Book Image

Penetration Testing with Raspberry Pi - Second Edition

By : Michael McPhee, Jason Beltrame
Book Image

Penetration Testing with Raspberry Pi - Second Edition

By: Michael McPhee, Jason Beltrame

Overview of this book

This book will show you how to utilize the latest credit card sized Raspberry Pi 3 and create a portable, low-cost hacking tool using Kali Linux 2. You’ll begin by installing and tuning Kali Linux 2 on Raspberry Pi 3 and then get started with penetration testing. You will be exposed to various network security scenarios such as wireless security, scanning network packets in order to detect any issues in the network, and capturing sensitive data. You will also learn how to plan and perform various attacks such as man-in-the-middle, password cracking, bypassing SSL encryption, compromising systems using various toolkits, and many more. Finally, you’ll see how to bypass security defenses and avoid detection, turn your Pi 3 into a honeypot, and develop a command and control system to manage a remotely-placed Raspberry Pi 3. By the end of this book you will be able to turn Raspberry Pi 3 into a hacking arsenal to leverage the most popular open source toolkit, Kali Linux 2.0.

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with Raspberry Pi - Second Edition
Michael McPhee | Jason Beltrame
Nov, 2016 | 316 pages
No titles found
Table of Contents (13 chapters)
Penetration Testing with Raspberry Pi - Second Edition
Penetration Testing with Raspberry Pi - Second Edition
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Choosing a Pen Test Platform
Choosing a Pen Test Platform
Hardware options and why the Pi
Software option and why Kali
Purchasing a Raspberry Pi
Assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and the Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
Summary
2
Preparing for Battle
Preparing for Battle
The Command and Control server
Preparing for a penetration test
Setting up the SSH service
SSH default keys and management
Reverse shell through SSH
SSL tunnelling
Using the GUI
Overclocking
Setting up the wireless interface
Setting up the Bluetooth interface
Setting up a 3G or 4G modem
Wrapping it up with an example
3
Planning the Attack
Planning the Attack
Understanding the Cyber or Intrusion Kill Chain
Preparing for the penetration test
Common tools for web, wired, and wireless attacks
Mapping our tools to the Penetration test Kill Chain
Summary
4
Explore the Target - Recon and Weaponize
Explore the Target - Recon and Weaponize
Prospecting the target
Network scanning
Seeing and cracking Wi-Fi
Capturing and cracking passwords
Getting data to the Pi
Wireshark
dsniff
Firewalk
Web application hacks
Driftnet
Summary
5
Taking Action - Intrude and Exploit
Taking Action - Intrude and Exploit
Using the Metasploit framework to exploit targets
Social engineering
Executing man-in-the-middle attacks
Rogue Access honeypot (revising and re-shooting)
Bluetooth testing
Summary
6
Finishing the Attack - Report and Withdraw
Finishing the Attack - Report and Withdraw
Covering our tracks
Masking our network footprint
Developing reports
Moving data
Summary
7
Alternative Pi Projects
Alternative Pi Projects
Diving into PwnPi
Discovering Raspberry Pwn
Investigating PwnBerry Pi
Defending your network
Running Raspberry Pi on your PC with QEMU emulator
Running Windows 10 on Raspberry Pi 3
Other popular use cases for the Raspberry Pi
Summary

Summary

If we think about it, the primary objective of any penetration test is to get in, get out, and in the case of black box tests, do so unnoticed with all the information we need. The topics in this chapter are vital to any successful penetration test, and much like the earlier phases, we need to practice and plan. In this chapter, we focused on different ways to cover our tracks, such as using proxies and anonymous sites to hide our identity, as well as corrupting or destroying our machines to render them useless or destroy evidence. They all play an important role in making sure there are no breadcrumbs left behind.

Lastly, we focused on documentation. Developing reports allows us to document our findings for later use, and not have to repeat any of the other steps in the Kill Chain. We showed some good tools for harvesting and backhauling traffic to our friendly C&C server to help flesh out our report. From taking screenshots to moving files, understanding how to use these tools...

Previous Section
End of Chapter 6
Next Chapter