Raspberry Pi As A Plug-in Hash Harvester


Plug in the power and Ethernet and this Raspberry Pi board will automatically collect Windows hashes from computers on the network. With a couple of RPi boards on hand [Travis] was searching for more hacks to try with them. This made a great little test to see how the board performs with the well established attack.

To start he booted into the standard Raspbian distribution. From there he loads the Metasploit framework which brings most of the necessary tools into play. It uses the Web Proxy Auto-Discovery Protocol (WPAD)  to request hashes from any Windows machines listening on the network. Some version of the OS respond with LM hashes, others don’t. The importance of this and the particulars of using rainbow tables to crack the hashes is explained in this article on the subject.

We wouldn’t mind having a little hardware hack that adds a couple of LEDs to the GPIO header so you know when the RPi is done collecting the data.

15 thoughts on “Raspberry Pi As A Plug-in Hash Harvester

      1. Except in this case, It’s another basic linuxism they’re posting about. This isnt linuxaday, a new tip a day for basic linux functionality!
        Tomorrow on hackaday: The amazing breakthru that you can use grep used on a RPi

          1. I see what hes getting at though…

            Personally I do think it was a pretty cool post, I never though to run that on the pi.
            But that being said….. The Raspi can run damn near anything that any linux machine can (more or less after its been re-compiled). So……. yeah, its not a new thing its not a breakthru to run Metasploit, or any other software on it…

            I mean I could get a gps, pi, lcd screen, battery, and gpredict software and make a cool little satellite tracker.. but is that a hack? Hell no, if I make a homemade case for it and put it in a shiny package? meh… a little closer… idk…

            Alright I’m done bitching :)

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.