Mr. Robot Decoded

Episode 2 — ubuntu.h

Recap — Episode 1

[Spoiler Alert]

Season 4 Episode 11 “eXit”

Think of all the possible ways in which you can exploit someone’s system, just by inserting a USB device into it. But to what extent? Let’s explore!

This is Digispark’s Attiny85 USB development board. This board was originally designed by Digispark but they discontinued manufacturing and it later became an Open Source Hardware.

Like an Open Source Software whose source file(.c, .cpp, etc) is freely available to developers, an Open source hardware is one whose schematics are freely available.

So all the boards that are available today are basically developed by any third party manufacturer. These boards are also called clones. (Clones and Counterfeits, are 2 different terminologies)

For development, one need to use Arduino IDE or any similar Embedded C/C++ IDE like Atmel Studios, etc. I am using Arduino IDE. From this, one thing is clear that Elliot knows Embedded Programming that was nowhere mentioned in the whole series.

This rubber ducky can be used on both Windows and Ubuntu. I started with Ubuntu first. Started with basics, I programmed the board to blink an on-board LED when plugged into the USB port.

Blink is known to be 101 when testing/exploring any new Hardware. Its synonymous to “Hello, World!” program used for Software Testing 101.

After successfully testing it I programmed it to open the terminal in Ubuntu(Ctrl+Alt+T) and run any basic command, lets say,
$ ls.

I tried a few more basic commands like,
$ ifconfig
to a bit complex commands like,
$ macid=`ifconfig | grep ether | awk ‘{print $2}’`
$ echo $macid
(This is helpful to extract the hardware MAC-ID of your Wi-Fi Adapter, as demonstrated below)

Executing the above set of commands

Everything was going fine, until I started trying commands which specifically needs root access to run.

I was trying to extract passkey of all the saved Wireless networks on my system.
$ cd /etc/NetworkManager/system-connections/
$ ls
and I got a list of files of all the saved Wi-Fi networks on my system. To view the details I could have used cat command. But without root access, these files were not accessible. But with this command,
$echo ‘password’ | sudo -S cat wifi_name
I was able to view the file details.
What this command did was to pass the mentioned ‘password’ to the sudo command without actually typing it. But you still needs to know the password of the system itself. You cannot bypass the superuser permissions altogether.

There are 2 files visudo and sudoers which can be edited to bypass permissions, but we need superuser permissions to edit these files themselves. So we are stuck in a loop.

Conclusion?
As fun as it is exploring Rubber Ducky, its a dead end for it on Linux OS. You can only exploit a Linux system as much.

In the next Episode I will try to explore Windows OS and try to exploit its vulnerability to bypass superuser/administrator permissions.

Peace!

--

--

--

Hacking the Physical World | Senior Embedded Systems Engineer @ PiRhoAlpha Research (ActiveBuildings) | I write posts about AVR and Raspberry Pi.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Raze Network Public Testnet Launch Announcement

BuiltWith — technology profiler

Managing compliance with Osquery for local & remote workers

{UPDATE} Block Sprung LT Hack Free Resources Generator

In a changing world of data management, what does the future look like?

#266: PREMINT Test Operation! 30 Winners will Receive Chipper Momo-chan NFT!

The Definitive Guide to the GDPR and why you don’t need a Babel Fish.

Big Data: Privacy

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akshul Goyal

Akshul Goyal

Hacking the Physical World | Senior Embedded Systems Engineer @ PiRhoAlpha Research (ActiveBuildings) | I write posts about AVR and Raspberry Pi.

More from Medium

OverTheWire:~$ Bandit Level 8 → 9

“That SweetPot of Data Net-tar” My first Honey Pot Walkthrough Part 1

Network basics related to wifi hosting (1/2)

Function-like macros