PwnPi is a penetration testing distribution rolled up for the Raspberry Pi platform. This should come as no surprise to anyone. The RPi board has a beefy processor, it’s relatively low power, has the option of the on-board NIC or a USB WiFi dongle, and it already has Linux kernel and desktop sources available to start from.
Now we will admit we’re a bit disappointed from this tip. Don’t get us wrong, the distro looks like it’s well done, and we’re sure there are a lot of folks out there who will be happy to have these tools to help test their network security. But this is a software only hack and we were expecting to see a nice little covert package that could be plugged into an outlet (SheevaPlug style), or a battery-powered module that can be plugged into an Ethernet port and hidden away.
Now you know what we want, don’t forget to send in a link once you pull it off.
28 thoughts on “Penetration Testing With The Raspberry Pi”
Seems the PwnPi site has been HackaDayed: very slow to load. My argument against a black box/hat approach with the Pi is that it is over kill. The WR703N is good enough, and cheaper (in case you lose it!). And it comes in a box!
Penetration testing…. just what are they attempting to penetrate … drum roll :)
If only they had used a BeagleBone.
Am I the only one fed up with seeing all these raspPi projects? Perhaps I’ve because I’ve been on every waiting list for these damned things for months and still don’t have one.
Yea, we will be fed up with it even before we actually start working with it.
I just mine in the mail last night.. :)
and I realized.. I don’t have any displays in the house with HDMI ports…
I had the same issue. DVI->HDMI is like 3 bucks on Monoprice.com
Amazon makes a great cheap dvi to hdmi cable that I use for my computer.
As long as you have monitors w/ DVI-D you’ll be fine, HDMI CVI cables are pretty inexpensive.
Hopefully, the wait to get a display with HDMI ports (or converter for current displays owned to HDMI) will be significanlly less than the wait time for the RasberryPi from what ever “announcment”/order date for the RasberryPi used. :)
Just ssh into it from your home computer. ssh is already enabled with wheezy pi
Indeed, moreover, when in ssh, install a VNC server, such as TightVNCServer, enable it, and access the RPi desktop from a remote computer.
Personally, I’m using my RPi everyday without keyboard, mouse or display: all remote.
My RPi is running Apache WEB server, PHP5 and MySQL. Samba is also up, making RPi a cloud server for the house. No need for speed for these apps. Therefore, 3 Watts are good enough!
“The RPi board has a beefy processor”
No it doesn’t.
Maybe compared to some MIPS router or w/e.
Should be fine for some pen-testing, but please don’t call it ‘beefy’.
But shouldn’t we compare it to other small arm boards?
Instead of using PwnPi you can also try Rasberry PWN. This is basically a port of the software running on a pwn plug
just install this script (http://code.google.com/p/wepbuster/) and put it into the boot up.
I’m thinking make it discreet and add PoE, or perhaps even EoP (Ethernet over Power) combined with PoE. Pair it with these babies http://www.amazon.com/Ethernet-over-POWER-Adapter-Pair/dp/B004C4XWN2, and open it up to add PoE capability. Perfect for penetration testing.
I don’t have enough Linux experience to add another piece of software. It would be great to combine this with the WPS crack and other cracks.
Brute-force Network cracking.. With a PI! Awesome!
No doubt. Reaver and aircrack would be excellent uses for such a device.
Sort of. These tasks take a lot of time. Even on high end consumer systems I often don’t rise to more than 4k tries per second.
A raspberryPi would be best used as a go between, use something with more power elsewhere.
But all this is missing the main point of security: if you can get this thing on the network, you already have physical access to the network. If you have physical access to the network, then why do you need this particularly to gain access.
Without physical security there is no security.
Physical security and network security go hand in hand. I am sitting here at work and I can see a few of the neighbors networks. I could be running reaver on my laptop and the neighbors wouldnt have any idea until their DHCP list shows a system they dont recognize.
It seems that the project’s bandwidth has been exceeded.
put it on a RC car and drive it to the secure location for wireless network hacking. Once into the network, load a backdoor app so you can connect from anywhere! you know for security testing….nothing malicous ;)
hmm…thinking solar panel, gps, PwnPi….probably get it run over or stolen….okay never mind.
I’d like to see someone use Backtrack – but the processing power won’t really pack a punch for bruteforce cracking~
Install Reaver on it and it won’t really need that much processing power to crack WPS. As compared to dictionary attacks(which only has a 100% or 0% chance of cracking), WPS has a much much more chance of cracking a network (about 90% of the time depending if the router’s WPS is turned on, and is probably turned on, on most AP’s). The speed of cracking WPS depends on the AP itself, so it doesn’t really matter if you’re using a Raspberry Pi or a full fledged computer.
Hmm, pRoFIT’s idea isn’t that bad. The only fiddling, that sticks in my mind, is, to use Pi as remote data harvester, then do the said data analysis on some powerful machine, using gathered data…
Oh, my, I guess my paranoia, about being observed, or traced, just went straight trough roof.
Seriously, why do these people buy Macs?The boxes PCs come in are too hard for them to open.
>But this is a software only hack and we were expecting to see a nice little covert package that could be plugged into an outlet
you are a hipster skiddie piece of shit
Please be kind and respectful to help make the comments section excellent. (Comment Policy)