Episode 2 — ubuntu.h

Recap — Episode 1

[Spoiler Alert]

Season 4 Episode 11 “eXit”

hink of all the possible ways in which you can exploit someone’s system, just by inserting a USB device into it. But to what extent? Let’s explore!

This is Digispark’s Attiny85 USB development board. This board was originally designed by Digispark but they discontinued manufacturing and it later became an Open Source Hardware.

Like an Open Source Software whose source file(.c, .cpp, etc) is freely available to developers, an Open source hardware is one whose schematics are freely available.

So all the boards that are available today are basically developed by any third party manufacturer. These boards are also called clones. (Clones and Counterfeits, are 2 different terminologies)

For development, one need to use Arduino IDE or any similar Embedded C/C++ IDE like Atmel Studios, etc. I am using Arduino IDE. From this, one thing is clear that Elliot knows Embedded Programming that was nowhere mentioned in the whole series.

This rubber ducky can be used on both Windows and Ubuntu. I started with Ubuntu first. Started with basics, I programmed the board to blink an on-board LED when plugged into the USB port.

Blink is known to be 101 when testing/exploring any new Hardware. Its synonymous to “Hello, World!” program used for Software Testing 101.

After successfully testing it I programmed it to open the terminal in Ubuntu(Ctrl+Alt+T) and run any basic command, lets say,
$ ls.

I tried a few more basic commands like,
$ ifconfig
to a bit complex commands like,
$ macid=`ifconfig | grep ether | awk ‘{print $2}’`
$ echo $macid
(This is helpful to extract the hardware MAC-ID of your Wi-Fi Adapter, as demonstrated below)

Executing the above set of commands

Everything was going fine, until I started trying commands which specifically needs root access to run.

I was trying to extract passkey of all the saved Wireless networks on my system.
$ cd /etc/NetworkManager/system-connections/
$ ls
and I got a list of files of all the saved Wi-Fi networks on my system. To view the details I could have used cat command. But without root access, these files were not accessible. But with this command,
$echo ‘password’ | sudo -S cat wifi_name
I was able to view the file details.
What this command did was to pass the mentioned ‘password’ to the sudo command without actually typing it. But you still needs to know the password of the system itself. You cannot bypass the superuser permissions altogether.

There are 2 files visudo and sudoers which can be edited to bypass permissions, but we need superuser permissions to edit these files themselves. So we are stuck in a loop.

Conclusion?
As fun as it is exploring Rubber Ducky, its a dead end for it on Linux OS. You can only exploit a Linux system as much.

In the next Episode I will try to explore Windows OS and try to exploit its vulnerability to bypass superuser/administrator permissions.

Peace!

Hacking the Physical World | Senior Embedded Systems Engineer @ PiRhoAlpha Research (ActiveBuildings) | I write posts about AVR and Raspberry Pi.