A great penetration tester always remembers to take physical security into account. With that in mind, we've added an interesting new feature to Core Impact Pro. The module, called “install Agent using Teensy board,” allows Core Impact Pro users to deliver a physical attack through a USB thumb drive, installing an agent that can take control of the target machine. On the Windows platform, the Windows Script Host object model (WScript) or Powershell methods can be used to deliver the agent. On the Linux platform, the wget tool is used.
What do you need to use this new module? A Teensy board and Arduino IDE software. There are a lot of Teensy board versions, which you can check them out on the PJRC homepage. Our module supports Teensy++ 2.0 to Teensy 3.1. Next, install the necessary software in the development machine.
To use Teensy on Windows:
- Download and extract Arduino IDE software.
- You'll need to download and install Teensyduino, an add-on for the Arduino IDE, from the PJRC homepage. https://www.pjrc.com/teensy/td_120/teensyduino.exe https://www.pjrc.com/teensy/td_download.html https://www.pjrc.com/teensy/td_usage.html
Once you have the necessary software installed and running on your development PC, it's time to use the “Install Agent using Teensy board” module from Core Impact Pro. Start Impact and select the module “Install Agent using Teensy board” from the “Search Modules” window: Double-click the module and you'll see the following window: As in is true in almost every Impact module, you'll find different options related to the agent connection, web server (if used) and advanced options. Be sure to select the correct architecture for your attack using the “ARCHITECTURE” option, and the correct place to save the resulting file using the “TARGET_FILE” option. It is also important to choose the correct option within “DEPLOY AGENT USING.” If you are going to attack Windows platforms you can select between the “WSCRIPT” or “Powershell” options - those will generate a .PDE file with a Wscript or Powershell script, respectively, inside the code needed by the Teensy board. The “wget” option is only used to deploy an agent on Linux platforms. Once you've made those selections, hit "OK" and let the magic begin! Impact will launch a WEB SERVER and wait for the agent to connect. Then you'll have a .PDE file created in the directory you have chosen: Now we need to flash this file on a Teensy board using the Arduino IDE software. Follow these steps: 1. Launch the Arduino IDE software from the Windows Start menu. 2. Open the .PDE file generated by Impact. You may see a window like the one in the screenshot below, with a warning about creating a folder for the new file. Click OK. 3. Once you have your .PDE file in the Arduino IDE, be sure to plug in the Teensy board on a USB connector in your machine and press the “reset” button in the board (the one marked in red in the picture below). 4. Select the type of Teensy board you're using from the "Tools" menu (e.g. Tools -> Board -> Teensy++ 2.0) 5. Select Tools -> USB Type -> Keyboard + Mouse + Joystick 6. Select Tools -> CPU Speed -> 16 MHz 7. Select Tools -> Keyboard Layout -> US International 8. Select Tools -> Programmer -> AVRISP mkII 9. Select Sketch -> Verify / Compile
If everything went smoothly, you'll get a window like this:
A message saying “Reboot OK” should be displayed for a moment. Remember that the Impact Web Server is still waiting for an agent connection. The only thing left is to plug the Teensy board into the target machine and wait for an agent to be deployed: Enjoy!