerts you that a program is trying to install on your computer. In
fact Microsoft has said that 90 percent of viruses can be avoided on their computers when it is
run without administrative access. Either way my ducky failed.
After my experience my recommendations to protect your own company as well as your home
are as follows.
Place a password on the guest account wifi. Although the employee’s computers are hard
lined into a switch, the customer’s information is as vitally important. I was able to set up a
rouge access point within moments. Another good practice is to have a Rouge Access Point
Detector. Make sure in your network security settings, you have a Rouge Policy set up with a
timeout. Let’s be honest, it’s a little unrealistic have someone monitoring this, but its
convenience vs. security.
Block Ethernet ports. Ethernet ports in a crowded lounge provide the attacker a chance to
plug into your LAN (local area network) directly and run scans. In the case of Armitage, I was
able to see what computers were assigned what IP address’s and by running a scan of ports
and services, see the vulnerabilities, and had the ability to run the custom attack against that
machine.
Use MAC address filtering on a switch/router. Every device has a serial number built into
known as a MAC address. With MAC address filtering you are able to prevent unwanted
“guests” from tapping directly into your network, kind of like how you block phone numbers.
42 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
