A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Ducky-in-the-middle: Injecting keystrokes into plaintext protocols - Esteban Rodriguez NolaCon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

Ducky-in-the-middle: Injecting keystrokes into plaintext protocols
Esteban Rodriguez
@n00py1

This talk will cover the basics of protocol analysis using Wireshark and lead into analyzing two custom application protocols used for extending the mouse and keyboard of a remote system. The two applications covered are HippoRemote, and iOS app to use a iPhone as a trackpad and keyboard, and Synergy, an application to allow for control of multiple operating systems with one mouse and keyboard. By performing a MITM attack, an attacker can abuse this protocols to send keystokes to a remote machine to gain remote code execution similar to a USB rubber ducky attack. The talk will also discuss mitigations and open source code will be provided for exploitation. The target audience should have a basic understanding of Wireshark, ARP spoofing, and reverse shells. Additional info: https://www.n00py.io/2017/01/control-your-mac-with-an-iphone-app-an-analysis-of-hipporemote/ https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/ https://github.com/n00py/AngryHippo - Exploiting the HippoConnect protocol for HippoRemote https://github.com/n00py/Dissonance - Rogue Synergy server

Recorded at NolaCon 2018

Back to NolaCon 2018 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast