RED TEAMING : My First Experience

In May, 2019, I worked in the back-end of a red team operation at a major pharma corporation in India.

For this post, I'll use the name Example Ethicals as the company name.

For a perfect Red Team Attack, we had to use a lot of strategies. There was little chance of a successful attack, so we had to attack on all fronts.

We began enumerating the company's subdomains, and couldn't find anything at first. However, after about half an hour, we found a subdomain mailbackup.exampleethicals.com

This subdomain had an outlook webpage for email login, so we had an opportunity.

I was thinking about the best method to find login details, and that's when I thought of this idea: the site was mailbackup.exampleethicals.com and here's what I made: mailbackup.examplethicals.com . Can you spot the difference? Look at the two e's in between.

Next, I made an Outlook Clone which looked like this

See. there's hardly any difference except for the scroll bars.

Our next step was to find the email addresses

We used Harvester for email id enumeration(it worked at that time) so we got a list of about 50 email ids of company employees

Next, another team member crafted an official looking email which we sent to the employees using an email id that looked like it was from the senior executives using email spoofing(more on that in future blogs)

So step 1 was over.

Our front end Red Team would go to the company offices in Mumbai. They had gathered a lot of data regarding the location, employee timings etc.

I used Maltego to create an entire information map

Our team had to physically access the company offices as art of the Red Team project. We had a lot of maps and office photos, and had also made fake id cards just in case.

But what would we even do there? We wanted Wifi passwords and other data. This was our primary objective. Luckily, one of the guys on the team had a USB Rubber Ducky.

I made a script where all they had to do was to plug in the ducky in any Office PC, and all Wifi Passwords would be extracted from it. I can't find my script now, but here's a somewhat similar ducky script. You can find my USB Rubber Ducky tutorial here

Step 2 was over

Now, if you're into cyber sec or have watched Mr. Robot, you might know about the raspberry pi ssh tool. Well, we decided to make just this.

Once plugged into the network, it can perform scans, exploit routers, pc's etc. It could do anything a normal PC on the network could do.

Quite simply, what I did was installed Kali Linux on the pi. The problem was how would I access it from another network in a reliable manner. Port forwarding was an option, but my entire company had only one router with a bad net connection, so that wasn't an option. What i did was ssh'ed into the pi using dataplicity. This was quite simple on a local network, but for another another network with most details unknown, it seemed almost impossible. However, after a lot of pondering, thinking, and tinkering, I decided to make a cron job. What dataplicity requires to connect is a script to run once you connect to the network, so I created a cron job(an script that runs in the background according to the cron job time set)

What the script did was connected to dataplicity every time the pi was started, using the current network information. Hence, we could connect to the pi even after it was connected on another network.

Now, we were also preparing WiFi hacking tools. We began generating custom word-lists that were the closest to what the company router password would be. We generated about a million words in total to crack the password using brute-force.

Our team went to the site location and captured a handshake

We cracked the password and using all the tools and methods, the method was fairly successful (can't elaborate much because I wasn't at the location)

Here's what a red teaming operation actually looks like

Here's how you can keep your network safe https://www.thehackerforum.com/post/network

Here's how you can stay secure online https://www.thehackerforum.com/post/anonymity

Here's the USB Rubber Duck tutorial https://www.thehackerforum.com/post/usbducky

Here's the compete guide to start hacking https://www.thehackerforum.com/post/hacking