Jump to content

Geek212121
 Share

Recommended Posts

Don't use a tablet. You'll come across situations where it's a pain.

For on-the-fly, discreet pen testing, use your phone and a Raspberry Pi 3.

You can turn the RPi in to a WiFi hotspot, or connect to it via Bluetooth, and use a terminal on your phone. You can also then use applications to create SSH 'buttons' to complete commands instantly, then discreetly just stand around whilst the Pi does the work.

Good for public, good for quick movement, good for hiding, good for taking in a car, good for everything you don't need a PC for.

 

Link to comment
Share on other sites

42 minutes ago, haze1434 said:

Don't use a tablet. You'll come across situations where it's a pain.

For on-the-fly, discreet pen testing, use your phone and a Raspberry Pi 3.

You can turn the RPi in to a WiFi hotspot, or connect to it via Bluetooth, and use a terminal on your phone. You can also then use applications to create SSH 'buttons' to complete commands instantly, then discreetly just stand around whilst the Pi does the work.

Good for public, good for quick movement, good for hiding, good for taking in a car, good for everything you don't need a PC for.

 

So I could just use my iPhone 6s? Or does it have to be android/windows phone? 

Link to comment
Share on other sites

21 minutes ago, Geek212121 said:

So I could just use my iPhone 6s? Or does it have to be android/windows phone? 

Any. As long as your phone has the ability to connect to WiFi and has an SSH application available in the store, you can use the RPi + phone method.

Edited by haze1434
Link to comment
Share on other sites

6 minutes ago, haze1434 said:

Any. As long as your phone has the ability to connect to WiFi and has an SSH application available in the store, you can use the RPi + phone method.

Not 100% about the availability of an SSH app in the store but I can easily jailbreak my phone if needed! Thanks for the advice! 

Link to comment
Share on other sites

56 minutes ago, graceinc said:

That means i dont have to go for a tablet for this purpose. Good to go with my iPhone.

Yep.

For general instructions, if it helps;

1.) Install Raspbian (I've also had this working with Kali) on an RPi3.

2.) Use these instructions to turn it in to a WiFi hotspot when there is no recognised WiFi nearby

3.) Install Termius on your iThingy/Android/Potato

4.) Connect your iThingy/Android/Potato to the WiFi hotspot the RPi3 is kicking out

5.) Use an application to confirm the RPi's IP address (I use Fing on Android, there's loads of applications for listing WiFi stations), or you may be able to figure that out from the instructions followed in step 2.

6.) Connect to that IP address, using port 22 and the credentials required (Raspbian is userID pi and password raspberry, so it would be pi@0.0.0.0:22 as an example)

7.) Profit. Install what you like (nmap, aircrack etc.), plug in an extra wifi card, throw it in a backpack or a pocket with a mini battery and off you go.

 

PRO TIP: Create BASH files and simply run them using SSH from your phone. Hardly any typing, quick and easy.

Edited by haze1434
Link to comment
Share on other sites

You guys do know there is NetHunter, right? Compatible phones AND tablets(nexus based mostly) can have full kali in your pocket from one device, otg cable and a USB wifi card.

Link to comment
Share on other sites

8 hours ago, digip said:

You guys do know there is NetHunter, right? Compatible phones AND tablets(nexus based mostly) can have full kali in your pocket from one device, otg cable and a USB wifi card.

NetHunter is really great, of course, however;

  • It doesn't work on iPhones
  • It's created by someone else. RPi's mean you can install whatever you like.
  • It's not as anonymous.
  • It's way more expensive, if you take in to account that you can use any cheap phone + $40 RPi vs having to buy a Nexus device.
  • It's in BETA.
  • I'm cheap
  • I like playing with RPis
Edited by haze1434
Link to comment
Share on other sites

If you have compatible hardware already, then it;s just a matter of getting it installed. Same could be said for iPhone, considering I don't own it, or any nexus hardware, the investment is something anyone would have to make, even for the Raspberry Pi's which there are Kali images for as well. In fact, there are a ton of small, cheap arm devices that run Kali these days, and a new page should be going up soon for kali 2017.1 for arm devices, just not published publicly yet. I don't know that kali will ever go 100% over to iPhone and apple mobile devices, but as of now, I've only ever seen people use iPhones and iPads as front ends for remote control of a separate kali device. This is all fine as well, I just think that having it on your device you carry with you vs remotely logging in and controlling another device has it's disadvantages as much as advantages. You can surely deploy multiple Pi's and control remotely(with internet connection of some manner or adhoc/dualhomed connections) from a laptop or home computer as well. Just stating that you can put it on compatible tablets and phones for single device use while out and about. Less I have to carry with me, the better, but even still, one might want to deploy a bunch of small kali machines to remote into for some fun.

:)

Link to comment
Share on other sites

30 minutes ago, digip said:

Less I have to carry with me, the better, but even still, one might want to deploy a bunch of small kali machines to remote into for some fun.

Couldn't agree more :)

I think that, in this case, it would be whatever was best for the situation of the pen test.

