Geek212121 Posted April 20, 2017 Share Posted April 20, 2017 I'm looking at getting a portable device (tablet) for hacking. I was looking at getting the surface pro 4, do you guys think that's my best option or would you recommend something else? Thanks Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 20, 2017 Share Posted April 20, 2017 Don't use a tablet. You'll come across situations where it's a pain. For on-the-fly, discreet pen testing, use your phone and a Raspberry Pi 3. You can turn the RPi in to a WiFi hotspot, or connect to it via Bluetooth, and use a terminal on your phone. You can also then use applications to create SSH 'buttons' to complete commands instantly, then discreetly just stand around whilst the Pi does the work. Good for public, good for quick movement, good for hiding, good for taking in a car, good for everything you don't need a PC for. Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 20, 2017 Author Share Posted April 20, 2017 42 minutes ago, haze1434 said: Don't use a tablet. You'll come across situations where it's a pain. For on-the-fly, discreet pen testing, use your phone and a Raspberry Pi 3. You can turn the RPi in to a WiFi hotspot, or connect to it via Bluetooth, and use a terminal on your phone. You can also then use applications to create SSH 'buttons' to complete commands instantly, then discreetly just stand around whilst the Pi does the work. Good for public, good for quick movement, good for hiding, good for taking in a car, good for everything you don't need a PC for. So I could just use my iPhone 6s? Or does it have to be android/windows phone? Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 20, 2017 Share Posted April 20, 2017 (edited) 21 minutes ago, Geek212121 said: So I could just use my iPhone 6s? Or does it have to be android/windows phone? Any. As long as your phone has the ability to connect to WiFi and has an SSH application available in the store, you can use the RPi + phone method. Edited April 20, 2017 by haze1434 Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 20, 2017 Author Share Posted April 20, 2017 6 minutes ago, haze1434 said: Any. As long as your phone has the ability to connect to WiFi and has an SSH application available in the store, you can use the RPi + phone method. Not 100% about the availability of an SSH app in the store but I can easily jailbreak my phone if needed! Thanks for the advice! Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 20, 2017 Share Posted April 20, 2017 1 hour ago, Geek212121 said: Not 100% about the availability of an SSH app in the store but I can easily jailbreak my phone if needed! Thanks for the advice! Termius. https://www.raspberrypi.org/documentation/remote-access/ssh/ios.md Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 20, 2017 Author Share Posted April 20, 2017 9 minutes ago, haze1434 said: Termius. https://www.raspberrypi.org/documentation/remote-access/ssh/ios.md Yeah I just found this link haha, thanks Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 24, 2017 Share Posted April 24, 2017 (edited) 56 minutes ago, graceinc said: That means i dont have to go for a tablet for this purpose. Good to go with my iPhone. Yep. For general instructions, if it helps; 1.) Install Raspbian (I've also had this working with Kali) on an RPi3. 2.) Use these instructions to turn it in to a WiFi hotspot when there is no recognised WiFi nearby 3.) Install Termius on your iThingy/Android/Potato 4.) Connect your iThingy/Android/Potato to the WiFi hotspot the RPi3 is kicking out 5.) Use an application to confirm the RPi's IP address (I use Fing on Android, there's loads of applications for listing WiFi stations), or you may be able to figure that out from the instructions followed in step 2. 6.) Connect to that IP address, using port 22 and the credentials required (Raspbian is userID pi and password raspberry, so it would be pi@0.0.0.0:22 as an example) 7.) Profit. Install what you like (nmap, aircrack etc.), plug in an extra wifi card, throw it in a backpack or a pocket with a mini battery and off you go. PRO TIP: Create BASH files and simply run them using SSH from your phone. Hardly any typing, quick and easy. Edited April 24, 2017 by haze1434 Quote Link to comment Share on other sites More sharing options...
