Rogue Pi - Low Cost Penetration Dropbox

[Splicer]

I figured the hak5 community might like to read and checkout a project I proposed and developed for my final project in college. The goal was to build a cheap drop box for security audits using the Raspberry Pi and other components I felt necessary for the job.

You can read about the project proposal here:

http://crushbeercrushcode.org/2013/01/rogue-pi-a-low-cost-penetration-dropbox-proposal/

And here is the updated progress on the project which highlights some key milestones and provides a video demo:

http://crushbeercrushcode.org/2013/03/developing-the-rogue-pi/

Cheers!

[telot]

Great project Splicer! While we've seen several iterations of the pi as a dropbox, I've yet to see it paired with an LCD, nor have I seen the on-boot verification with python - both are very awesome additions to the typical 'load the pi up with tools and script them on after bootup' setup.

One suggestion that comes to mind is to use some type of encryption (encfs should do the trick) so that when it is discovered by a victim, they can't trace it back to you. Adds a layer of security for you as the malicious attacker, or emulates what a malicious attacker would do if you're using this on a pentest. Without this encryption, anyone can boot it up and cat your python scripts to see the endpoint address, and that your username is twi7ch :)

Overall excellent execution and excellent presentation. A+!

telot

[Splicer]

Yeah a full encryption is something I didn't even look into yet but you bring up a very good point. Thanks for the suggestions and the positive feedback. There is always room for improvement :D

[bytedeez]

I had the same idea just last week! I was also looking around and found this could be done cheaply using a $23.00 tp-link router and some open source software.