Raspberry Pi Setup: Lab vs Headless

-
The Raspberry Pi is an ideally versatile platform for pentesting, as you would have guessed by reading my previous posts since it is my device of choice. I wrote about several attacks performed with Kali Linux running on a Pi 3, but I didn't mention the different setups possible: lab or headless.

The lab setup

This is the config you have probably used while installing Kali Linux on the Pi. Here, you are interacting with the Pi directly and not through an intermediate device (more on that later): this is why you need to use a keyboard, mouse and monitor connected to the USB and HDMI ports respectively. The Pi is powered with a 5V/2A adapter plugged in a wall socket. I made a diagram to illustrate the setup:
Fig.1 - Lab setup (click to enlarge)

This is called a "lab" setup for two reasons. First, it is meant to be rather permanent, in a fixed place, rather than portable. Second, this is usually the "laboratory" of the pentester, where he searches for new vulnerabilities and exploits them to make assessments and reports. However, this does not mean that the lab config cannot be used on the ground: professional-level pentesters or hackers will often scout a secluded location near their target to install their equipment for the duration of the attack, using a lab setup, to allow for more powerful antennas or processing power.

The lab setup provides a virtually infinite power source and allows for a comfortable experience with a keyboard and a monitor as big as needed. However, the major drawback is obviously its lack of mobility. It is not suitable for on-the-go jobs.

The headless setup

This setup is used when you need to be on the move. Here, the Pi is not physically connected to an external monitor, which is why it's referred to as a "headless Pi". Instead, it is connected to a Wifi network belonging to the pentester and accessed through this network via SSH or VNC. In this case, the behavior of the Pi becomes similar to that of a virtual machine installed on your laptop. Below is a diagram showcasing the setup:
Fig.2 - Headless setup (click to enlarge)

Legend:
  1. Raspberry Pi Model 2 or later running Kali Linux
  2. Power bank
  3. Monitor-mode & packet-injection capable USB Wifi adapter
  4. Integrated Wifi modem of the Pi
  5. Router or mobile hotspot (pentester's network)
  6. Pentester's device (laptop, tablet or mobile phone)
The headless setup offers unparalleled mobility and ensures discretion, especially when using a mobile phone: no questions will be raised if you're walking in the street with a backpack and a smartphone in your hand, when in fact you could be mapping the networks in your target's area to prepare for the attack. However, because the Pi is powered through a portable battery, the time of operation will be limited to a maximum of a few hours. The use of advanced antennas is also more difficult when on the move, due to their considerable size and power consumption. Finally, there is still the need to create your own Wifi network, which is inconvenient if you don't have access to a mobile hotspot using cellular data.

A good pentester will need both the lab and headless setups to operate, which is why it's important to be familiar with each of the components used in the configs.

Comments

Post a Comment

Share your thoughts! Leave a comment here

Popular posts from this blog

Pixie-Dust Wifi Attack: Theory & Practice

-
Image
In the series of wifi hacking, I have already covered WPA handshake capture and social engineering . In this post I present to you yet another attack using a novel approach for gaining access to a network: it is based on the WPS protocol and is known as the Pixie-Dust attack. You will find a step-by-step guide after a short explanation of the theory behind the security flaw hereby discussed.
Read more

Getting started in scripting

-
Image
Perhaps the most important skill a hacker should master is programming. This is what makes the true difference between "hackers" and "script kiddies". The latter lacks the knowledge to write his own script: he rather uses programs made by others to attack his target. In contrast, a worthy hacker builds his own program tailored to his needs in order to exploit a specific vulnerability. Does that mean that a hacker never uses material written by others? Of course not. As most of the exploits (i.e. scripts that exploit a flaw) written by/for the Linux community are open-source, hackers often reverse-engineer these programs to understand how they work and potentially modify them to suit their own needs. What's more, when building his own script, a hacker very often integrates some tool from a fellow hacker. This is precisely how malware evolves on a daily basis: a programmer uses his know-how to combine multiple exploits in an effective way. Writing your firs
Read more

How to capture a WPA handshake

-
Image
There are different methods for getting unauthorized access to a Wifi network. I will try to cover several ones, but in this post I will focus on capturing a WPA handshake for a subsequent dictionary or brute-force attack. Requirements Before getting started make sure you have the following: Raspberry Pi 3 running Kali Linux ( tutorial here ) Monitor-mode and Packet-injection capable wifi adapter PC Decent internet connection We'll be using the wifi adapter with the Raspberry Pi, controlling them with a PC via VNC ( tutorial here ). What is a WPA handshake? In simple words, a WPA handshake is used to authenticate a user with an AP (Access Point). To illustrate things, think of it as a literal handshake: if the client presents his hand but the AP doesn't, the handshake can't happen and authentication thus fails. Because the engineering behind a WPA handshake is not the main purpose of this guide, let's dive into our work. Discovering the target AP Th
Read more