The Nugget Project – Pentesting Wireless and HID security made Portable

Hi, so you have a high-level overview on how wireless security works. while researching different concepts in hardware security you might have stumbled upon HID based attacks. When a device that “it may not be what it seems” gets plugged into a machine and gets creative, things go south before you know it. We’ll I have two such amazing projects to discuss about... 

Let’s start with wireless security first, we know that in order to manipulate any target a threat actor needs to establish communication with the targeted device. In order to do that both of them have to be in the same network. Now, I know there are other ways to achieve the same goal but let’s take this approach for now. Alright; so the attacker needs to infiltrate the target’s network but shouldn’t be detected and must have a stealthier approach, there is no time to fire up kali and setup your network adaptor and aircrack the password.  

Well, this is where the kitten comes into action. You see this is not just a cat looking device that may seem like a teen’s handheld gaming console, it is a serious tool that can help you perform various “experiments” with any network. Powered by ESP8266, this device has some cool applications like: 

• Deauth Attacks 

• Packet Monitoring 

• SSDP Phishing 

• Detecting deauth Attacks 

There is a lot more that you can do with the help of MicroPython and community support. It’s form factor and DIY approach provides a great learning ground to learn and experience of cyber security not just with its application but what goes under the hood and learn about electronics and circuits, an under looked but crucial skill set required in the field of hardware Security. 

Learning about how ESP8266 works, from understanding the pins to decompiling the firmware for reverse engineering this device is packed with knowledge at every step. Kowing why a particular part is selected and why no other will work will teach you about protocols used by the device. Well, if you find this project too basic the least it will do is improve your soldering skills. 

Just like WiFi Nugget we have USB Nugget, this kitten takes the concept of badUSB and integrates a wireless twist expanding the capabilities of tiny ESP32 S2 mini chip. The idea is to have a wireless payload injector and achieve different goals like credentials stealing, device disruption, keystroke injection and much more.

The device supports payloads for Windows, Linux and macOS. There is a tone of payload customizations available in the community, or you can also craft your own using circuit python. There are also some CTF available to learn more about the project and understand different possibilities. 

You can build your own as this project is kinda open source. You’ll need a custom PCB fabricated that will be the base of the project the brains will be ESP8266 or ESP32 S2, depending upon your requirements, some buttons and programmable LED and you should be good to go. Oh, and you’ll also need a 4 Pin OLED display (SCK based) make sure you get this right!

Solder each component following the silk screen on the PCB, once done connect the nugget to a web flasher and flash the firmware of your choice. You can also solder female pin headers first and make the device modular to add hardware mods in the future.  

There’s LoRa mod that works well and other mods available that can enhance its capabilities further.  

We now have the idea behind 2 amazing pentesting devices and learnt something about electronics. There are many different open-source hardware projects out there each having its own unique concept.  

The DIY approach help us in gaining hands on experiences and help brainstorm further to improvise on the same project or innovate something of our own. 

Retia io: