Penetration Testing with Raspberry Pi
Format: PDF / Kindle (mobi) / ePub
Construct a hacking arsenal for penetration testers or hacking enthusiasts using Kali Linux on a Raspberry Pi
About This Book
- Learn how to turn a Raspberry Pi into a Kali Linux hacking toolkit for onsite, physical, and remote penetration testing
- Understand the capabilities, limitations, and features of Kali Linux on Raspberry Pi
- Build and develop methodologies ideal for Raspberry Pi penetration testing using real-world cases
Who This Book Is For
If you are looking for a low budget, small form-factor remotely accessible hacking tool, then the concepts in this book are ideal for you. If you are a penetration tester who wants to save on travel costs by placing a low-cost node on a target network, you will save thousands by using the methods covered in this book. You do not have to be a skilled hacker or programmer to use this book. It will be beneficial to have some networking experience; however, it is not required to follow the concepts covered in this book.
What You Will Learn
- Install and tune Kali Linux on a Raspberry Pi for hacking
- Use a Raspberry Pi for pentests such as breaking wireless security, scanning networks, and capturing sensitive data
- Perform man-in-the-middle attacks and bypass SSL encryption
- Compromise systems using various exploits and toolkits
- Bypass security defenses and remove data off a target network
- Develop a command and control system to manage remotely placed Raspberry Pis
- Turn a Raspberry Pi into a honeypot to capture sensitive information
- Grasp professional penetration testing through proper documentation
The Raspberry Pi is a low-cost credit-card sized computing system that can be customized for just about anything including penetration testing. Raspberry Pi is the best known platform not because it is cheap but because it is very powerful. Kali is a pentesting/security auditing Linux distribution. Kali Linux has many penetration-testing programs, including nmap (a port scanner), Wireshark (a packet analyzer), John the Ripper (a password cracker), Aircrack-ng (a software suite for the penetration-testing of wireless LANs), and Burp suite and OWASP ZAP (both web application security scanners).
This book covers how to turn a Raspberry Pi into a hacking arsenal to leverage the most popular open source toolkit, Kali Linux. You will learn how to use various tools to breach networks and steal data.
will still be visible when you use the right tools. This section will cover how to bypass wireless onboarding defenses so that you can access a target's Wi-Fi network and perform the penetration testing steps described in this book. [ 54 ] Chapter 3 Looking at a Raspberry Pi with Kali Linux, one of the use cases is hiding the system inside or near a target's network and launching wireless attacks remotely. The goal will be to enable the Raspberry Pi to access the network wirelessly and
as automatically monitoring a directory for captures and then using FTP to automate an upload. You may even want to change the upload directory. Tcpdump and files exported from a Raspberry Pi containing tons of captured packet data might be difficult to view as well as organize. A more popular approach of working with such data is using the industry standard GUI-based network analyzer Wireshark for this purpose. Let's look at how that application works. We found that Wireshark requires more
have to run Wireshark from a Raspberry pi, TShark is the best option. Consider TShark as an alternative to using tcpdump for capturing packets. To run TShark, simply type tshark in a command-line terminal and it will select an available interface. You can also manually select the interface to capture by using tshark eth0 to select the eth0 port. The following screenshot shows tshark doing a basic capture: You will most probably want to capture data to a file so that you can export it to your C&C
backdoor application. The topic of creating payloads, encoding them to bypass security defenses, and wrapping payloads with trusted executable files was covered earlier in this chapter under the Metasploit section. [ 107 ] Raspberry Pi Attacks The first step to launch this attack is to go to the Commands tab in the BeEF admin console: From there, click on the Social Engineering folder and find the Clippy attack: You will notice that the default settings for the Clippy attack are built-in.
configuration options. The following screenshot shows the second menu: [ 182 ] Chapter 6 The first thing you will want to do once PiPlay is up is look for updates. You do this by clicking the large arrows in the menu to the third screen that shows the Update PiPlay option. You must be online to do this so you can either plug in a Ethernet cable, or use the Setup Wireless button to establish a wireless connection prior to looking for updates. If you are online, you will see your IP address in