FBI Raid on LULLC HQ

Due to a pending investigation from the FBI after a early morning raid on March 28th, for a hacking charge alleging "spearphishing" against the owner, Lister Unlimited has rescinded its project of Abominable Intelligence and all open source variants from being offered to Law Enforcement.

A.I.'s development has been frozen due to the seizure of approximately $5,500 of equipment and crucial proprietary source code. One of the possessions seized is a experimental copy of what would become the proprietary version of A.I. We are now forced to redevelop this technology from backups stored in the cloud.

Furthermore, LULLC is now in the middle of a shift from Amazon Web Services as its primary VPS provider to a new solution.

More information may be found on www.listerunlimited.com

Chang Tan Managing Member Lister Unlimited Cybersecurity Solutions, LLC [email protected] (702) 781-1878

AutoExploiting-Pi

Malicious Artificial Intelligence written for Penetration Testing Purposes

Version | Status | License

ALPHA | CURRENT VERSION, OPEN-SOURCE | GNU General Public License v3.0

BETA | OPEN SOURCE | GNU General Public License v3.0

ONE or 1.0 | OPEN SOURCE, Final Public Release of Code for Academic Purposes | GNU General Public License v3.0

"Abominable Intelligence" (Above 1.0) | PROPRIETARY(4) RELEASE PLANNED FOR LATE 2018 | Copyright Lister Unlimited Cybersecurity Solutions, LLC. 2018

What does the AutoExploiting-Pi Do?

The AutoExploiting Pi is a Semi-Open Source(1) Project funded and headed by Lister Unlimited Cybersecurity Solutions, LLC. https://www.listerunlimited.com/

It has a (a) hardware component costing more than $700 USD (b) software component containing soon-to-be-proprietary code(2) and (c) contains a rudimentary Artificial Intelligence, life breathed in via various scripting and programming environments.

The idea is to grant wireless pentesters a device that can perform their penetration testing tasks as easy as "Plugging in the Pi and waiting outside the target's house for less than a minute".

The current prototype model boasts...

1. Absurd amounts of hitting power and range, allegedly 16.9 miles with more than 24 dB of gain
2. Completely automated post-exploitation (via Routersploit Framework)
3. Completely automated wireless attacks targeting WEP, WPA2-PSK, and WPA2-MGT/ENT/RADIUS
4. Absolute discreetness to not arouse suspicion (the Raspberry Pi 3 is a $35 microcomputer, hardly the stereotyped tool of some evil Hollywood 'hacker')
5. SCREAMIN' hacking speed using threading and subprocess modules and field-tested logic statements
6. Various perks due to our choice of hardware components, including a Ubiquiti Networks M2 Bullet, complete with a software Spectrum Analyzer, Hotspot Repeater Capabilities and Audio-Assisted Targeting https://www.ubnt.com/airmax/bulletm/, and a specialty-model pair of wireless amplifiers provided by Hak5, LLC https://hakshop.com/products/long-range-wifi-kit. Totaling more than 58 dbM of transmit power, and 5 Watts of Output Power EIRP.

For a approximate price of just under $1,000 USD(3).

Coming soon in the Last Quarter of 2018.

Here is a Marketing Blurb

The Lister Unlimited Wright Project is the largest collaborative endeavor in the company's history, meant to bring to the niche consumer a specialty wireless penetration testing tool with no parallel.

The Wright Project is named after Marcus Wright, the antihero of the movie Terminator Salvation, and arguably the predecessor to the successful T-800 line of Skynet Terminator Units that resulted in the near-extinction of humanity post nuclear holocaust. Much like Marcus Wright, Lister Unlimited is determined to have you, as the attacker, breach your target of choice and to conduct your mission completely unseen and unsuspected.

