This website is the documented process of a project that will show a knowledgeable user how to leverage a Raspberry Pi as a penetration testing tool. The small credit-card sized computer is perfect to hide discreetly on a host network sniffing data that organizations thought would be protected by their firewalls, server room, and cloud computing. These small computers have hit the technology world by storm due to the low cost of components and ingenious collection of project ideas.1 The educational benefits of such devices are immeasurable due to limitless possibilities of projects, and the large number of support groups available on the web 2. This has led to the perfect security and educational application of a packet sniffer that can be accessed remotely. The discrete size and ability to power the Raspberry Pi off a battery gives a penetration tester leverage to perform a network scan on a client’s network while they remain at a safe distance from the target.
The aim of this project is to provide a step-by-step guide on using a Raspberry Pi on a host network to gather essential data to gain escalated privileges. This will include the process of installing, configuring, updating, and remotely accessing the Raspberry Pi. The operation system that will make this attack possible will be Kali Linux. The perfect collection of White Hat tools and resources are included in the Kali Linux distribution.
The focus will be on the process of inserting the device as a Man in the Middle (MitM) and capturing network packets that can then be either analyzed to retrieve log-in credentials or session information. The captured information will then be used to attempt to gain access to those respective accounts, while maintaining anonymity throughout the attack.
This project is possible by the education provided by Walsh College and their Masters of Science in Information Assurance program. Founded in 1922 Walsh offers both bachelor’s and master’s level courses in Information Assurance. Walsh College holds multiple accreditations and is a Center of Academic Excellence in Information Assurance Education by the National Security Agency and Department of Homeland Security.3
Please take a moment and watch a brief introduction video that will provide a little bit of background information on the project. There will also be a quick overview of the website and how to navigate to find the information that interests you the most. Please take a moment and visit the “About Me” page and link with me on LinkedIn or Google+.
All information contained on this website is for educational purposes only to be used as a tool for penetration testing. All demonstrations were done on a private network with full permissions of the owner. In no way is any information contained herein to be used with malicious intent.
- Henry, A. (2013, January 2013). Ten More Awesome Projects for Your Raspberry Pi. Retrieved February 1, 2014, from Lifehacker: http://lifehacker.com/5978871/ten-more-awesome-projects-for-your-raspberry-pi ↑
- Nuttall, B. (2014, February 11). GitHub goes to school. Retrieved February 15, 2014, from Raspberry Pi: http://www.raspberrypi.org/archives/6122 ↑
- Walsh College. (2014). Information Assurance Center. Retrieved February 1, 2014, from Walsh College: http://www.walshcollege.edu/iac#.Uw0r1PldXTc ↑