Exercise

Report
Raspberry Pi Workshop
BSidesDFW, 2013  MAKEUP SESSION
@BrandenWilliams
Format

Intro to Raspberry Pi

Walk around the setup

Set up for use

EXERCISE

Review

Additional Resources
Callout box
What is this thing?
$35 Wunderdevice
What we’re going to do today

Interface with the Raspberry Pi

Do some basic configuration work

Walk through scenarios in which it can be used

Exercise

Discuss results

Q/A
Fun Ideas for Covert Hacking
 Network
sniffer
 Wireless backdoor
 2-wifi dongles = Wi-Fi sniffer that you
can connect to via Wi-Fi for downloads!
 Attach GPS and track a car (power with
cigarette lighter/battery)
 How much fun to be had at
STARBUCKS!!
Fun Ideas for Covert Hacking
 Mobile
fun with hacked baseband
 Audio listening device
 Spooky Halloween automation!
 Camera system
 Pair with Arduino for alarm systems
 Tweet stuff when you want it to
 Covert signaling!
Things to remember:







BE CREATIVE!
2 onboard USB ports
Ethernet
Audio
Video
Low power required
Extra pins for EXTRA HACKING
Let’s get to the fun
stuff!
Prep work before we plug her in

First, we need to make some adjustments to BerryBoot

Your Pi comes with BerryBoot installed, allowing you
to drop multiple operating systems on one card

You could also carry a wallet of smaller cards (they
are cheap) with each OS on there

Plug your SD card into your laptop and open
cmdline.txt, edit it like this:

smsc95xx.turbo_mode=N elevator=deadline quiet
nobootmenutimeout datadev=mmcblk0p2
ipv4=192.168.1.50/255.255.255.0/192.168.1.1
vncinstall
OK, now what did we just do?

Couple of things:
– BerryBoot now set up for HEADLESS operation
– There is a STATIC IP setup
 You can make it DHCP if you like
 You can also set it to default to WiFi device
– We also removed the autoboot…

Options you may want to consider for covert use:
– Put a boot timeout (bootmenutimeout=60)
– Potentially set static on WiFi for berryboot
– Remember, BerryBoot can be different from OS.
Plug her in!
 OK,
time for some power & ethernet
 Insert
SD card & Wi-Fi dongle
 Plug
the ethernet crossover cable into
your laptop first
 Then
plug in the power
Wait a few!

Take a moment to review the indicator lights on
the top of your Pi.

Basic troubleshooting starts here:
– ACT: Green, flashes during SD card activity
– PWR: Red, solid light when unit has power
– FDX: Green, solid light when Ethernet is Full Duplex
– LNK: Green, flashes on activity
– 100: Orange, On when connection is 100Mbps, off
10Mbps
Try testing connectivity

You should be able to pull up your VNC client now
and connect to 192.168.1.50

You can also ping it

You will be presented with the BerryBoot screen…
What you should be seeing…
Try testing connectivity

Choose Raspbian!

Wait a little more…

Then you should be able to ping/ssh into the
device at 192.168.1.50

Few more things to set up!
– SSH to [email protected], password raspberry
– CHANGE THE PASSWD! (enter command ‘passwd’)
– Consider changing root password as well
– Next, let’s do some wifi!
Connecting to WiFi

/etc/network/interfaces:
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp

/etc/wpa_supplicant/wpa_supplicant.conf
network={
ssid=“GuestNetwork”
scan_ssid=1
proto=RSN
key_mgmt=WPA-PSK
psk=“CC06062010”
}
Fire up WiFi

ifup wlan0

Check our routes...
– route add default gw 192.168.2.1 wlan0
– route del default gw 192.168.1.1 eth0

Magic! Ping something! 8.8.8.8

Now, let’s get some updates and some new
packages we need:
– apt-get update
– apt-get upgrade
– apt-get install netatalk x11vnc
Next, we need a couple of files.

cd ~/.config/

mkdir autostart ; cd autostart

wget http://brando.ws/piwork1
– Then rename the file piwork1 to x11vnc.desktop

cd /etc/avahi/services

sudo wget http://brando.ws/piwork2
– Then rename the file piwork2 to rfb.service

Then REBOOT!
Next, connect back VNC

Boot to Raspbian, and then VNC in again…

You should see…
Now, you should see your desktop:
Next, Kali!
Exercise:
This is where we start to have some fun

Please choose one of the following:
– Set up the web server and some wiki software
 (apache2, wiki software like mediawiki)
 Apt-cache search wiki
 Get it serving up a page!
– Compromise the vulnerable machine (CTF)
 There is a vulnerable machine on the wireless network
 Identify it, and break in
– CREATE YOUR OWN!
Additional Resources

www.raspberrypi.org

www.arduino.cc

elinux.org/RPi_Distributions

elinux.org/RPi_Hub

www.raspbian.org

www.kali.org

BerryBoot

Karlssonrobotics.com
Some additional notes

If you break your distro, no worries. Just reflash
SD card.

You can mount the card & OS on most machines to
edit files if you have a config error.

Your Pi comes with BerryBoot. You can add more
operating systems by following the instructions on
their website.
214.727.8227
[email protected]
brandenwilliams.com
@BrandenWilliams
facebook.com/BrandenRWilliams
linkedin.com/in/bwilliams
How about we stay in touch?
– If you would like a copy of these slides:
 Text [email protected] the code bsdfwpi, a comma, & your email address
 Example: bsdfwpi,[email protected]
– Stay up to date with things
I’m working on (opt in)!
– Contact:
 @BrandenWilliams
 brandenwilliams.com
This document is not to be construed as a promise by any participating company to develop, deliver, or market a product.
Branden R. Williams reserves the right to revise this document and to make changes to its content, at any time, without
obligation to notify any person or entity of such revisions or changes.
This work is an unpublished work and contains confidential, proprietary and trade secret information of Branden R.
Williams. Access to this work is restricted to Branden R. Williams and any employee who have a need to know to perform
tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed,
revised, modified, translated, abridged, condensed, expanded, collected or adapted without the prior written consent of
Branden R. Williams.

similar documents