Our current alpha test model, referred to inner circles of LULLC as the "Lister Helix", is a all-in-one Wireless Attack Array composed of:

1. Three Pentester-Approved Wireless Adapters, one internal omnidirectional, and two external directionals
2. Dual RF Powered-Amplifiers tuned to the 2.4Ghz band, generating 5 Watts of Output Power EIRP, 58 dBm of amplified transmit-power
3. One additional RF Powered-Amplifier with Audio-Assist Targeting, Persistent-Reauthentication, AP Repeater and Spectrum Analysis Capabilities for the "perfect shot"
4. Dual Directional-Antennas of both a Parabolic-Type (maximum range) and Panel-Type (best directional coverage) with a maximum of 24 dB of gain
5. A heavily modified Raspberry Pi "brain" with AI guiding the processes of deauthentication attacks and post-exploiting a compromised router

The "Helix device" is designed to engage penetration testing targets beyond the visual range perceptible by the naked eye, and it boasts a maximum attack range of 16.9 miles unobstructed, being able to project a reliable wireless signal through five houses uphill, and can engage targets half a mile away across water.

It is managed by a fully autonomous and aggressive Artificial Intelligence of LULLC proprietary design(5), known as ABOMINABLE INTELLIGENCE. When powered on, the AI will run separate DAEMONIZED processes, allowing it to exploit the networks it knows the password to and attack fresh wireless networks to capture the encrypted password, at the same time.

ABOMINABLE INTELLIGENCE will routinely upload it's newly captured handshakes to a remote password cracking rig of your discretion to crack the credentials, allowing you to maintain the momentum of your indiscriminate wardriving and war-kitting spree. It is truly, a self-aware "War Machine".

This device requires 4.9A of current at 5V to fully utilize it's capabilities. That is nearly half the maximum output of a standard wall outlet socket. But is designed to safely drawn the power from your car with no additional strain on your stock alternator.

Contributors (hardware) to the project involve the parties of Hak5 LLC, Ubiquiti Networks, TrendNet, ALFA Networks, and the Raspberry Pi Foundation to name a few. Penetration testing frameworks utilized in this design includes but are not limited to, Rapid7's Metasploit Framework, NinjaSec's Pupy Shell, WiFi-Phisher, Routersploit Framework, and the Aircrack-Suite.

Alright! So how do I install this?

Currently the code is not ready to be released commercially due to various bugs, unanswered questions (that I have), and the fact that there is no overall feature outside of, "I got Routersploit to automate itself on a couple of things". If you are willing to be patient, I am throwing together a autoinstaller script in python that will be available in about a month.

Be aware that any hashes you capture must be CRACKED, by a GPU-powered Desktop or Server! My rig, a Dell T20 PowerEdge with a crappy GTX 1050 Ti costed me about $880.

However, if you want to install this now for the sake of having fun with a Raspberry Pi that runs RSF Autopwn https://github.com/reverse-shell/routersploit/blob/master/routersploit/modules/scanners/autopwn.py, then...

1. Start up your RPI and git clone this repo.
2. Copy all of the 'py' python files and 'sh' shell scripts into /usr/local/bin
3. Replace your /etc/network/interfaces file with the one in the repo, which by default, sets wlan1 to "Attack all networks in range" and wlan0 + wlan2 on "Exploit all cracked routers in range".
4. Install the following pip modules, termcolor, io, and netifaces.

On top of that, you will also need to...

1. Enable root logins on the Raspberry Pi
2. Edit your /etc/passwd file to allow root logins on BOOT
3. Edit your /boot/cmdline script to make the RPi 3 relabel it's network interfaces "old school style", as in "eth0, wlan0, wlan1, wlan2, etc."
4. Copy/paste the contents of crontab.txt as a cron job, "crontab -e"
5. Copy/paste the wpa_supplicant.conf file to /etc/wpa_supplicant/wpa_supplicant.conf, which has sixty or so cracked passwords for you to have fun with (the RPi will auto-login)
6. As soon as you reboot the CRON daemon will autostart the detect-network connection scripts. At that point, it will go on its own and attack everything it sees as soon as it knows its connected to a cracked network.
7. Disable any other annoying locks that affect all Debian derivatives of Linux. Such as, enabling root logins, root privileges, and all of the safeguards. Such as the SSH changes they made "for your security".

