Book Image

Penetration Testing with Raspberry Pi - Second Edition

By : Michael McPhee, Jason Beltrame
Book Image

Penetration Testing with Raspberry Pi - Second Edition

By: Michael McPhee, Jason Beltrame

Overview of this book

This book will show you how to utilize the latest credit card sized Raspberry Pi 3 and create a portable, low-cost hacking tool using Kali Linux 2. You’ll begin by installing and tuning Kali Linux 2 on Raspberry Pi 3 and then get started with penetration testing. You will be exposed to various network security scenarios such as wireless security, scanning network packets in order to detect any issues in the network, and capturing sensitive data. You will also learn how to plan and perform various attacks such as man-in-the-middle, password cracking, bypassing SSL encryption, compromising systems using various toolkits, and many more. Finally, you’ll see how to bypass security defenses and avoid detection, turn your Pi 3 into a honeypot, and develop a command and control system to manage a remotely-placed Raspberry Pi 3. By the end of this book you will be able to turn Raspberry Pi 3 into a hacking arsenal to leverage the most popular open source toolkit, Kali Linux 2.0.

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with Raspberry Pi - Second Edition
Michael McPhee | Jason Beltrame
Nov, 2016 | 316 pages
No titles found
Table of Contents (13 chapters)
Penetration Testing with Raspberry Pi - Second Edition
Penetration Testing with Raspberry Pi - Second Edition
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Choosing a Pen Test Platform
Choosing a Pen Test Platform
Hardware options and why the Pi
Software option and why Kali
Purchasing a Raspberry Pi
Assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and the Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
Summary
2
Preparing for Battle
Preparing for Battle
The Command and Control server
Preparing for a penetration test
Setting up the SSH service
SSH default keys and management
Reverse shell through SSH
SSL tunnelling
Using the GUI
Overclocking
Setting up the wireless interface
Setting up the Bluetooth interface
Setting up a 3G or 4G modem
Wrapping it up with an example
3
Planning the Attack
Planning the Attack
Understanding the Cyber or Intrusion Kill Chain
Preparing for the penetration test
Common tools for web, wired, and wireless attacks
Mapping our tools to the Penetration test Kill Chain
Summary
4
Explore the Target - Recon and Weaponize
Explore the Target - Recon and Weaponize
Prospecting the target
Network scanning
Seeing and cracking Wi-Fi
Capturing and cracking passwords
Getting data to the Pi
Wireshark
dsniff
Firewalk
Web application hacks
Driftnet
Summary
5
Taking Action - Intrude and Exploit
Taking Action - Intrude and Exploit
Using the Metasploit framework to exploit targets
Social engineering
Executing man-in-the-middle attacks
Rogue Access honeypot (revising and re-shooting)
Bluetooth testing
Summary
6
Finishing the Attack - Report and Withdraw
Finishing the Attack - Report and Withdraw
Covering our tracks
Masking our network footprint
Developing reports
Moving data
Summary
7
Alternative Pi Projects
Alternative Pi Projects
Diving into PwnPi
Discovering Raspberry Pwn
Investigating PwnBerry Pi
Defending your network
Running Raspberry Pi on your PC with QEMU emulator
Running Windows 10 on Raspberry Pi 3
Other popular use cases for the Raspberry Pi
Summary

Bluetooth testing

With the abundance of Bluetooth devices around today, and the lack of security for most of them, not only testing for the existence of Bluetooth devices within your network, but also investigating them, is a very important security function. Keep in mind that Bluetooth is a low power wireless technology, and therefore covers a short distance. Depending on the class rating of the Bluetooth, the distance will vary from 0.5 m (class 4) all the way to 100 m (class 1). So depending on the class and the distance from your Raspberry Pi, you may pick up some devices, but others may be out of reach. Some examples of device you may pick up include iWatches, hands-free ear pieces, and speakers just to name a few.

In this section, we are going to investigate some tools that you can use to not only scan for Bluetooth devices, but also investigate and potentially connect to. Bluetooth devices can not only be compromised, but also can be a very important vector that hackers can use to...

Previous Section
End of Section 6
Next Section