digip Posted April 24, 2017 Share Posted April 24, 2017 You guys do know there is NetHunter, right? Compatible phones AND tablets(nexus based mostly) can have full kali in your pocket from one device, otg cable and a USB wifi card. Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 25, 2017 Share Posted April 25, 2017 (edited) 8 hours ago, digip said: You guys do know there is NetHunter, right? Compatible phones AND tablets(nexus based mostly) can have full kali in your pocket from one device, otg cable and a USB wifi card. NetHunter is really great, of course, however; It doesn't work on iPhones It's created by someone else. RPi's mean you can install whatever you like. It's not as anonymous. It's way more expensive, if you take in to account that you can use any cheap phone + $40 RPi vs having to buy a Nexus device. It's in BETA. I'm cheap I like playing with RPis Edited April 25, 2017 by haze1434 Quote Link to comment Share on other sites More sharing options...
digip Posted April 25, 2017 Share Posted April 25, 2017 If you have compatible hardware already, then it;s just a matter of getting it installed. Same could be said for iPhone, considering I don't own it, or any nexus hardware, the investment is something anyone would have to make, even for the Raspberry Pi's which there are Kali images for as well. In fact, there are a ton of small, cheap arm devices that run Kali these days, and a new page should be going up soon for kali 2017.1 for arm devices, just not published publicly yet. I don't know that kali will ever go 100% over to iPhone and apple mobile devices, but as of now, I've only ever seen people use iPhones and iPads as front ends for remote control of a separate kali device. This is all fine as well, I just think that having it on your device you carry with you vs remotely logging in and controlling another device has it's disadvantages as much as advantages. You can surely deploy multiple Pi's and control remotely(with internet connection of some manner or adhoc/dualhomed connections) from a laptop or home computer as well. Just stating that you can put it on compatible tablets and phones for single device use while out and about. Less I have to carry with me, the better, but even still, one might want to deploy a bunch of small kali machines to remote into for some fun. :) Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 25, 2017 Share Posted April 25, 2017 30 minutes ago, digip said: Less I have to carry with me, the better, but even still, one might want to deploy a bunch of small kali machines to remote into for some fun. Couldn't agree more :) I think that, in this case, it would be whatever was best for the situation of the pen test. Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 27, 2017 Author Share Posted April 27, 2017 On 25/04/2017 at 8:06 AM, haze1434 said: NetHunter is really great, of course, however; It doesn't work on iPhones It's created by someone else. RPi's mean you can install whatever you like. It's not as anonymous. It's way more expensive, if you take in to account that you can use any cheap phone + $40 RPi vs having to buy a Nexus device. It's in BETA. I'm cheap I like playing with RPis Just seen you're a RPi lover so you may know this. If I wanted to use my RPi 3 for cracking wifi passwords can I just use raspbian or do I need to install Kali to do so?? Quote Link to comment Share on other sites More sharing options...
barry99705 Posted April 27, 2017 Share Posted April 27, 2017 Using a Pi for password cracking will be about as useful as using an abacus for password cracking. Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 27, 2017 Author Share Posted April 27, 2017 1 minute ago, barry99705 said: Using a Pi for password cracking will be about as useful as using an abacus for password cracking. Really? How comes? Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 27, 2017 Author Share Posted April 27, 2017 1 minute ago, barry99705 said: Using a Pi for password cracking will be about as useful as using an abacus for password cracking. Could you suggest something that I could use that is reasonably portable? Quote Link to comment Share on other sites More sharing options...
bored369 Posted April 27, 2017 Share Posted April 27, 2017 15 minutes ago, Geek212121 said: Just seen you're a RPi lover so you may know this. If I wanted to use my RPi 3 for cracking wifi passwords can I just use raspbian or do I need to install Kali to do so?? You can do it on either, you would just need to install the app on raspbian probably. But as we learned from Jurassic Park....you may be spending too much time figuring out if you can, that you forgot to think if you should A post on another forum explains it pretty well here:https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=95180&start=25 "let's talk about cracking time. I cracked my home network using brute force methods, so that is the only method I can weigh in on. Brute forcing is when you throw a bunch of passwords at what you want to crack and see any works. The RPi's 30 passwords a second is just too slow unless you know the password could be one of only a few. My laptop could do 400p/s, desktop could do 7000p/s and desktop with gpu could do over 100,000p/s. Let us say you were trying to brute force a 10-digit numeric password. That's 10 billion combinations or 0000000000-9999999999.10billion / 30keys/sec = 333 million seconds to try all combinations333333333/60/60/24/365= 10.57 Years to crack with a PiHowever with a desktop computer with a good gpu, you could crack the same password in under 30 hours." -by Zen1 » Sat Jan 17, 2015 5:09 am Quote Link to comment Share on other sites More sharing options...
