Book Image

Penetration Testing with Raspberry Pi - Second Edition

By : Michael McPhee, Jason Beltrame
Book Image

Penetration Testing with Raspberry Pi - Second Edition

By: Michael McPhee, Jason Beltrame

Overview of this book

This book will show you how to utilize the latest credit card sized Raspberry Pi 3 and create a portable, low-cost hacking tool using Kali Linux 2. You’ll begin by installing and tuning Kali Linux 2 on Raspberry Pi 3 and then get started with penetration testing. You will be exposed to various network security scenarios such as wireless security, scanning network packets in order to detect any issues in the network, and capturing sensitive data. You will also learn how to plan and perform various attacks such as man-in-the-middle, password cracking, bypassing SSL encryption, compromising systems using various toolkits, and many more. Finally, you’ll see how to bypass security defenses and avoid detection, turn your Pi 3 into a honeypot, and develop a command and control system to manage a remotely-placed Raspberry Pi 3. By the end of this book you will be able to turn Raspberry Pi 3 into a hacking arsenal to leverage the most popular open source toolkit, Kali Linux 2.0.

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with Raspberry Pi - Second Edition
Michael McPhee | Jason Beltrame
Nov, 2016 | 316 pages
No titles found
Table of Contents (13 chapters)
Penetration Testing with Raspberry Pi - Second Edition
Penetration Testing with Raspberry Pi - Second Edition
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Choosing a Pen Test Platform
Choosing a Pen Test Platform
Hardware options and why the Pi
Software option and why Kali
Purchasing a Raspberry Pi
Assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and the Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
Summary
2
Preparing for Battle
Preparing for Battle
The Command and Control server
Preparing for a penetration test
Setting up the SSH service
SSH default keys and management
Reverse shell through SSH
SSL tunnelling
Using the GUI
Overclocking
Setting up the wireless interface
Setting up the Bluetooth interface
Setting up a 3G or 4G modem
Wrapping it up with an example
3
Planning the Attack
Planning the Attack
Understanding the Cyber or Intrusion Kill Chain
Preparing for the penetration test
Common tools for web, wired, and wireless attacks
Mapping our tools to the Penetration test Kill Chain
Summary
4
Explore the Target - Recon and Weaponize
Explore the Target - Recon and Weaponize
Prospecting the target
Network scanning
Seeing and cracking Wi-Fi
Capturing and cracking passwords
Getting data to the Pi
Wireshark
dsniff
Firewalk
Web application hacks
Driftnet
Summary
5
Taking Action - Intrude and Exploit
Taking Action - Intrude and Exploit
Using the Metasploit framework to exploit targets
Social engineering
Executing man-in-the-middle attacks
Rogue Access honeypot (revising and re-shooting)
Bluetooth testing
Summary
6
Finishing the Attack - Report and Withdraw
Finishing the Attack - Report and Withdraw
Covering our tracks
Masking our network footprint
Developing reports
Moving data
Summary
7
Alternative Pi Projects
Alternative Pi Projects
Diving into PwnPi
Discovering Raspberry Pwn
Investigating PwnBerry Pi
Defending your network
Running Raspberry Pi on your PC with QEMU emulator
Running Windows 10 on Raspberry Pi 3
Other popular use cases for the Raspberry Pi
Summary

Summary

In this chapter, we introduced a lot of tools that can be useful in your early penetration testing practice. As you hone your own strategies, you will certainly replace some of these tools with favorites of your own, tools that better fit with your workflow. As with the penetration test itself, your own practice and toolset will demand practice and patience to ensure you have a clear vision of where you want to use what tools. Online resources abound, and we have tried to provide those resources wherever possible in the preceding sections.

As we progress through the next few chapters, many of these tools will show off just how useful they are in other phases. We'll try to eliminate any redundant discussion, but that should not diminish their importance throughout. As you are practicing your trade, keep repeating your tests and trying out all of the options you can - this is a fun vocation, but this practice and preparation will be what separates the better penetration testers from...

Previous Section
End of Chapter 4
Next Chapter