A China-based female hacker who is in her twenties has managed to hide a pen-testing toolkit into her high-heeled plastic 3D printed shoes and has planned to invade large organizations by dodging strict security checks with her sensual looks.
Pen-tester and the hacker who uses her Reddit handle by the name of “SexyCyborg” has showcased her 3D printed high-heel shoes and codenamed it as “Wu Ying Shoes (无影鞋)” which means “shadowless”. Her invention is named after the folk hero Wong Fei Hung’s famous shadowless kick, which he used to distract his opponents.
“As legend has it, to execute the ‘shadowless kick’ Wong would distract his opponent with a punch or upper body movement while striking with his foot. With my shadowless shoes, I distract the target with my…upper body and they don’t see the real danger on my feet.”
Each shoe features a drawer that is easy to slide in and slide out without any need to take off the shoes, and since it is 3D printed so there are endless possibilities to customize the drawer to store different contents. These drawers can be used to conceal pen-testing toolkit from the prying eyes of the security guards.
For demonstration purpose, SexyCyborg designed a test version that features a complete set of penetration toolkit.
In the concealed compartment of the right shoe, she was able to store a TP-Link wireless router equipped with a built-in rechargeable battery that allows the router to be left operational inside the shoe for obvious hacking purposes like Wi-Fi sniffing or logging. The router can also be removed from the shoe and plugged-in to an open network jack to gain a remote access to the local area network (LAN) using SSH tunnel.
In the left shoe’s hidden compartment, she stored a number of tools. Including a USB keystroke recorder with a built-in memory that can be plugged-in to a targeted computer system to capture everything typed on the keyboard, a retractable Ethernet cable for the wireless router, a shim tool to open padlocks, and a simple lock picking set to gain access to file drawers or cabinets.
The hacker also posted some details about the router she used. It is a TP-Link TL-MR10U, which can be flashed to install OpenWRT firmware. Once it is flashed, you can easily run customized versions of various compatible software including Wispi, Jasager or Karma that allows you to set up a fake phishing login page to capture login credentials of the targeted employees.
“Installing OpenWRT on the TL-MR10U is just like upgrading the firmware on any router. It’s two links and a button- nothing to it. There’s a lot of different software you can run once you have OpenWRT flashed. This router may-or-may-not be running a custom version of Wispi for the TP-Link TL-MR10U because if it was it would probably be illegal in China so maybe its not. But if it was I could run Jasager/Karma which lets you can fake being a friendly/known wifi access point and setup a fake login page to capture passwords, among other cool tricks.”
The idea to integrate a penetration-testing toolkit into a shoe came into her mind when she thought about penetration testing on a corporate facility. But there were several limitations because usually, the giant corporations don’t even allow their guests to take a cell phone into the secure building. So she decided to design high-heeled shoes with concealed compartments while her typical outfit doesn’t leave much room to hide anything, making her look less suspicious to the security guards.
“My typical clothing does not leave room to hide anything- but that’s all the more reason they would not be suspicious of me.”
SexyCyborg has even released the source files and blueprints for downloading for those hackers who are interested in 3D printing the shoes for themselves. She also added that the shoes are printed at 0.3mm so the layers are a little rough but heels are robust and safe enough to wear.
Report typos and corrections to [email protected]