Basically, you are manually converting Raspian into Kali Linux WITHOUT breaking it. I do however, have a 7.7GB image file of the working model, which I made to avoid going through all of this again. LMK if the tasks above are too difficult for you. I may consider just giving out the huge image file away outright. You just have to show me, where to go host such a monsterous file.(6)

It wasn't that easy coming up with this handful of files, mostly I dug up old forum posts and the occasional well-Googled answer. Often, I ran straight into uncharted waters and learned a bit more about how Debian worked. Most of the time however, unexplained cryptic error messages often made me break my keyboards with rage. The fact that StackOverflow often devolves into flamewars (i never posted there but I saw some pretty dumb replies to other users) instead of a constructive effort to help me overcome the questions I ponder of definitely slowed me down and fatigued me.

I have not had much time or privacy to commit to this 24/7, but this is indeed, a 24/7 Team-Project and cannot be completed by a single person. I have to balance my real life with probation, school, work (I am a contractor), family, and some relationship problems that I hope blows over.

With a team, this task can be completed in about a quarter of a year. Without quality code though :/

Other Modules I am interested in adding (to be automated)

These ambitions could be limited due to the ARM Architecture of the Raspberry Pi. For one, unless the app is purely Python or a shell script of some sort, then it may not be compatible.

1. The entire toolkits from the Hak5 Repos of... BashBunny, LAN Turtle, Packet Squirrel and Wi-Fi PineApple
2. HostAPD-wpe and FreeRADIUS-wpe
3. AutoSSH
4. Streisand (it's EZ-Moded OpenVPN basically)
5. CarBerp Exploit Pack, arguably the largest stash of leaked malware source code on the internet
6. UAC Duck
7. Metasploit (already installed but it was not easy!)
8. Netcreds
9. Lazagne

Footnotes

(1) The repository will remain Open-Source for now. Upon the final release of Version ONE, the official commercially viable production model of the AutoExploiting Pi, there will be no updates to this repository. However we will leave the repo up at that date for the Open-Source Community to play with and build something else creative

(2) Once AutoExploit Pi's Version ONE is released, the code for AutoExploit Pi will fork into two unique and distinct repositories.

Version ONE shall remain OPEN-SOURCE with the code in cleartext.

The software known as "Abominable Intelligence" (any version above 1.0) will become proprietary code of Lister Unlimited Cybersecurity Solutions, LLC. and will be sold and distributed as a compiled binary software suite, packaged and preinstalled with the hardware components at the time sale.

(3) Projected cost of goods sold from a budget evaluation performed on January 18th, 2018. This number is tentative to change as costs and components are continually purchased, tested, and redesigned

(4) This only applies to the software. But since our creation is a combination of software and hardware, they both need to have distinctly separate patents for each.

A. Upon the commercialization of the device, the Proprietary Version of the Software will be classified as a Artificial Intelligence and subject to copyright statutes within the Territories of the United States.

B. The hardware composition, design, process of manufacture, and blueprints for the Lister Helix/AutoExploiting Raspberry Pi will be repeatedly reworked into a visually appealing and convenient form and rendered ready for mass production and sale by design and supply chain engineers employed to Lister Unlimited Cybersecurity Solutions, LLC. The likely patent type is a Articles of Manufacture Patent for the Lister Helix/AutoExploiting Raspberry Pi.

(5) The software known as "Abominable Intelligence" is protected by Chapter 17 of the United States Code, Section 101, and is Pre-Registered for Copyright Protection as it falls under the category of "Computer Software". Claim ID: 1-2UQQRRT Case ID: 1-6212469011

(6) For FREE obviously. I mean to say, if I were to be asked to allow a 7.7 GB in size Linux img file to be downloaded, I want it to be hosted for free. And that's a crazy tall order. Yes, I do have a website. And yes, I do have Amazon instances available, but it costs money out of my pocket for the data transfers. Lose a few dollars every couple of GB of bandwidth transferred. Why am I paying you, to download my broken app?

I need a way to host this file at a low cost.