Book Image

Penetration Testing with Raspberry Pi - Second Edition

By : Michael McPhee, Jason Beltrame
Book Image

Penetration Testing with Raspberry Pi - Second Edition

By: Michael McPhee, Jason Beltrame

Overview of this book

This book will show you how to utilize the latest credit card sized Raspberry Pi 3 and create a portable, low-cost hacking tool using Kali Linux 2. You’ll begin by installing and tuning Kali Linux 2 on Raspberry Pi 3 and then get started with penetration testing. You will be exposed to various network security scenarios such as wireless security, scanning network packets in order to detect any issues in the network, and capturing sensitive data. You will also learn how to plan and perform various attacks such as man-in-the-middle, password cracking, bypassing SSL encryption, compromising systems using various toolkits, and many more. Finally, you’ll see how to bypass security defenses and avoid detection, turn your Pi 3 into a honeypot, and develop a command and control system to manage a remotely-placed Raspberry Pi 3. By the end of this book you will be able to turn Raspberry Pi 3 into a hacking arsenal to leverage the most popular open source toolkit, Kali Linux 2.0.
Table of Contents (13 chapters)
Penetration Testing with Raspberry Pi - Second Edition
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface

SSL tunnelling


Many administrators will have detection technologies such as IDS/IPS to detect and prevent open VPN connections. One method we can employ to get around this is levering an SSL tunneling package or proxy. While stunnel was used in the first edition of this book, we evaluated several alternatives, such as sslh, ncat, cryptcat, hitch, ptunnel, and nginx, should stunnel fail to meet our needs. While each of these grew out of different use cases (that is, server load balancing with HAProxy), with some effort all of them can create secure communication between a TCP client and server by hiding our covert payload inside another SSL (or other benign protocol's) envelope. Each package does so by using industry-standard crypto libraries such as OpenSSL or ping. What makes these tools useful to us is that they add varying levels of privacy and functionality to commonly used daemons and services without any changes in the program's code, giving us a lot of potential applications to hide...