Monday, March 28, 2011

#4 - Other Essential Peripherals

We've discussed our laptop and how to install BackTrack, a Linux-based operating system that's geared towards Penetration Testing. Also this past week, we've discussed which wireless card best presents us with an easy, plug-and-play experience when it comes to working with BackTrack and the aircrack-ng suite.


Now, we're going to take a look at the other components of our Essential Toolkit. We're going to need the following extra tools:
  • A Network Hub (for sniffing wired networks with Wireshark)
  • A USB Bluetooth Adapter
  • Two or Three USB flash drives
  • Two or Three Ethernet cables
So, Bertha is all dressed up for a night on the town with a nice, sleek, black number called BackTrack. Now it's time to accesorize her with a few nice baubles.

THE NETWORK HUB
There are plenty of devices out there that say they're a network hub. However, if you look carefully at how they actually work, the devices are not network hubs. They act like network switches. 
What's the difference you ask?
I'm glad you asked. Every good hacker should know the difference between switches and hubs.
HUBS vs SWITCHES
Hubs are dumb network devices. Hubs take data in and send it back out to every single port on the device. They do not sort the data coming in or going out in any way. Switches do. Switches remember which MAC addresses are connected to which port and ONLY SEND THE DATA MEANT FOR THAT MAC ADDRESS TO THAT PORT. This ensures a much more efficient network environment.
But what we want for network traffic sniffing is not what a switch offers us. A switched environment defeats us, the hacker, from network traffic sniffing.
Think about it for a moment. If we're sniffing network traffic, we want ALL the traffic, not just the traffic meant for us. A switch will only send us the data we are MEANT to have. So what do we do? We hook a network hub up at a central location, and we plug our laptop (remember Bertha?) up to the hub.
So, in order to do this, we must equip our Toolkit with a network hub. But we've got to be careful when making our decision. A lot of network devices out there claim to be hubs, but are, in fact, switches.
There's a reference sheet located on Wireshark's web site that lists out suggested hubs for you. Personally, my Toolkit already contains a hub. But if I were in the market today to get a hub, I'd first peruse the HubReference at Wireshark's web site (that you can find here: http://wiki.wireshark.org/HubReference ) and I would probably compare prices before buying.
For my money, the Linksys EFAH05W 5-Port 10/100 Workgroup Hub looks to be best, coming in around $40-$45 and can still be found new. While the Netgear DS104 is a good, solid, reliable network hub that can be found used for about $100. Depending on your circumstances and what you can find on the 'net, you should be fine with either hub.

Linksys EFAH05WNetgear DS104
A USB BLUETOOTH ADAPTER
One of the more interesting tasks that a Penetration Tester will have before them is to perform either Bluetooth “eavesdropping” or “remote administration” of a Bluetooth device.
In order for us to perform these tasks, we need some software tools and a Bluetooth adapter to run that software through.
Now, you could just do a search through Amazon.com and pick yourself up any USB Bluetooth adapter and you'd be able to perform any of the lessons we are going to run through for Bluetooth.
However, if you were to do that, you'd miss out on one of the more fundamental lessons of hacking: the actual tearing apart and putting back together better than the original configuration.
When I was looking for a USB Bluetooth adapter, I ended up finding a handful of them available for about $2.99 and I picked up 3 for the exact purpose of tearing the plastic dongle apart. Bluetooth, after all, is a radio technology and what's the ability to eavesdrop on a Bluetooth conversation without giving yourself the ability to do so from some decent yardage? So, I'm planning on showing how to take a USB Bluetooth adapter apart and solder on an antenna to allow for better distance.
So, definitely go for something that looks like this:


Rather than this:



THE REST
Grab yourself a couple of Ethernet cables (you'll need three for proper sniffing) and grab yourself a couple of USB flash drives, you may need them for files you find while snooping around networks.
That's about it, folks. Our Essential Hacker's Toolkit is just about complete. There may be other components we'll add in here and there but for the most part, our kit is ready and now it's time to start hacking!
First, we're going to take a look at the overall methodology of running a Penetration Test and then we'll start to get into the nuts and bolts.

2 comments:

  1. Great info, but with one caveat: the image you have posted for the Linksys hub is not the correct version. The blue/dark grey is too new and operates like a switch. The one you want is light grey with orange text, blocky and very old. Source: the EFAH05W V3.0 at my desk, currently not functioning as a hub.

    ReplyDelete