17 Hacker Tools in 7 Minutes - ALL Hak5 Gear

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

in the next 7 minutes I'm going to introduce you to all of the hack five gear from our famous Wi-Fi pineapple to the implants and hot plugs used by Red teams militaries and universities all over the world by the end you'll know a bit about each and how they can impact your cyber security engagements or education so let's start off with the legendary Wi-Fi pineapple it's a hotspot Honeypot meaning to targets it looks like familiar Wi-Fi networks the kinds that computers and phones remember they connect to the pineapple automatically thinking they're on the real thing then you can monitor and manipulate the traffic it also does Wi-Fi reconnaissance intelligence gathering manin the middle just about any Wi-Fi attack you've heard of from Evil captive portals and Beacon floods to deth attacks and handshake captures there's the travel friendly Mark 7 and the heavyduty Enterprise just depending on if you're on the go or looking to ship a box to a client and pentest fully remote either way you control it all from your browser so launch attacks is just a few clicks and now let's take a look at one of my favorite pentest categories the hot plug attack tools these are designed to perform actions very quickly whether it's it automation as assisted men or the sorts of driveby attacks that red teams are notorious for we like to say with a few seconds of physical access all bets are off and there is no better place to start than with the Infamous USB rubber ducky you've heard of keystroke injection or bad USB as it's sometimes called We Invented that with this tool to us humans it looks like a ordinary flash drive but to a computer it's potentially that and a keyboard that types thousands of keys a minute so whether you're on a physical engagement or littering a parking lot with these they are highly effective at nabbing credentials planting back doors exfiltrating data literally anything you can do with a computer or phone and a do it in a few seconds and it's so easy to set up with a programming language you can learn in 2 minutes or dive deep into advanced ducky script and make complex payloads if you want to take things even further Grab A bash bunny this little guy emulates keyboards and flash drives like the ducky but adds serial and ethernet for some really Advanced attacks like bring your own network payloads that use your favorite pentest tools cuz did I mention it's a quad core Linux box with Bluetooth for remote triggers and micro SD for Mass exfiltration which is what I like to call a involuntary backup flip the switch plug it in when the light turns green it's a hacked machine and it couldn't be easier with bash and ducky script and there's hundreds of payloads in the library so getting started is a breeze likewise if it's a network you're auditing the shark Jack is your new best friend plug it into an Ethernet outlet and in seconds you're running payloads that scan the network do Recon gather some Intel maybe even stress test devices and like its siblings it runs payloads with bash and ducky script it gives you feedback with an RGB led the cable version even gives you an interactive shell right from your phone and finally let's talk about some opportunistic Network sniffing the plunder buug looks like an Ethernet coupler with a USBC plug connect it to your phone or laptop and this lanap passively EES drops on everything in between it works out of the box with pentest tools like wire shark and TCB dump and it'll even get you on the land if that's what you need now let's say you're in a situation where it's not about seconds of physical access but rather getting in and staying in so your red team can act well that's where these implants come in handy they're designed to blend into the environment and give you real-time Intel or remote access into the network perfect example the simple screen crap it's a little box you connect between HDMI gear like a computer and monitor and it records video or takes screenshots every few seconds then from afar over Wi-Fi you can watch it all remotely attach it to the back of a screen or projector in the conference room you can't imagine the kind of Intel you'll get similar idea with the key Croc except instead of just capturing keystrokes on a keyboard that you can then watch remotely on your web browser it also kicks off payloads like The Bash bunny they can trigger when your target types keys that you choose so they type the password it kicks off a payload and you log in over its Wi-Fi yeah it's a quadcore Linux box key logger armed to the teeth with pent test tools but what about the network well look no further than the land turtle and packet squirrel both do remote access and man-in-the-middle attacks the turtle looks like an innocuous ethernet adapter and the squirrel is a matchbook siiz Linux box that goes in between any network segment it even has advanced ducky script commands that let you alter Network traffic or passively capture packets my favorite is to EES drop on the print jobs you'd be surprised on the kinds of loot you find and finally these are OMG cables they look and act like the real thing but hidden inside is a powerful Hardware implant it does keystroke and mouse injection Hardware Key logging covert exfiltration carries hundreds of payloads that can be Geo fenced and self instructed personally I love that it can all be controlled on your phone over Wi-Fi and speaking of phones there's even a USBC variant which can attack mobile devices on the computer side who doesn't need a USB adapter these days if you're looking for one plant the OMG adapter it's got all the cable features in a form factor that looks the part and with all these scary cables you might be considering the age-old advice use a data blocker well how about the OMG Unblocker it looks like the real thing and does all the Mischief of course you can always use the apply name malicious cable detector to detect malicious cables and if you're looking to up your everyday carry game you can't go wrong with the OMG plugs they are great for opportunistic Drive Buys so that's it the hack five gear at least surface level there's a ton more to explore at hack.org including our payload editor payload studio and our Command and Control software Cloud C2 that's where you can o build your very own red team field kit customizable to your heart's content since 2005 we've been making this just for you so come on over you're going to find plenty of gear and videos and an awesome community and I'll be right there reminding you to trust your techn lust

Info

Channel: Hak5

Views: 275,518

Rating: undefined out of 5

Keywords: hak5, hack, technology, darren kitchen, shannon morse, snubs, hack5, hacker, red team, pentest, pentester, pentesting, penetration testing, cyber security, information security, infosec

Id: 4dkCxpEn2Rc

Channel Id: undefined

Length: 6min 53sec (413 seconds)

Published: Wed Nov 22 2023