The OG150 is a small, automated, plug-and-play security device commonly referred to as a penetration testing drop box. The OG150 hardware supports integrated wired and wireless interfaces that permit a wide range of security tests to be performed against the target network infrastructure and associated IT resources.
The OG150 has been developed by Darren Johnson who is a Security and Wireless enthusiast/researcher. Darren has been involved with Cisco networks for the last 13 years and is Dual-CCIE certified in Routing & Switching and Security.
Note: It is important to understand that the OG150 requires physical access to the target network (see the FAQs page for further information).
Tell Me More
I have identified four main functions of OG150, however its use can be easily expanded and is only limited by the imagination of the end user.
This use-case scenario typically targets beginners to network security who want to implement security exercises for educational purposes. Previously, security enthusiasts who wanted learn about security using practical exercises, used a laptop running a Linux distribution on top of VMware (I used to use 'BackTrack 5' running as a VM on my Windows XP laptop). The OG150 is an alternative approach. The OG150 is packed with security-related packages that allow the user to launch/implement security exercises without installing any special software on their machine. The user simply connects to the OG150 using SSH and can then launch security exercises from the OG150 command line. The only small pre-requisite is that the user must have an SSH client installed on the device they use to connect to the OG150. SSH clients are freely available on all common operating systems - Windows, Linux, Mac.
The 'Tutorials' page on this website is ever expanding (currently there are over 50 exercises planned) and demonstrates security exercises using the OG150. A benefit of using the OG150 to replicate a security exercise is that the hardware/software is exactly the same as was used to document the exercise. Therefore, you will not waste time installing software, trying to resolve software bugs and troubleshooting dependancy issues which is typically faced when you use different hardware/software.
The OG150, once plugged into the wired network, will automatically execute over 10 pre-configured security tests. These tests include scanning the local network, listening to management/control plane traffic, testing firewall access policies and many other tests that would provide the hacker with ‘interesting’ information that they could potentially use for an attack.
The OG150 collates the test results and provides information relating to the vulnerabilities detected and how a hacker may exploit those vulnerabilities. This information creates a Security Report which is emailed to the hacker.If successful, the hacker now has sensitive security information – for example, names of the users on the network, network services being used, switch/router software versions, and much much more. This feature is completely automated and takes about 5 minutes to execute, depending on the network, before you receive the Security Report email.
The OG150, once connected to the network, will attempt to establish a tunnel back to the hacker’s machine that is connected to the Internet. This tunnel can use either reverse SSH tunnels or OpenVPN tunnels. Once a tunnel is created, the hacker can connect to the OG150 from ANYWHERE on the Internet and initiate attacks against the target network and its associated IT resources.
The tunnel establishment function is also automated, and the hacker may optionally choose to receive an email or an SMS to confirm that the tunnel has been successfully established. The hacker can then attempt to attack both the wired and wireless infrastructure from any location that has Internet connectivity.
The OG150 can be used to ‘watch and listen’ to the physical area where it has been deployed. It does this with the use of a very small wireless webcam that is deployed in a covert device – for example in a smoke detector – that associates (connects) to the OG150 via the wireless protocol.
The OG150 can then stream live video and audio to the attacker leveraging the tunnel that was previously established (see Remote Access above). If you consider that this could be deployed in meeting rooms of corporations where confidential information is discussed, you can see impact that this could have.
It should be cautiously noted that some of the features require outbound firewall rules to be loosely implemented (outbound firewall rules in this context means traffic initiated from the internal network destined to the Internet). Testing conducted to date has surprisingly shown that the majority of networks have permitted the protocols used by the features listed above.
Legal Disclaimer: I do not promote or endorse malicious hacking. The term “Hacker(s)” as used on this site refers to “Ethical Hacker(s)”. The OG150 has been developed for use by legitimate Penetration Testers and for educational purposes only. I reserve the right to modify the Legal Disclaimer at any time without notice.