bored369 Posted April 27, 2017 Share Posted April 27, 2017 2 minutes ago, Geek212121 said: Could you suggest something that I could use that is reasonably portable? An online service would be the only portable thing worth it. It takes raw power to make guesses and you aren't going to get that out of something portable when compared to something that fills entire rooms. But then you have security concerns of posting stuff through a 3rd party and possibly charges as well. Also keep in mind that's a small combination set I mentioned in my previous post, you start adding other chars and length it takes exponentially longer for anything to brute force it. Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 27, 2017 Author Share Posted April 27, 2017 1 minute ago, bored369 said: An online service would be the only portable thing worth it. It takes raw power to make guesses and you aren't going to get that out of something portable when compared to something that fills entire rooms. But then you have security concerns of posting stuff through a 3rd party and possibly charges as well. Also keep in mind that's a small combination set I mentioned in my previous post, you start adding other chars and length it takes exponentially longer for anything to brute force it. What type of pentesting/hacking can I do with a Rpi3? Quote Link to comment Share on other sites More sharing options...
bored369 Posted April 27, 2017 Share Posted April 27, 2017 27 minutes ago, Geek212121 said: What type of pentesting/hacking can I do with a Rpi3? Same kind you can do with any linux box. I mean that's a pretty broad question. You just have to remember that there's not a lot of processing power, so it would be more useful to get the passwords or hashes you want cracked with the Pi then transfer it another system to do the bruteforce work. Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 27, 2017 Author Share Posted April 27, 2017 1 minute ago, bored369 said: Same kind you can do with any linux box. I mean that's a pretty broad question. You just have to remember that there's not a lot of processing power, so it would be more useful to get the passwords or hashes you want cracked with the Pi then transfer it another system to do the bruteforce work. I'm new to all of this type of stuff, just getting started. Any suggestions on where to start off would be great because I think I've just jumped in the deep end wanting to do something that I should probably wait to do. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted April 27, 2017 Share Posted April 27, 2017 23 minutes ago, Geek212121 said: I'm new to all of this type of stuff, just getting started. Any suggestions on where to start off would be great because I think I've just jumped in the deep end wanting to do something that I should probably wait to do. That is one of the smartest things I've seen on the internet today. Go get this book, should point you in the right direction. https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/ref=sr_1_sc_1?ie=UTF8&qid=1493317138 Quote Link to comment Share on other sites More sharing options...
Geek212121 Posted April 27, 2017 Author Share Posted April 27, 2017 1 minute ago, barry99705 said: That is one of the smartest things I've seen on the internet today. Go get this book, should point you in the right direction. https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/ref=sr_1_sc_1?ie=UTF8&qid=1493317138 Sweet, thanks for that! Any little simple things I can start with for now? Quote Link to comment Share on other sites More sharing options...
bashincajun Posted April 27, 2017 Share Posted April 27, 2017 One of the things you can start with is checking You tube, there are multiple videos out there for beginners in Linux and even plenty dedicated to Kali specifically. Just remember you have o crawl first, the info sec field is very vast and it is easy getting in over your head and getting frustrated with it. Quote Link to comment Share on other sites More sharing options...
0phoi5 Posted April 28, 2017 Share Posted April 28, 2017 14 hours ago, Geek212121 said: Just seen you're a RPi lover so you may know this. If I wanted to use my RPi 3 for cracking wifi passwords can I just use raspbian or do I need to install Kali to do so?? Agreed with barry. RPis are fantastic little things for having an on-the-go box for pen testing, however they certainly shouldn't be used for password cracking themselves. Use an RPi to grab a password hash or WiFi handshake, sure, but then transfer the hash to a more powerful machine or use an online service to get the password. RPis would take years to crack a hash, compared with days for a desktop PC. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.