/Offensive_Security

Offensive Security and the USB Rubber Ducky

By Omar Sharif

The Meeting

The meeting is a type of SEA that places a wireless access point from inside a corporate Network.

Tools required

  1. Device for wireless access point
  2. Tape
  3. CAT5 patch cable
  4. Computer
  5. Bootable flash drive with a linux distro

Instructions

  1. Find a corporation and a way to access the corporation physically from the inside under false pretenses.
  2. Once inside the company office gain access to a computer.
  3. Unplug the computers network cable and connect it to the WAP. Then clone the mac address of the machine onto the WAP.
  4. Plug the WAP into the network wall jack used by the computer.
  5. Now you have access to the company's network from a remote location.

Join the Company

This attack uses fake social networking sites and groups to attract employees and trick them into divulging sensitive information which will then be used to penetrate the company.

Tools required

  1. Computer

Instructions

  1. After selecting a target company, look up as many employees at the company and find out as much information about them.
  2. Create a fake account on a social networking site like LinkedIn and try to add as many of these employees as possible.
  3. Continue finding out more information about the employees such as reading their posts and directly contacting them.
  4. Choose an employee to impersonate to gain temporary access to credentials.