Skip to content

jeffbryner/kinectasploitv2

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

blenderhelper

blenderhelper

 
 

sounds

sounds

 
 

uvtextures

uvtextures

 
 

README

README

 
 

kinectasploitv2.blend

kinectasploitv2.blend

 
 

Repository files navigation

kinectasploit v2
Jeff Bryner 7/2012
as released at DEFCON20

Kinectasploit is a blender 3d game environment using the 
microsoft kinect and a bunch of security tools to hack into
computers using gestures. 


Videos of the environment are avaialble at http://p0wnlabs.com/defcon20

The scenario requires a fairly specific setup including VMs
with specific vulnerabilities, loads of tools, etc. Here's an attempt
to outline what you need to play it: 

1) blender (blender.org)
2) microsoft kinect
3) osceleton	(github; connects to the kinect and sends OSC joint data to blender)
4) iwlist	(discovers access points)
5) airomon	(creates an AP monitor port)
6) airdump	(dumps AP packets to a pcap file)
7) aircrack-ng	(cracks wep keys from the pcap file)
8) pytwitter	(used to get timeline data from twitter while waiting for jobs to finish)
9) snort	(used to alert you when you are noisyly hacking a network)
10) ip route	(used to show what networks you are attached to and can scan)
11) nmap 	(used to scan networks for victims)
12) graphviz	(graphs nmaps traceroute output)
13) nessus	(scans victims for vulns; should find an open share on the windows vm below)
14) smbclient	(used by ettercap to retrieve a pcap file from the windows open share)
15) ettercap	(rifles through the pcap file to retrieve creds)
16) wget	(scans a server for acessible urls)
17) sqlmap	(breaks into web systems to retrieve passwords)
18) john the ripper	(cracks database hashes for creds that can be used in metasploit)
19) metasploit	(uses psexec and nbd_server.rb to get a forensic block device on the windows vm)
20) nbd-client	(connects your attacking linux machine to the victim windows vm)
21) fls		(searches the nbd device for RECYCLER files)
22) icat	(retrieves files from the nbd device)
23) rifiuti	(searches the INFO2 file in RECYCLER for file information)
24) a windows vm with an open smb share containing a pcap file with creds to:
25) a linux vm running sqlol (or any vulnerable sqlinjectable web app) with creds to the above windows box
26) a hypervisor capable of running the above vms (kvm works well)

Complex, I know but that was the point ;-] to include many, many tools in a graphical, gesture-driven environment and have them
useful enough to hack into a system and retrieve a file from the windows VM's RECYCLE bin folders.

About

kinectasploitv2

Resources

Readme
Activity

Stars

23 stars

Watchers

11 watching

Forks

9 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages