Chromebook Breakout - Escaping Jail Using a Pico Ducky

Cite

DEF CON

Allee, Jimi (jimi2x)

Formal Metadata

Title

Chromebook Breakout - Escaping Jail Using a Pico Ducky

Title of Series

DEF CON 30

Number of Parts

Author

Allee, Jimi (jimi2x)

License

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/62215 (DOI)

Publisher

DEF CON

Release Date

2022

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Learn how we used our Pico Ducky to escape Chromebook jail, rescue our friends along the way, and have some fun Living Off the Land! Leveraging a discovered (but previously disclosed) Command Injection vulnerability in the ChromeOS crosh shell, we rabbithole into the internal ChromeOS Linux system, obtain persistence across reboots, and exfiltrate user data even before Developer Mode has been enabled. Learn how to provision and utilize local services in order to perform Privilege Escalations, and also create a 'Master Key' with the Pico Ducky and custom GTFO 1-liners, in order to perform a full Chromebook Breakout!