Skip to main content

DIY Red Team Tools - Under Door Tool

I keep hand written notes on everything I find that is useful. This is part of a series of blog posts on making your own DIY red team tools from my notes. Obviously you should only use these tools where you are allowed to use these tools, and you should take care when making or using any tools. These are just my notes on what worked for me, your mileage may very, etc.

Under Door Tool

The under door tool is useful when you are on the wrong side of a door that has a door handle which unlocks it. These doors open so easily to allow people to escape in case of a fire and a power outage. Examples of these doors are found throughout commercial properties but are not normally found in domestic properties. The doors tend to look something like this.


The under door tool can easily bypass doors in under a minute, but they are bulky to carry and can be hard to source locally. A commercial UDT is likely to cost about £60.00 shipped, but an improvised one could easily be made for less than £10.00 in materials.

You are going to need:

Materials:

1800mm of 4mm steel

1500mm of 50lbs kevlar cord (or similar)

 35mm diameter ring (or similar)

The cord can be any strong cord of about 1mm diameter. An inner strand of 550 paracord will work.

Tools:

A way of bending the steel: a pipe bender, tubing to act as a handle, or be really strong and use pliers.... 

Blowtorch or gas stove.

Metal file.

Metal saw (optional)

Method

Hack saw or file the steel to length.

Bend to shape.

Round the working end and put a 20' bend about 2cm from the working end. This will be what stops the tool from sliding off the handle.

About 10cm from the working end create a 90' bend in the same direction as the first bend. Do this slowly, there is not need for this to be a tight bend. Bending round something with a 20-50mm diameter will help with this.

At the other end, create a "handle" that is about 150mm long.

About 150mm from the handle create a large curve bending round about 120% around a circle of about 200mm in diameter.

Heat treat bends. (optional)

Heat treat everything once it is has been shaped to help it hold it's shape. You don't need to do this if you are only using the tool a couple of times but if you plan to reuse it a bunch, then it's really recommended.

Heat treating can be done by heating with a blowtorch or over a stove until cherry red and then quenching in cold water. Repeat three times.

Add the large bend in the main shaft and the slight back bend about 100mm from the top of the shaft. This is how you adjust the height of the tool to match the door you are attacking.

Attach cord.

Use the file to put two notches in the working end to hold the cord. One should be 5-10mm from the rounded end, and the other should be about 20mm from the working end.

Attach the cord and the ring. I recommend using a snell knot, but any knot that works will do.



This is a picture of the finished under door tool.


The under door tool can be bend round to fit into a large backpack.

Usage

Here is a better video than I could make about how to use the UDT.

 

If there isn't enough of a gap under the door to use the UDT, an airwedge can usually lift most doors enough to allow the tool to work.



Comments

Post a Comment

Popular posts from this blog

Snagging creds with Raspberry Pi Zero and Responder

So this is not all my own original work. This is a bringing together of the ethernet gadget tutorial by lady ada at adafruit and the beautiful work by Mubix at room362 which uses Laurent Gaffie's from SpiderLabs responder.py scripts. I'm still using Mubix's recipe of USB Ethernet + DHCP + Responder == Creds but here we are using a £4.00 Raspberry Pi Zero instead of the USB armoury or the HAK5 LAN turtle. Both are awesome products. Please note that this only works on the RPi Zero. Other RPi's will not work!   1.0 Setup the the RPi Zero for Ethernet over USB Download and install the latest Jessie Lite from here onto an SD Card. Pop the card out of the card reader and re-insert it to mount it. Take your favorite text editor and edit the following two files in the boot partition. config.txt Go to the bottom and add dtoverlay=dwc2 as the last line: Save the config.txt file. cmdline.txt After rootwait (the last word on the first line) add a spa
3 comments
Read more

Munging Passwords

Password munging is the art of changing a word that is easy to remember until it becomes a strong password. This is how most people make up passwords. Munge stands for M odify U ntil N ot G uessed E asily. The trouble is that it doesn't work very well. We can guess the modifications. Password selection. Take the average office worker that is told that it's time to change their password and come up with a new one. They have just been on holiday to New York with their family and so following common advice they choose that as their password. newyork No! They are told they must include capital letters NewYork No! They are told they must include numbers N3wY0rk No! They are told they must include a special character N3wY0rk! There, now that's a password that meets security requirements and our office worker can get on with their actual job instead of playing with passwords. Scripting similar munges There are a number of ways that they could munge the
Post a Comment
Read more

Anatomy of a phishing campaign

This is the story of a phishing email that came across my desk. It's good to take a look at what the bad guys are doing sometimes. It's often not rocket science but it's handy to keep an eye on the simple techniques used. And if this isn't your day job you probably don't get forwarded a huge number of phishing emails, malware to analyse or dodgy sites to investigate. In fact hopefully you do your best to avoid all of those things. The Attack Chain So this particular phishing campaign started as many others do with a simple phishing email. It's not an aggressive email, it's not selling itself too hard, no spelling mistakes, no funny looking URLs and it's pretty simple. There's only one link to click on. Just a quick note here about clicking on links in nefarious emails. Don't do it unless you are ready to. This link could trigger some malware, it could be unique to the targeted email (so the attacker knows the email address is valid
Post a Comment
Read more