Студопедия

Главная страница Случайная страница

Разделы сайта

АвтомобилиАстрономияБиологияГеографияДом и садДругие языкиДругоеИнформатикаИсторияКультураЛитератураЛогикаМатематикаМедицинаМеталлургияМеханикаОбразованиеОхрана трудаПедагогикаПолитикаПравоПсихологияРелигияРиторикаСоциологияСпортСтроительствоТехнологияТуризмФизикаФилософияФинансыХимияЧерчениеЭкологияЭкономикаЭлектроника






The Robot Invasion






First, she did a walkthrough of the facilities with the site manager as an escort. She took her little netbook with an Atheros-based mini PCI wireless card set in monitor mode to look for any wireless access points. As these satellite offices were far from the reach of corporate headquarters, the existence of wireless access points was one of the things the information security project sponsor was interested in. Part of Motoko’s activities was to catalog which access points existed, if any, and to see if any unauthorized wireless access points (rogue APs) had been installed. The site manager informed Makoto that they had no wireless here; it was only a shipping and receiving station with minimal IT infrastructure (or so he thought).

She walked around with the site manager inside the large shipping and receiving

floor. It was a veritable menagerie of automated robots moving palettes of goods around, as well as people driving small forklifts, loading and unloading goods into trucks parked at the service bay. Except for a small office attached to the warehouse, the site manager was right in that there appeared to be little IT infrastructure involved. As she walked around, she still saw the “hidden” wireless signal that she discovered from outside with her high-gain antenna. The signal was particularly strong using only the built-in antenna in her netbook, so she was fairly certain it originated from somewhere in this warehouse.

In fact, as she walked around with Kismet running, she noticed the signal strength

fluctuate. The signal was stronger inside the large plant area than it was in the office,

contrary to where she thought a wireless router might be located. As she walked around, she noticed the robots that were moving palettes. The robots never seemed to bump into each other, so she deduced they were being controlled by something. She also noticed that every time they picked up and dropped off a palette of goods, the robot scanned a large barcode on the side of the palette and the device beeped. The same thing happened whenever one of the forklift drivers picked up a palette and moved it into a waiting truck. They would scan the palette with a handheld device.

Could the robots and the barcode scanners be communicating over some type of wireless network, possibly the WEP-protected wireless signal she saw? Looking around further, she noticed a large box attached to the rafters of the warehouse. Some conduit seemed to be running from it, so she thought that maybe it was the source of the wireless signal. Attaching her high-gain wireless card and directional antenna, she pointed it around the room and saw the signal jumped considerably when pointed directly at the box (or somewhere around it due to the dispersion of signal from the antennas probably built into the box). She determined that the signal might be coming from there.

With a reasonable degree of confidence that the hidden AP was owned by the client

and not the next door neighbor, she then decided it was time to see what she could do.

The instructions from the client were to try to penetrate whatever wireless infrastructure she found and see what she could do while on the network. Using the aforementioned Aircrack-ng toolkit, she put her wireless card into monitor mode, performed a fake authentication against the hidden AP, and started performing packet injection. She noticed that every time one of the robots or forklift drivers scanned a palette, thedata counter for that wireless network would increment. She concluded that these robots and handheld scanners must be using the wireless network to communicate and track the inventory. That gave her enough useable data to reply back to the router to generate more IVs via ARP injection.

It only took ten minutes or so to crack the WEP key, a testament to how little protection WEP provided. After associating with the access point with her PC using the key, she received an IP via DHCP. She was now on the network that the robots and scanners used. But what could she do? If the robots in this shipping station were scanning some type of barcode on each of the palettes, perhaps that information was being tracked somewhere. Maybe these machines were talking to a backend server. She wrote a little script to ping each of the IPs in her subnet. After some replies and a few port scans, she realized she was on the same network segment as the inventory server that all the automated machines were talking to! She decided it was beyond the scope of the project to try to penetrate into the server, so the screenshots she took of being able to reach it was enough to prove she could penetrate it from the wireless network segment. What’s more, she did some simple network discovery and saw that she could also access the internal domain controllers within the enterprise and even access the servers located in different regions of the world!






© 2023 :: MyLektsii.ru :: Мои Лекции
Все материалы представленные на сайте исключительно с целью ознакомления читателями и не преследуют коммерческих целей или нарушение авторских прав.
Копирование текстов разрешено только с указанием индексируемой ссылки на источник.