Book Image

Penetration Testing with Raspberry Pi - Second Edition

By : Michael McPhee, Jason Beltrame
Book Image

Penetration Testing with Raspberry Pi - Second Edition

By: Michael McPhee, Jason Beltrame

Overview of this book

This book will show you how to utilize the latest credit card sized Raspberry Pi 3 and create a portable, low-cost hacking tool using Kali Linux 2. You’ll begin by installing and tuning Kali Linux 2 on Raspberry Pi 3 and then get started with penetration testing. You will be exposed to various network security scenarios such as wireless security, scanning network packets in order to detect any issues in the network, and capturing sensitive data. You will also learn how to plan and perform various attacks such as man-in-the-middle, password cracking, bypassing SSL encryption, compromising systems using various toolkits, and many more. Finally, you’ll see how to bypass security defenses and avoid detection, turn your Pi 3 into a honeypot, and develop a command and control system to manage a remotely-placed Raspberry Pi 3. By the end of this book you will be able to turn Raspberry Pi 3 into a hacking arsenal to leverage the most popular open source toolkit, Kali Linux 2.0.
Table of Contents (13 chapters)
Penetration Testing with Raspberry Pi - Second Edition
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Preface

SSH default keys and management


A major security flaw in how systems are deployed is presented by the use of default or factory-installed keys and certificates. While these sorts of flaw are a boon for us as penetration testers, we need to ensure we do not fall victim to the same exploits that our targets may fall victim to by our hand. Linux distributions (as well as most any manufactured device) use factory keys by default. We must change our own key to ensure we do not become the prey to any investigator or adversary with forensics knowledge can and will access our data to determine who planted the Raspberry Pi. Let's not make it easy for them. We can do this by backing up the old keys and then establishing new ones as follows:

  1. We'll make a new directory and then move the old keys to it for storage:

    cd /etc/ssh
    mkdir backup_keys
    mv ssh_host_* backup_keys
    
  2. Then we can generate new keys for SSH and all dependent services by typing dpkg-reconfigure openssh-server, as seen in the following...