A pentesting dropbox is used to allow a pentester to remotely access and audit a network. The device is dropped onto a network, and then sets up a connection which allows remote access. As a final project, [Kalen] built the Rogue Pi, a pentesting dropbox based on the Raspberry Pi.
The Rogue Pi has a few features that make it helpful for pentesting. First off, it has a power on test that verifies that the installation onto the target network was successful. Since the install of a dropbox needs to be inconspicuous, this helps with getting the device setup without being detected. A LCD allows the user to see if the installation was successful without an additional computer or external display.
Once powered on, the device creates a reverse SSH tunnel, which provides remote access to the device. Using a reverse tunnel allows the device to get around the network’s firewall. Aircrack-ng has been included on the device to allow for wireless attacks, and a hidden SSID allows for wireless access if the wired network has issues. There is a long list of pentesting tools that have been built to run on the Pi.
Check out a video demonstration of the dropbox after the break.
4 thoughts on “Rogue Pi: A RPi Pentesting Dropbox”
Its so weird to not see someone interested on this. lol
Doesn’t help that the links are dead.
Nice idea – I’m trying to build one with kali, but i like the simple LCD display and button controls on this one.
You can use the Wayback machine to find a copy of it…
nice work im tryn to build on to, thanks for the work you have done
Please be kind and respectful to help make the comments section excellent. (Comment Policy)