Hardware Hacking - Dropbox for Pentesting

less than 1 minute read

Command & Control Server:

- sudo apt-get install openssh-server
- cd /etc/ssh
- nano sshd_config
  # Authentication
  - PermitRootLogin yes
  # Add below 2 lines to the ned of the file.
  - AllowTcpForwarding yes
  - GatewayPorts yes
  # Save the file
 - Enable SSH Service
  - service ssh start
  
# Once transfered, append key to authorised key on C2 server
  - cat /root/id_rsa.pub >> /root/.ssh/authorized_keys
  - Above command allow dropbox to ssh into c2 server without the need of password
  

Dropbox Device

- ssh root@dropboxIP
- sudo apt-get update
- suddo apt-get upgrade

# Connect Dropbox to Commond & Control Server
  - Generate ssh keys
    - ssh-keygen (press enter when asked for passphrase unless you want one)
  - Identification file will be saved to /root/.ssh/id_rsa
  - Public key will be saved to /root/.ssh/id_rsa.pub
  
# Transfer the Dropbox public key to Commond & Control Server 
  - scp /root/.ssh/id_rsa.pub root@c2IP:/root/
  - Enter c2 root password: XXXXXXXXXXXX

# Once transfered, append key to authorised key on C2 server
  - cat /root/id_rsa.pub >> /root/.ssh/authorized_keys
  - Above command allow dropbox to ssh into c2 server without the need of password