hacker • I like to play with packets, networks, electronics and 3D printers • I presented tools at various conferences (BlackHat Asia, HITB, AV Tokyo, SECCON, HamaSec, Hacker’s Party) and now DEF CON PHV/Demo Labs too! • Sorry, I’m not a native programmer or English speaker J Hello, Friend
Ops, we take advantage of “Sec/Net/Dev/Ops” enterprise tools to capture network credentials in a stealth mode. Using a low profile hardware & electronics camouflaged as simple network outlet box to be sitting under/over a desk. CIRCO include different techniques for network data exfiltration to avoid detection. This tool gather information and use a combination of honeypots to trick Automation Systems to give us their network credentials! What is CIRCO?
Micro Focus® Network Automation (formerly HP NA) ▪ Service Now Discovery* ▪ ForeScout CounterACT (NAC) ▪ Trusted network administrators ▪ Others * SNMP discovery only https://circo.cc Who we target?
Raspberry Pi computer ”The account was compromised by a hacker who used a Raspberry Pi to gain unauthorized access to the JPL network” “The system administrators also did not properly track the devices added to the network” 2019-June-22 https://www.digitaltrends.com/computing/hackers-steal-500-mb-nasa-data-raspberry-pi/ https://oig.nasa.gov/docs/IG-19-022.pdf https://circo.cc For example…
client ▪ Tap from 48V PoE ▪ Convert 48V to 5V ▪ Power-up Raspberry with 5V ▪ Micro USB-Hub ▪ 2nd Ethernet adaptor ▪ Use bridging between LAN adaptors ▪ Ignore all TIA/network standards ▪ Pray it doesn’t blow up J
§ Desk/Mount Box Network Outlet § Raspberry Pi 3B+ § Magnets mount (3D printed) § USB LAN Adapter § DC-DC LM2596HVS (56V-5V) § Magnetic switch and magnet (4mm) § USB Wireless Adapter https://circo.cc
USB LAN Adapter = $18 (Amazon) ▪ Raspberry Pi Zero W = $10 (Adafruit) ▪ Micro USB Hub = $9.99 (Tindie) ▪ Flat Network Outlet = $9 (eBay) https://circo.cc Hardware Cost (v1.5) Get CIRCO for $49.99 bucks!
Credentials Receiver (Internet VPS, software and domain NS) □ JAULA: Wireless Credentials Receiver (software) ▪ Python 2 □ Mainly Scapy for packet manipulation □ Migration into Python 3 started… ▪ Features: □ Honeypots services to behave as a Cisco Switch or IP-Phone □ Trick NAC systems (nmap, Phone whitelisted, Golden MAC) □ OSfooler-NG (https://github.com/segofensiva/OSfooler-ng/) ▪ Exfiltration via cover channel protocols □ ICMP (ping), Traceroute, NTP, HTTP, HTTPS, DNS, Proxy (DNS) and Wireless ▪ Extra: Get plain credentials if a PC is plugged into the IP-Phone □ net-creds (https://github.com/DanMcInerney/net-creds) https://circo.cc Software
testing purposes • Using this tool against network/systems without prior permission is illegal • The author is not liable for any damages from misuse of this tool, techniques or code • The author is not affiliated with Cisco Systems® Disclaimer