.

Discreet Hacking Devices

<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Fri Jul 13, 2012 10:53 pm

Discreet Hacking Devices

Has anyone ever toyed around with the idea of using small, discreet, low-power computers (like the Raspberry Pi) as an attack platform? It's small enough that if you got a decent, professional-looking case for it, it could blend in with other network equipment at a client site.

There is a project out there, called RaspberryPwn, that is supposed to be a pentesting Linux distro for the RasPi. It's easy enough to put together your own pentesting tools, especially with something like Arch Linux, but it's still interesting.

Raspberry Pi is not the only platform I have in mind, either. Gooseberry, APC, etc. are similar, each with different specs.

I imagine one could leave a scan running over the course of several days, or weeks, running slow enough to not trigger an IDS, and pick it up later. Some of them are cheap enough that it would be of little concern if you were unable to recover it for some reason (RasPi is only $35).

Anyway, just an idea I had rolling around. Let me know what you think. :)
Put that in your pipe and grep it!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Jul 14, 2012 8:25 am

Re: Discreet Hacking Devices

Neat idea.

While not as 'cheap', the idea's been around for a bit:

http://pwnieexpress.com/

I've been thinking of engineering my own, too, but I really want to try a pwnie, myself, first, as I don't really want to 'reinvent the wheel' if it'll do all I need, already.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Sat Jul 14, 2012 9:04 am

Re: Discreet Hacking Devices

My Raspberry Pi is being shipped soon.

You don't even have to go back to pick up your scan results. A reverse tunnel allows full control of your plug for all kinds of goodness....
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Sat Jul 14, 2012 10:34 am

Re: Discreet Hacking Devices

Yeah, the Pwnie Express is pretty awesome, and looks like it's packed with features and a more powerful platform. However, you don't have the cost benefit of being able to forget about it and leave it behind, it's quite expensive. :P
If you get your hands on one of these, let us know!

I agree about reverse tunnel, I had thought of that, too. I just meant that if you keeping external traffic to a minimum to avoid detection, you could always pick it up later to get your results. Either way would be highly effective.

To further the idea, I was thinking that the device could often change its MAC address, IP, spoof other machines, etc. dynamically, to make tracking it difficult. If you were also doing some kind of network monitoring, you could look for events such as a network scan that isn't your own. You could then stop any active attacks and just watch a passive monitor. When it safe, resume the attack.
Put that in your pipe and grep it!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Jul 14, 2012 10:45 pm

Re: Discreet Hacking Devices

I agree on the cost / price point.  Just that I want to get a pwnie first, so that I can decide if I feel like building something, and what 'features' I want to port.

But the 'cheap' aspect of Raspberry Pi is definitely a plus.  :-)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Mon Jul 16, 2012 11:40 am

Re: Discreet Hacking Devices

If you just want one to play around with you can get a pwnie cheapish, if you go with a floor model.  They aren't the latest model but they are much cheaper.

http://pwnieexpress.com/products/pwn-plug-floor-model-v1-1-limited-supply
CISSP, CEH, GPEN, GCIH, GCFA
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Mon Jul 16, 2012 12:27 pm

Re: Discreet Hacking Devices

I just realized that RaspberryPwn was created by pwnieexpress, so it should be a similar experience. I'll let you guys know if I get a chance to mess around with it, I have several Raspberry Pis to play around with.
Put that in your pipe and grep it!
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Mon Jul 16, 2012 7:35 pm

Re: Discreet Hacking Devices

I always wanted to get a Nokia N900, and put backtrack on that. I thought it would have been fun. Cell phone, running backtrack. Ok it was a hand held computer with a cell phone attached but still cool.
OSWP, Sec+

Return to Hardware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software