The Hackers Lab - Rpi edition

VVid0w · 2017-02-20 00:17:08 UTC

Intro to the Hackers lab

A new series about hacker hardware coming to a computer near you!

Hello there 0x00sec! I’m going to be starting a new series based off of my EDC bag post and a suggestion from @ricksanchez that I should do something like this.

To start things off, I’ll be discussing the Raspberry Pi. It’s something that I feel every self-labeled hacker should own and use frequently.

What is a Raspberry Pi!?

First of all, it’s certainly not something you eat…

A raspberry pi (henceforth known as Rpi) is a “credit-card-sized mini-computer that plugs into your T.V. and keyboard.” In other words, it’s a computer you can fit in the palm of your hand and in your pocket or even hide somewhere within a target building (more on that later).

Okay cool, but what can I do with it?

Well, nearly anything that a full sized computer can do!
You can turn it into an emulator platform for your favorite retro games, you can build an Rpi Laptop, media server, or your very own mesh net.

Geared more toward our mentality however, you can use it to create a pentesting drop-box with pwnpi or kali linux ARM. This is what we will be focusing on today.

A pentesting drop-box? HOW?!

Well, essentially, you just do some hardware mods, install kali (or pwnpi) on it, drop it in a hidden location, (might I suggest a Pringles can wrapped in matte-black tape?) connect to it via NetCat or SSH and hack away.

That’s all for today folks. I’ll leave you a few things to think on…

This can be lifted by a drone. Any ideas on this one?
It’s portable and can fit in your pocket while it’s on.
What other things do you think this could be used for in a hacker environment?

oaktree · 2017-02-20 00:25:57 UTC

I have mine set up so that it automatically gets some static IPs on my LAN and I fire it up when I need a little server.

_k_h · 2017-02-20 06:51:06 UTC

You can find many guides to build one. It will be usefull for war driving, SE , and some other tasks
Battery is the thing which stop you from doing this , i have made a portable one and it run smoothly till i dont try to compute hashes on it

but i dont think its nessesary it runs on DC supply of any mobioe charger (yes, even that old nokia phone in your basement ) and a inverter will not be more than a size of battry.
anywhere where you need a hardware backdoor, i once stick it on a RC car and it found to be a very good decision.

pry0cc · 2017-02-20 07:50:43 UTC

I’d like to make an eviltwin Pi, and have it hooked up to a drone (or even a balloon?) And fly it over areas with free WiFi. Have it automatically evil twin the strongest open WiFi network.

That would be dope.

ricksanchez · 2017-02-20 14:16:57 UTC

@VVid0w thanks for mentioning me haha

Do you mind if we do a collab? I’d join on writing articles on hardware pieces

VVid0w · 2017-02-20 15:18:26 UTC

@ricksanchez Absolutely! It sounds like a great idea!

pry0cc · 2017-03-01 20:35:58 UTC

This is where a better love story than twilight was formed

ricksanchez · 2017-03-01 20:48:05 UTC

lol I need to get my exams done so theres room for exploring and testing as well as expending my lab!

Valkyr · 2017-03-13 18:24:42 UTC

Hey guys, I recently got myself a pi, and downloaded kali arm on it.

I decided to make the r-pi behave like a wireless access point, with later the option to mitm it, analog to this guide. That way i can plug it in with an eternet cable at work (Ethernet cable -> pi -> my phone -> internet).

i didn’t have the chance to simulate a company network, so forgive me my lack of knowledge (its on my to do list). Would the sysadmin fail to see what pages i visit etc, if i use a vpn ?

pry0cc · 2017-03-13 22:00:34 UTC

I am not 100% clear how it is connected up. [quote=“Valkyr, post:9, topic:1671”]
I decided to make the r-pi behave like a wireless access point,
[/quote]

You’re running a hostapd type deal on the pi? The Pi is making a wifi network.

Not really sure what you mean by “mitm it”.[quote=“Valkyr, post:9, topic:1671”]
(Ethernet cable -> pi -> my phone -> internet).
[/quote]

So work network <-----> Pi <------> Phone <-----> Internet (via cell connection?)

I am lost as to how or why this works?

Valkyr · 2017-03-13 22:11:43 UTC

sry ill clear it out

i run hostapd and dnsmasq. I use the wireless card of the pi as mobile accesspoint. Basically i take inbound traffic from eth0 and host it on wlan0.

I connect to the wirless AP with my phone. If i connect trough my vpn, what will be seen by the ppl with a server on what eth0 is connected ?

mitm = man in the middle, but its not important at this stage.

pry0cc · 2017-03-13 22:39:07 UTC

The ‘server ppl’ will just see VPN traffic. The tunnel will go from the device the VPN is configured on, all the way to the VPN server.

DamaneDz · 2017-06-08 13:21:34 UTC

For Battery Life We Can Always Use The Solar Charger

OR

Phoenix750 · 2017-06-08 15:32:10 UTC

I tried this once but my tiny ass drone couldn’t lift it (it was a cheap 30$ one anyway). But definitely possible.

Valkyr · 2017-06-08 15:34:00 UTC

there were 60$ ones in aldi last week.You might be able to order them still if you want

Phoenix750 · 2017-06-08 15:36:51 UTC

Nice to hear, but can they lift a Pi?

EDIT: I looked at their website, the offer is gone

pry0cc · 2017-06-08 17:12:22 UTC

You guys have Aldi too!? Somebody needs to review that…

ricksanchez · 2017-06-08 17:15:56 UTC

Bro Aldi is everywhere

VVid0w · 2017-06-09 15:01:36 UTC

Neat idea but going on a kind of “007” way of thinking, I don’t think that’s too feasible. I’d want to put the pi in a small enclosed space. Perhaps wire it into some power source that’s already within the room like a clock or something.

Unfortunately, those spaces would almost certainly be without sunlight.

EDIT: I too have an Aldi about two towns over lol.

pry0cc · 2017-06-09 16:23:25 UTC

I think it would be cool to make our own version of the hak5 LAN turtle. This is way less conspicuous than a Pi.