My weapon of choice

-
As you may already know, I already have a particular setup in mind for experimenting. I'll tell you what are my weapons of choice and explain why I picked them. Let's get right into it.

Why did I choose the Raspberry Pi 3 Model B+?

I'm a big fan of the Raspberry Pi computers. From the day I worked on a Pi Zero for a project, I love this platform. In short, it's cheap, compact, versatile and can be customized to unimaginable extents.
The Pi 3 is a credit-card sized computer, consisting of just processors and ports on top of a circuit. The processor uses an AMD architecture. Storage is managed by a microSD card and there's 1GB of RAM. As for connections, there are 4 USB ports, an HDMI port, an 3.5mm audio jack, a microUSB port for power, and a very interesting 40-pin connector to attach various elements (like a camera). I've annotated the below image (from Google) so you can have a better idea of the Pi. Click on it to enlarge it:
You might ask yourself, how does a Pi work? How do you control it? The Pi does not have an operating system out of the box: you need to install one on the SD card you'll insert in it. The Raspberry Foundation surely has their own OS, called Raspbian, but that's not what an ethical hacker would like. Instead, we can use the very interesting AMD version of Kali Linux from Offensive Security -- my personal choice -- or Parrot OS, BackBox, Pentoo Linux, DEFT Linux and so on. All of these are pentesting-oriented operating systems, built with cyber security experts and ethical hackers in mind. Some come with pre-installed tools, like Kali, while others require you to download them. Some also work without any additional plugins.

Most operating systems are interacted with via a terminal. This is where the USB ports come in: you use them to connect a keyboard and optionally a mouse to provide input. As you also need to see what's happening with our Pi, we can connect it to a monitor via the HDMI port. However, as mobility is very important to me, I'll be using a different setup: communicating wirelessly with the Pi via SSH (Secure Shell) from my phone or laptop. As you'll see in another post coming soon, this setup will prove to be way more efficient and adapted to my uses.

This is not what a final field-ready setup looks like. We still need a few more components, like a packet-injection capable wifi adapter and a battery, for example. I'll be writing a detailed list of minimum requirements for an operational Raspberry Pi-based setup. You can subscribe via email or follow me on Twitter if you want to know about my future posts. See you soon.

Comments

Post a Comment

Share your thoughts! Leave a comment here

Popular posts from this blog

Pixie-Dust Wifi Attack: Theory & Practice

-
Image
In the series of wifi hacking, I have already covered WPA handshake capture and social engineering . In this post I present to you yet another attack using a novel approach for gaining access to a network: it is based on the WPS protocol and is known as the Pixie-Dust attack. You will find a step-by-step guide after a short explanation of the theory behind the security flaw hereby discussed.
Read more

How to capture a WPA handshake

-
Image
There are different methods for getting unauthorized access to a Wifi network. I will try to cover several ones, but in this post I will focus on capturing a WPA handshake for a subsequent dictionary or brute-force attack. Requirements Before getting started make sure you have the following: Raspberry Pi 3 running Kali Linux ( tutorial here ) Monitor-mode and Packet-injection capable wifi adapter PC Decent internet connection We'll be using the wifi adapter with the Raspberry Pi, controlling them with a PC via VNC ( tutorial here ). What is a WPA handshake? In simple words, a WPA handshake is used to authenticate a user with an AP (Access Point). To illustrate things, think of it as a literal handshake: if the client presents his hand but the AP doesn't, the handshake can't happen and authentication thus fails. Because the engineering behind a WPA handshake is not the main purpose of this guide, let's dive into our work. Discovering the target AP Th
Read more

Getting started in scripting

-
Image
Perhaps the most important skill a hacker should master is programming. This is what makes the true difference between "hackers" and "script kiddies". The latter lacks the knowledge to write his own script: he rather uses programs made by others to attack his target. In contrast, a worthy hacker builds his own program tailored to his needs in order to exploit a specific vulnerability. Does that mean that a hacker never uses material written by others? Of course not. As most of the exploits (i.e. scripts that exploit a flaw) written by/for the Linux community are open-source, hackers often reverse-engineer these programs to understand how they work and potentially modify them to suit their own needs. What's more, when building his own script, a hacker very often integrates some tool from a fellow hacker. This is precisely how malware evolves on a daily basis: a programmer uses his know-how to combine multiple exploits in an effective way. Writing your firs
Read more