Link to comment
Share on other sites

On 25/04/2017 at 8:06 AM, haze1434 said:

NetHunter is really great, of course, however;

  • It doesn't work on iPhones
  • It's created by someone else. RPi's mean you can install whatever you like.
  • It's not as anonymous.
  • It's way more expensive, if you take in to account that you can use any cheap phone + $40 RPi vs having to buy a Nexus device.
  • It's in BETA.
  • I'm cheap
  • I like playing with RPis

Just seen you're a RPi lover so you may know this. If I wanted to use my RPi 3 for cracking wifi passwords can I just use raspbian or do I need to install Kali to do so??

Link to comment
Share on other sites

15 minutes ago, Geek212121 said:

Just seen you're a RPi lover so you may know this. If I wanted to use my RPi 3 for cracking wifi passwords can I just use raspbian or do I need to install Kali to do so??

You can do it on either, you would just need to install the app on raspbian probably.

But as we learned from Jurassic Park....you may be spending too much time figuring out if you can, that you forgot to think if you should
 

A post on another forum explains it pretty well here:
https://www.raspberrypi.org/forums/viewtopic.php?f=63&t=95180&start=25

"let's talk about cracking time. I cracked my home network using brute force methods, so that is the only method I can weigh in on. Brute forcing is when you throw a bunch of passwords at what you want to crack and see any works. The RPi's 30 passwords a second is just too slow unless you know the password could be one of only a few. My laptop could do 400p/s, desktop could do 7000p/s and desktop with gpu could do over 100,000p/s. Let us say you were trying to brute force a 10-digit numeric password. That's 10 billion combinations or 0000000000-9999999999.
10billion / 30keys/sec = 333 million seconds to try all combinations
333333333/60/60/24/365= 10.57 Years to crack with a Pi
However with a desktop computer with a good gpu, you could crack the same password in under 30 hours."
-by Zen1 » Sat Jan 17, 2015 5:09 am

Link to comment
Share on other sites

2 minutes ago, Geek212121 said:

Could you suggest something that I could use that is reasonably portable? 

An online service would be the only portable thing worth it.  It takes raw power to make guesses and you aren't going to get that out of something portable when compared to something that fills entire rooms.

But then you have security concerns of posting stuff through a 3rd party and possibly charges as well.  Also keep in mind that's a small combination set I mentioned in my previous post, you start adding other chars and length it takes exponentially longer for anything to brute force it.

Link to comment
Share on other sites

1 minute ago, bored369 said:

An online service would be the only portable thing worth it.  It takes raw power to make guesses and you aren't going to get that out of something portable when compared to something that fills entire rooms.

But then you have security concerns of posting stuff through a 3rd party and possibly charges as well.  Also keep in mind that's a small combination set I mentioned in my previous post, you start adding other chars and length it takes exponentially longer for anything to brute force it.

What type of pentesting/hacking can I do with a Rpi3? 

Link to comment
Share on other sites

27 minutes ago, Geek212121 said:

What type of pentesting/hacking can I do with a Rpi3? 

Same kind you can do with any linux box.  I mean that's a pretty broad question.

You just have to remember that there's not a lot of processing power, so it would be more useful to get the passwords or hashes you want cracked with the Pi then transfer it another system to do the bruteforce work.

Link to comment
Share on other sites

1 minute ago, bored369 said:

Same kind you can do with any linux box.  I mean that's a pretty broad question.

You just have to remember that there's not a lot of processing power, so it would be more useful to get the passwords or hashes you want cracked with the Pi then transfer it another system to do the bruteforce work.

I'm new to all of this type of stuff, just getting started. Any suggestions on where to start off would be great because I think I've just jumped in the deep end wanting to do something that I should probably wait to do.

Link to comment
Share on other sites

23 minutes ago, Geek212121 said:

I'm new to all of this type of stuff, just getting started. Any suggestions on where to start off would be great because I think I've just jumped in the deep end wanting to do something that I should probably wait to do.

That is one of the smartest things I've seen on the internet today.

 

Go get this book, should point you in the right direction.

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/ref=sr_1_sc_1?ie=UTF8&qid=1493317138

Link to comment
Share on other sites

1 minute ago, barry99705 said:

That is one of the smartest things I've seen on the internet today.

 

Go get this book, should point you in the right direction.

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/ref=sr_1_sc_1?ie=UTF8&qid=1493317138

Sweet, thanks for that! Any little simple things I can start with for now? 

Link to comment
Share on other sites

One of the things you can start with is checking You tube, there are multiple videos out there for beginners in Linux and even plenty dedicated to Kali specifically. 

 

Just remember you have o crawl first, the info sec field is very vast and it is easy getting in over your head and getting frustrated with it.

Link to comment
Share on other sites

14 hours ago, Geek212121 said:

Just seen you're a RPi lover so you may know this. If I wanted to use my RPi 3 for cracking wifi passwords can I just use raspbian or do I need to install Kali to do so??

Agreed with barry.

RPis are fantastic little things for having an on-the-go box for pen testing, however they certainly shouldn't be used for password cracking themselves.

Use an RPi to grab a password hash or WiFi handshake, sure, but then transfer the hash to a more powerful machine or use an online service to get the password. RPis would take years to crack a hash, compared with days for a desktop PC.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...