Sometimes you need to hack on the go. [Supertechguy] has put together an interesting system for hacking on the hoof called the Pineapple Pi. This combines a Raspberry Pi 3 with a seven-inch touchscreen and a Hak 5 WiFi Pineapple into a handy portable package that puts all of the latest WiFi and ethernet hacking tools to hand. The package also includes a 20,100 mAh battery, so you won’t even need a wall socket to do some testing. It’s a bit of a rough build — it is held together with velcro, for instance — but it’s a good place to start if you are looking to make a portable, standalone system for testing WiFi networks.
The “Rubber Ducky” by Hak5 is a very powerful tool that lets the user perform rapid keystroke injection attacks, which is basically a fancy way of saying the device can type fast. Capable of entering text at over 1000 WPM, Mavis Beacon’s got nothing on this $45 gadget. Within just a few seconds of plugging it in, a properly programmed script can do all sorts of damage. Just think of all the havoc that can be caused by an attacker typing in commands on the local machine, and now image they are also the Flash.
But unless you’re a professional pentester, $45 might be a bit more than you’re looking to spend. Luckily for the budget conscious hackers out there, [Tomas C] has posted a guide on using open source software to create a DIY version of Hak5’s tool for $3 a pop. At that cost, you don’t even have to bother recovering the things when you deploy them; just hold on tight to your balaclava and make a run for it.
The hardware side of this hack is the Attiny85-based Digispark, clones of which can be had for as low as $1.50 USD depending on how long your willing to wait on the shipping from China. Even the official ones are only $8, though as of the time of this writing are not currently available. Encapsulating the thing in black shrink tubing prevents it from shorting out, and as an added bonus, gives it that legit hacker look. Of course, it wouldn’t be much of a hack if you could just buy one of these little guys and install the Rubber Ducky firmware on it.
In an effort to make it easier to use, the official Rubber Ducky runs scripts written in a BASIC-like scripting language. [Tomas C] used a tool called duck2spark by [Marcus Mengs], which lets you take a Rubber Ducky script (which have been released by Hak5 as open source) and compile it into a binary for flashing to the Digispark.
Not quite as convenient as just copying the script to the original Ducky’s microSD card, but what do you want for less than 1/10th the original’s price? Like we’ve seen in previous DIY builds inspired by Hak5 products, the trade-off is often cost for ease of use.
[Thanks to Javier for the tip.]
They say that life imitates art, which in modern parlance basically means if you see something cool in a video game, movie or TV show, you might be inclined to try and build your own version. Naturally, such things generally come in the form of simple props, perhaps with the occasional embedded LED or noise making circuit. It’s not as if you can really build a phaser from Star Trek or a phone booth that’s bigger on the inside.
But after seeing the hacking quadcopter featured in the video game Watch Dogs 2, [Glytch] was inspired to start work on a real-world version. It doesn’t look much like the drone from the game, but that was never the point. The idea was to see how practical a small flying penetration testing platform is with current technology, and judging by the final build, we’d say he got his answer.
All the flight electronics are off the shelf quadcopter gear. It’s running on a Betaflight OMNIBUS F4 Pro V2 Flight controller with an M8N GPS mounted in the front and controlling the 2006 2400KV motors with a DYS F20A ESC. Interestingly [Glytch] is experimenting with using LG HG2 lithium-ion cells to power the quad rather than the more traditional lithium-polymer pack, though he does mention there are some issues with the voltage curve between the two battery technologies.
But the real star of the show is the payload: a Hak5 Pineapple Nano. As the Pineapple provides a turn-key penetration testing platform on its own, [Glytch] just needed a way to safely carry it and keep it powered. The custom frame keeps it snug, and the 5 Volt Battery Eliminator Circuit (BEC) on the DYS F20A ESC combined with a female USB port allows powering the Pineapple without having to make any hardware modifications.
We’ve seen quadcopters with digital weaponry before, though not nearly as many as you might think. But as even the toy grade quadcopters become increasingly capable, we imagine the airborne hacking revolution isn’t far away.
It’s a story as old as time: hacker sees cool tool, hacker recoils in horror at the price of said tool, hacker builds their own version for a fraction of the price. It’s the kind of story that we love here at Hackaday, and has been the impetus for countless projects we’ve covered. One could probably argue that, if hackers had more disposable income, we’d have a much harder time finding content to deliver to our beloved readers.
[ Alex Jensen] writes in to tell us of his own tale of sticker shock induced hacking, where he builds his own version of the Hak5 Bash Bunny. His version might be lacking a bit in the visual flair department, but despite coming in at a fraction of the cost, it does manage to pack in an impressive array of features.
This pentesting multitool can act as a USB keyboard, a mass storage device, and even an RNDIS Ethernet adapter. All in an effort to fool the computer you plug it into to let you do something you shouldn’t. Like its commercial inspiration, it features an easy to use scripting system to allow new attacks to be crafted on the fly with nothing more than a text editor. A rudimentary user interface is provided by four DIP switches and light up tactile buttons. These allow you to select which attacks run without needing to hook the device up to a computer first, and the LED lights can give you status information on what the device is doing.
[Alex] utilized some code from existing projects, namely PiBunny and rspiducky, but much of the functionality is of his own design. Detailed instructions are provided on how you can build your own version of this handy hacker gadget without breaking the bank.
Given how small and cheap it is, the Raspberry Pi is gaining traction in the world of covert DIY penetration testing tools. While it might not be terribly powerful, there’s something to be said for a device that’s cheap enough that you don’t mind leaving it at the scene if you’ve got to pull on your balaclava and make a break for it.
We’ve seen this small, cheap, and powerful WiFi router before. But this time it’s up to no good. [Andy] used a TP-Link WR703N to build an upgraded WiFi Pineapple hacking tool.
A WiFi Pineapple is a device spawned years ago by the Hak5 team (here’s a clip showing off the device). It uses a WiFi router that will answer to any SSID request. Basically if your computer or smart phone has an AP SSID saved and broadcasts a request to connect the pineapple will pretend to be that device and start the handshake. This provides the chance to sniff all the data passing through in a classic man-in-the-middle attack.
[Andy] is recreating the device but at a rock bottom price. He picked up this router for about $20 and added an $8 USB drive to it. The only other thing you would need is a power source and a way to hide the hardware. The code used in the Hak5 version is available for download and that’s what he worked on after flashing OpenWrt to the device.