(If you’d like to see images of the sniper yagi, have questions about this, or would like to learn how to build your own, feel free to DM @daemon.1530 on Instagram, and I’ll be with you as quickly as possible.)
Have you ever wondered what hackers can do away from their basements and main computer setups? Are you more interested in on-the-go and physical presence hacking rather than remote and patient hacking? Then you’ve found yourself the right article to read, my friend.
What I will be covering today is called a ‘Sniper Yagi‘ which is practically a sniper rifle with a direction antenna replacing the barrel.
A quick description: barrel = directional antenna. Ammo mag = batterry. Raspberry pi attached on the side, as well as a router. So let’s say a pentester was hired to attempt to reach a file in the top floor of a very large buisiness without being seen. The floor is out of range from any regular device on the ground. So; to evade all contact with employees entirely to achieve the stealth standard, this pentester doesn’t go in the building at all. Moreso stands in a nearby area with his sniper yagi aimed at the top floor. The antenna on this sniper is called a yagi antenna. These antennas can shoot as far as a 3 mile range in one direction, in a signal diameter similar to that of a small box, a few feet wide and tall. So the signal replicates that of a sniper bullet. Accurate and powerful.
The pentester would begin by aiming in different parts of the top floor. Once he finds the AP on the top floor, he sets his router on the side to configure itself to exactly match the configuration of the building router. He then deauthenticates all devices off the legitimate buisiness router, and forces them all to connect to him because of the presumption that since the network is the same, it can be trusted. Once all devices have moved to him, he started targeting each device to find his target file. He boots up the pi and targets a device. He uses BeEf and MITM (both programs are available online) and replaces all downloads with his own payload. He then redirects all traffic to his locally hosted server containing the file. The download name is that of an important update all employees must install. Once the target installs, he runs a check on the device to see if his desired file is there. If not, he moves on to the next. Once the file is found, he disconnects all devices from his rogue access point and allows them all to connect back to the origional router. He removes all malicious payloads, and leaves the business as it was beforehand.
So! The takeaway:
* Just because a network looks like yours, doesn’t mean it’s always trustable.
* Don’t download “important/update files” from an untrusted sender.
* Finally, be aware of what’s happening. If you notice something fishy about any sites, networks, or programs recently added, contact your IT department or device administrator, because it could mean the difference between safety, or a company leak.
I hope you all learned something from this article and can apply it in real world situations!