Hacker Handle

It is possible to obtain a Wifi password without the need for a powerful processor or a lengthy brute-force attack. Do you know how thieves steal cars and jewelry? They can also steal your password in a comparable manner: this is what will be described in this post. Meet social engineering, a fancy designation for "phishing". This type of attack is commonly used for stealing sensitive data, such as credit card details or account credentials. The popularity and spread of this method come down to one single characteristic: ease of use. Perpetrators don't need any background knowledge in coding, cyber security, or computer science, and the technique doesn't require advanced hardware. Today's attack is the art of fooling the user into thinking you're the legitimate manufacturer of his router: you then pretend that a firmware update is required and prompt the user for his password. You thus gain access to the Wifi network effortlessly, without using any brute-fo

The Raspberry Pi is an ideally versatile platform for pentesting, as you would have guessed by reading my previous posts since it is my device of choice. I wrote about several attacks performed with Kali Linux running on a Pi 3, but I didn't mention the different setups possible: lab or headless. The lab setup This is the config you have probably used while installing Kali Linux on the Pi. Here, you are interacting with the Pi directly and not through an intermediate device (more on that later): this is why you need to use a keyboard, mouse and monitor connected to the USB and HDMI ports respectively. The Pi is powered with a 5V/2A adapter plugged in a wall socket. I made a diagram to illustrate the setup: Fig.1 - Lab setup (click to enlarge) This is called a "lab" setup for two reasons. First, it is meant to be rather permanent, in a fixed place, rather than portable. Second, this is usually the "laboratory" of the pentester, where he searches for new