The Hackers Lab - Rpi edition

raspberrypi
hardware

([email protected] [email protected]) #1

Intro to the Hackers lab

A new series about hacker hardware coming to a computer near you!

Hello there 0x00sec! I’m going to be starting a new series based off of my EDC bag post and a suggestion from @ricksanchez that I should do something like this.

To start things off, I’ll be discussing the Raspberry Pi. It’s something that I feel every self-labeled hacker should own and use frequently.


What is a Raspberry Pi!?

First of all, it’s certainly not something you eat…

A raspberry pi (henceforth known as Rpi) is a “credit-card-sized mini-computer that plugs into your T.V. and keyboard.” In other words, it’s a computer you can fit in the palm of your hand and in your pocket or even hide somewhere within a target building (more on that later).



Okay cool, but what can I do with it?

Well, nearly anything that a full sized computer can do!
You can turn it into an emulator platform for your favorite retro games, you can build an Rpi Laptop, media server, or your very own mesh net.

Geared more toward our mentality however, you can use it to create a pentesting drop-box with pwnpi or kali linux ARM. This is what we will be focusing on today.

A pentesting drop-box? HOW?!

Well, essentially, you just do some hardware mods, install kali (or pwnpi) on it, drop it in a hidden location, (might I suggest a Pringles can wrapped in matte-black tape?) connect to it via NetCat or SSH and hack away.


That’s all for today folks. I’ll leave you a few things to think on…

  1. This can be lifted by a drone. Any ideas on this one?

  2. It’s portable and can fit in your pocket while it’s on.

  3. What other things do you think this could be used for in a hacker environment?


The Hackers Lab - Bus Pirate
(oaktree) #2

I have mine set up so that it automatically gets some static IPs on my LAN and I fire it up when I need a little server.


( X2tf) #3
  1. You can find many guides to build one. It will be usefull for war driving, SE , and some other tasks

  2. Battery is the thing which stop you from doing this , i have made a portable one and it run smoothly till i dont try to compute hashes on it :wink:

    but i dont think its nessesary it runs on DC supply of any mobioe charger (yes, even that old nokia phone in your basement ) and a inverter will not be more than a size of battry.

  3. anywhere where you need a hardware backdoor, i once stick it on a RC car and it found to be a very good decision. :slight_smile:


(Command-Line Ninja) #4

I’d like to make an eviltwin Pi, and have it hooked up to a drone (or even a balloon?) And fly it over areas with free WiFi. Have it automatically evil twin the strongest open WiFi network.

That would be dope.


#5

@VVid0w thanks for mentioning me haha :smiley:

Do you mind if we do a collab? I’d join on writing articles on hardware pieces


([email protected] [email protected]) #6

@ricksanchez Absolutely! It sounds like a great idea!


(Command-Line Ninja) #7

This is where a better love story than twilight was formed :stuck_out_tongue:


#8

lol :smiley: :smiley: I need to get my exams done so theres room for exploring and testing as well as expending my lab!


#9

Hey guys, I recently got myself a pi, and downloaded kali arm on it.

I decided to make the r-pi behave like a wireless access point, with later the option to mitm it, analog to this guide. That way i can plug it in with an eternet cable at work (Ethernet cable -> pi -> my phone -> internet).

i didn’t have the chance to simulate a company network, so forgive me my lack of knowledge (its on my to do list). Would the sysadmin fail to see what pages i visit etc, if i use a vpn ?


(Command-Line Ninja) #10

I am not 100% clear how it is connected up. [quote=“Valkyr, post:9, topic:1671”]
I decided to make the r-pi behave like a wireless access point,
[/quote]

You’re running a hostapd type deal on the pi? The Pi is making a wifi network.

Not really sure what you mean by “mitm it”.[quote=“Valkyr, post:9, topic:1671”]
(Ethernet cable -> pi -> my phone -> internet).
[/quote]

So work network <-----> Pi <------> Phone <-----> Internet (via cell connection?)

I am lost as to how or why this works?


#11

sry ill clear it out

i run hostapd and dnsmasq. I use the wireless card of the pi as mobile accesspoint. Basically i take inbound traffic from eth0 and host it on wlan0.

I connect to the wirless AP with my phone. If i connect trough my vpn, what will be seen by the ppl with a server on what eth0 is connected ?

mitm = man in the middle, but its not important at this stage.


(Command-Line Ninja) #12

The ‘server ppl’ will just see VPN traffic. The tunnel will go from the device the VPN is configured on, all the way to the VPN server.


(DamaneDz) #13

For Battery Life We Can Always Use The Solar Charger

OR


(Hardware Bias!) #14

I tried this once but my tiny ass drone couldn’t lift it (it was a cheap 30$ one anyway). But definitely possible.


#15

there were 60$ ones in aldi last week.You might be able to order them still if you want


(Hardware Bias!) #16

Nice to hear, but can they lift a Pi?

EDIT: I looked at their website, the offer is gone :frowning:


(Command-Line Ninja) #17

You guys have Aldi too!? Somebody needs to review that…


#18

Bro Aldi is everywhere


([email protected] [email protected]) #19

Neat idea but going on a kind of “007” way of thinking, I don’t think that’s too feasible. I’d want to put the pi in a small enclosed space. Perhaps wire it into some power source that’s already within the room like a clock or something.

Unfortunately, those spaces would almost certainly be without sunlight.

EDIT: I too have an Aldi about two towns over lol.


(Command-Line Ninja) #20

I think it would be cool to make our own version of the hak5 LAN turtle. This is way less conspicuous than a Pi.