Discreet Hacking Devices

Viewing 7 reply threads
  • Author
    Posts
    • #7712
      eth3real
      Participant

      Has anyone ever toyed around with the idea of using small, discreet, low-power computers (like the Raspberry Pi) as an attack platform? It’s small enough that if you got a decent, professional-looking case for it, it could blend in with other network equipment at a client site.

      There is a project out there, called RaspberryPwn, that is supposed to be a pentesting Linux distro for the RasPi. It’s easy enough to put together your own pentesting tools, especially with something like Arch Linux, but it’s still interesting.

      Raspberry Pi is not the only platform I have in mind, either. Gooseberry, APC, etc. are similar, each with different specs.

      I imagine one could leave a scan running over the course of several days, or weeks, running slow enough to not trigger an IDS, and pick it up later. Some of them are cheap enough that it would be of little concern if you were unable to recover it for some reason (RasPi is only $35).

      Anyway, just an idea I had rolling around. Let me know what you think. 🙂

    • #48099
      hayabusa
      Participant

      Neat idea.

      While not as ‘cheap’, the idea’s been around for a bit:

      http://pwnieexpress.com/

      I’ve been thinking of engineering my own, too, but I really want to try a pwnie, myself, first, as I don’t really want to ‘reinvent the wheel’ if it’ll do all I need, already.

    • #48100
      ziggy_567
      Participant

      My Raspberry Pi is being shipped soon.

      You don’t even have to go back to pick up your scan results. A reverse tunnel allows full control of your plug for all kinds of goodness….

    • #48101
      eth3real
      Participant

      Yeah, the Pwnie Express is pretty awesome, and looks like it’s packed with features and a more powerful platform. However, you don’t have the cost benefit of being able to forget about it and leave it behind, it’s quite expensive. 😛
      If you get your hands on one of these, let us know!

      I agree about reverse tunnel, I had thought of that, too. I just meant that if you keeping external traffic to a minimum to avoid detection, you could always pick it up later to get your results. Either way would be highly effective.

      To further the idea, I was thinking that the device could often change its MAC address, IP, spoof other machines, etc. dynamically, to make tracking it difficult. If you were also doing some kind of network monitoring, you could look for events such as a network scan that isn’t your own. You could then stop any active attacks and just watch a passive monitor. When it safe, resume the attack.

    • #48102
      hayabusa
      Participant

      I agree on the cost / price point.  Just that I want to get a pwnie first, so that I can decide if I feel like building something, and what ‘features’ I want to port.

      But the ‘cheap’ aspect of Raspberry Pi is definitely a plus.  🙂

    • #48103
      geekyone
      Participant

      If you just want one to play around with you can get a pwnie cheapish, if you go with a floor model.  They aren’t the latest model but they are much cheaper.

      http://pwnieexpress.com/products/pwn-plug-floor-model-v1-1-limited-supply

    • #48104
      eth3real
      Participant

      I just realized that RaspberryPwn was created by pwnieexpress, so it should be a similar experience. I’ll let you guys know if I get a chance to mess around with it, I have several Raspberry Pis to play around with.

    • #48105
      rattis
      Participant

      I always wanted to get a Nokia N900, and put backtrack on that. I thought it would have been fun. Cell phone, running backtrack. Ok it was a hand held computer with a cell phone attached but still cool.

Viewing 7 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?