Penetration testing with the Raspberry Pi

PwnPi is a penetration testing distribution rolled up for the Raspberry Pi platform. This should come as no surprise to anyone. The RPi board has a beefy processor, it’s relatively low power, has the option of the on-board NIC or a USB WiFi dongle, and it already has Linux kernel and desktop sources available to start from.

Now we will admit we’re a bit disappointed from this tip. Don’t get us wrong, the distro looks like it’s well done, and we’re sure there are a lot of folks out there who will be happy to have these tools to help test their network security. But this is a software only hack and we were expecting to see a nice little covert package that could be plugged into an outlet (SheevaPlug style), or a battery-powered module that can be plugged into an Ethernet port and hidden away.

Now you know what we want, don’t forget to send in a link once you pull it off.

[Thanks Scott]

Comments

  1. Rob Thomas says:

    Seems the PwnPi site has been HackaDayed: very slow to load. My argument against a black box/hat approach with the Pi is that it is over kill. The WR703N is good enough, and cheaper (in case you lose it!). And it comes in a box!

  2. I won't do it says:

    Penetration testing…. just what are they attempting to penetrate … drum roll :)

  3. RobinJood says:

    Am I the only one fed up with seeing all these raspPi projects? Perhaps I’ve because I’ve been on every waiting list for these damned things for months and still don’t have one.

  4. Tweeks says:

    I just mine in the mail last night.. :)

    and I realized.. I don’t have any displays in the house with HDMI ports…

    Tweeks

  5. dreamer says:

    “The RPi board has a beefy processor”

    No it doesn’t.
    Maybe compared to some MIPS router or w/e.

    Should be fine for some pen-testing, but please don’t call it ‘beefy’.

  6. Jesse Krembs says:
  7. Pascal says:

    just install this script (http://code.google.com/p/wepbuster/) and put it into the boot up.

  8. Chaemelion says:

    I’m thinking make it discreet and add PoE, or perhaps even EoP (Ethernet over Power) combined with PoE. Pair it with these babies http://www.amazon.com/Ethernet-over-POWER-Adapter-Pair/dp/B004C4XWN2, and open it up to add PoE capability. Perfect for penetration testing.

  9. jwrm22 says:

    I don’t have enough Linux experience to add another piece of software. It would be great to combine this with the WPS crack and other cracks.

    Brute-force Network cracking.. With a PI! Awesome!

    • Chaemelion says:

      No doubt. Reaver and aircrack would be excellent uses for such a device.

      • charles says:

        Sort of. These tasks take a lot of time. Even on high end consumer systems I often don’t rise to more than 4k tries per second.

        A raspberryPi would be best used as a go between, use something with more power elsewhere.

        But all this is missing the main point of security: if you can get this thing on the network, you already have physical access to the network. If you have physical access to the network, then why do you need this particularly to gain access.

        Without physical security there is no security.

      • metalwolfhax says:

        Physical security and network security go hand in hand. I am sitting here at work and I can see a few of the neighbors networks. I could be running reaver on my laptop and the neighbors wouldnt have any idea until their DHCP list shows a system they dont recognize.

  10. Neckbeard says:

    It seems that the project’s bandwidth has been exceeded.

  11. pRoFlT says:

    put it on a RC car and drive it to the secure location for wireless network hacking. Once into the network, load a backdoor app so you can connect from anywhere! you know for security testing….nothing malicous ;)

    hmm…thinking solar panel, gps, PwnPi….probably get it run over or stolen….okay never mind.

  12. denden says:

    I’d like to see someone use Backtrack – but the processing power won’t really pack a punch for bruteforce cracking~

    • Eventhorizonn says:

      Install Reaver on it and it won’t really need that much processing power to crack WPS. As compared to dictionary attacks(which only has a 100% or 0% chance of cracking), WPS has a much much more chance of cracking a network (about 90% of the time depending if the router’s WPS is turned on, and is probably turned on, on most AP’s). The speed of cracking WPS depends on the AP itself, so it doesn’t really matter if you’re using a Raspberry Pi or a full fledged computer.

  13. klivmanis says:

    Hmm, pRoFIT’s idea isn’t that bad. The only fiddling, that sticks in my mind, is, to use Pi as remote data harvester, then do the said data analysis on some powerful machine, using gathered data…

    Oh, my, I guess my paranoia, about being observed, or traced, just went straight trough roof.

  14. Seriously, why do these people buy Macs?The boxes PCs come in are too hard for them to open.

  15. buttfart says:

    >But this is a software only hack and we were expecting to see a nice little covert package that could be plugged into an outlet

    you are a hipster skiddie piece of shit

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,545 other followers