Raspberry Pi as a plug-in hash harvester

plug-in-hash-harvesting

Plug in the power and Ethernet and this Raspberry Pi board will automatically collect Windows hashes from computers on the network. With a couple of RPi boards on hand [Travis] was searching for more hacks to try with them. This made a great little test to see how the board performs with the well established attack.

To start he booted into the standard Raspbian distribution. From there he loads the Metasploit framework which brings most of the necessary tools into play. It uses the Web Proxy Auto-Discovery Protocol (WPAD)  to request hashes from any Windows machines listening on the network. Some version of the OS respond with LM hashes, others don’t. The importance of this and the particulars of using rainbow tables to crack the hashes is explained in this article on the subject.

We wouldn’t mind having a little hardware hack that adds a couple of LEDs to the GPIO header so you know when the RPi is done collecting the data.

Comments

  1. dirf says:

    OMG Hackaday, this is getting ridiculous! Don’t you think we’ve had enough posts for stoners alre-Oh, OH, that kind of hash. Carry on then,,,

    • scorinth says:

      Wow. I was just about to type this very same comment. Ninja’d

      • Toaster_Chicken says:

        Except in this case, It’s another basic linuxism they’re posting about. This isnt linuxaday, a new tip a day for basic linux functionality!
        Tomorrow on hackaday: The amazing breakthru that you can use grep used on a RPi

        • Baphomet says:

          Some people are just never happy

          • CorrosiveOne says:

            I see what hes getting at though…

            Personally I do think it was a pretty cool post, I never though to run that on the pi.
            But that being said….. The Raspi can run damn near anything that any linux machine can (more or less after its been re-compiled). So……. yeah, its not a new thing its not a breakthru to run Metasploit, or any other software on it…

            I mean I could get a gps, pi, lcd screen, battery, and gpredict software and make a cool little satellite tracker.. but is that a hack? Hell no, if I make a homemade case for it and put it in a shiny package? meh… a little closer… idk…

            Alright I’m done bitching :)

        • willrandship says:

          At least this one is about hacking. :P

  2. Tris Linnell says:

    ledborg would make the perfect led for this.

  3. Dave.. says:

    First thing I thought of there was pot, and I’ve never smoked the stuff before.

  4. biozz says:

    if you cant tell the difference between harvesting hashes and creating hashish by throwing weed in a tumbler your too stupid to utilize metasploit!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 91,826 other followers