Subject: General Tech | February 15, 2013 - 01:27 PM | Jeremy Hellstrom
Tagged: WPAD, security, Raspberry Pi, fud
On this weeks Podcast, Ryan wondered what he could do with his new Raspberry Pi and Hack a Day has an idea for him, though it is a wee bit nefarious. It seems that Travis over at MADSEC is using a Raspberry Pi in penetration testing, using the NetBIOS Name Service to get responses from the Web Proxy Auto-Discovery Protocol (WPAD); responses which can include LM hashes from Windows machines. With the use of Rainbow tables you can crack those hashes and take control of existing accounts on the PCs. This type of attack is well know, but automating the attack on something as small and easily modifiable as a Raspberry Pi adds a new layer. Whether you use it for good or evil, you can read more about it at Hack a Day.
"Plug in the power and Ethernet and this Raspberry Pi board will automatically collect Windows hashes from computers on the network. With a couple of RPi boards on hand [Travis] was searching for more hacks to try with them. This made a great little test to see how the board performs with the well established attack."
Here is some more Tech News from around the web:
- Traceroute reveals Star Wars Episode IV 'crawl' text @ The Register
- Your own head-mounted display for under two bills @ Hack a Day
- Apple: iOS 6.1 network overload caused by our Exchange SYNC OF DOOM @ The Register
- Doped nanotubes boost lithium battery power three-fold @ The Register
- SSDs at the Office – Trials, Tribulations and Still Worth It @ Techgage
- Nvidia revenues fight the PC tide, but annual profits pinched @ The Register
- Valve releases its Steam client for Linux @ The Inquirer