Book Image

Penetration Testing with Raspberry Pi - Second Edition

By : Michael McPhee, Jason Beltrame
Book Image

Penetration Testing with Raspberry Pi - Second Edition

By: Michael McPhee, Jason Beltrame

Overview of this book

This book will show you how to utilize the latest credit card sized Raspberry Pi 3 and create a portable, low-cost hacking tool using Kali Linux 2. You’ll begin by installing and tuning Kali Linux 2 on Raspberry Pi 3 and then get started with penetration testing. You will be exposed to various network security scenarios such as wireless security, scanning network packets in order to detect any issues in the network, and capturing sensitive data. You will also learn how to plan and perform various attacks such as man-in-the-middle, password cracking, bypassing SSL encryption, compromising systems using various toolkits, and many more. Finally, you’ll see how to bypass security defenses and avoid detection, turn your Pi 3 into a honeypot, and develop a command and control system to manage a remotely-placed Raspberry Pi 3. By the end of this book you will be able to turn Raspberry Pi 3 into a hacking arsenal to leverage the most popular open source toolkit, Kali Linux 2.0.

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with Raspberry Pi - Second Edition
Michael McPhee | Jason Beltrame
Nov, 2016 | 316 pages
No titles found
Table of Contents (13 chapters)
Penetration Testing with Raspberry Pi - Second Edition
Penetration Testing with Raspberry Pi - Second Edition
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Choosing a Pen Test Platform
Choosing a Pen Test Platform
Hardware options and why the Pi
Software option and why Kali
Purchasing a Raspberry Pi
Assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and the Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
Summary
2
Preparing for Battle
Preparing for Battle
The Command and Control server
Preparing for a penetration test
Setting up the SSH service
SSH default keys and management
Reverse shell through SSH
SSL tunnelling
Using the GUI
Overclocking
Setting up the wireless interface
Setting up the Bluetooth interface
Setting up a 3G or 4G modem
Wrapping it up with an example
3
Planning the Attack
Planning the Attack
Understanding the Cyber or Intrusion Kill Chain
Preparing for the penetration test
Common tools for web, wired, and wireless attacks
Mapping our tools to the Penetration test Kill Chain
Summary
4
Explore the Target - Recon and Weaponize
Explore the Target - Recon and Weaponize
Prospecting the target
Network scanning
Seeing and cracking Wi-Fi
Capturing and cracking passwords
Getting data to the Pi
Wireshark
dsniff
Firewalk
Web application hacks
Driftnet
Summary
5
Taking Action - Intrude and Exploit
Taking Action - Intrude and Exploit
Using the Metasploit framework to exploit targets
Social engineering
Executing man-in-the-middle attacks
Rogue Access honeypot (revising and re-shooting)
Bluetooth testing
Summary
6
Finishing the Attack - Report and Withdraw
Finishing the Attack - Report and Withdraw
Covering our tracks
Masking our network footprint
Developing reports
Moving data
Summary
7
Alternative Pi Projects
Alternative Pi Projects
Diving into PwnPi
Discovering Raspberry Pwn
Investigating PwnBerry Pi
Defending your network
Running Raspberry Pi on your PC with QEMU emulator
Running Windows 10 on Raspberry Pi 3
Other popular use cases for the Raspberry Pi
Summary

Moving data

Common sense tells us that if we compromise a system or network, at some point we will probably want to insert or remove data. That data can be large, which means it can take a while to send it over the network. This can be a problem if we only have limited time on the compromised system. Also, moving large files from a network can trigger security defenses such as the Data Loss Prevention (DLP) technology.

There are a multitude of ways to tackle this. Some testers will prefer setting up rsync, FTP, or Server Message Block (SMB) sharing between the Raspberry Pi and Kali to help automatically backhaul data stored in the designated directories. This also allows us to use rate limits or scheduled active times and avoid detection. In the event that this is not possible, or that a manual pull is desired (coordinating with disarming other security measures, and so on) the best path forward may be to compress and break files into smaller sizes to speed up the download/upload process...

Previous Section
End of Section 5
Next Section