Embed Size (px)
Citation preview
Raspberry Pi Workshop
BSidesDFW, 2013 MAKEUP SESSION
@BrandenWilliams
Format
Intro to Raspberry Pi
Walk around the setup
Set up for use
EXERCISE
Review
Additional Resources
Call-out box
What is this thing?
$35 Wunderdevice
What we’re going to do today
Interface with the Raspberry Pi
Do some basic configuration work
Walk through scenarios in which it can be used
Exercise
Discuss results
Q/A
Fun Ideas for Covert Hacking
Network sniffer Wireless backdoor 2-wifi dongles = Wi-Fi sniffer that you can connect to via Wi-Fi for downloads!
Attach GPS and track a car (power with cigarette lighter/battery)
How much fun to be had at STARBUCKS!!
Fun Ideas for Covert Hacking
Mobile fun with hacked baseband Audio listening device Spooky Halloween automation! Camera system Pair with Arduino for alarm systems Tweet stuff when you want it to Covert signaling!
Things to remember:
BE CREATIVE! 2 onboard USB ports Ethernet Audio Video Low power required Extra pins for EXTRA HACKING
Let’s get to the fun stuff!
Prep work before we plug her in
First, we need to make some adjustments to BerryBoot
Your Pi comes with BerryBoot installed, allowing you to drop multiple operating systems on one card
You could also carry a wallet of smaller cards (they are cheap) with each OS on there
Plug your SD card into your laptop and open cmdline.txt, edit it like this:
smsc95xx.turbo_mode=N elevator=deadline quiet nobootmenutimeout datadev=mmcblk0p2 ipv4=192.168.1.50/255.255.255.0/192.168.1.1 vncinstall
OK, now what did we just do?
Couple of things:– BerryBoot now set up for HEADLESS operation
– There is a STATIC IP setup You can make it DHCP if you like You can also set it to default to WiFi device
– We also removed the autoboot…
Options you may want to consider for covert use:– Put a boot timeout (bootmenutimeout=60)
– Potentially set static on WiFi for berryboot
– Remember, BerryBoot can be different from OS.
Plug her in!
OK, time for some power & ethernet
Insert SD card & Wi-Fi dongle Plug the ethernet crossover cable into your laptop first
Then plug in the power
Wait a few!
Take a moment to review the indicator lights on the top of your Pi.
Basic troubleshooting starts here:– ACT: Green, flashes during SD card activity
– PWR: Red, solid light when unit has power
– FDX: Green, solid light when Ethernet is Full Duplex
– LNK: Green, flashes on activity
– 100: Orange, On when connection is 100Mbps, off 10Mbps
Try testing connectivity
You should be able to pull up your VNC client now and connect to 192.168.1.50
You can also ping it
You will be presented with the BerryBoot screen…
What you should be seeing…
Try testing connectivity
Choose Raspbian!
Wait a little more…
Then you should be able to ping/ssh into the device at 192.168.1.50
Few more things to set up!– SSH to [email protected], password raspberry
– CHANGE THE PASSWD! (enter command ‘passwd’)
– Consider changing root password as well
– Next, let’s do some wifi!
Connecting to WiFi
/etc/network/interfaces:allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
iface default inet dhcp
/etc/wpa_supplicant/wpa_supplicant.confnetwork={
ssid=“GuestNetwork”
scan_ssid=1
proto=RSN
key_mgmt=WPA-PSK
psk=“CC06062010”
}
Fire up WiFi
ifup wlan0
Check our routes...– route add default gw 192.168.2.1 wlan0
– route del default gw 192.168.1.1 eth0
Magic! Ping something! 8.8.8.8
Now, let’s get some updates and some new packages we need:– apt-get update
– apt-get upgrade
– apt-get install netatalk x11vnc
Next, we need a couple of files.
cd ~/.config/
mkdir autostart ; cd autostart
wget http://brando.ws/piwork1– Then rename the file piwork1 to x11vnc.desktop
cd /etc/avahi/services
sudo wget http://brando.ws/piwork2– Then rename the file piwork2 to rfb.service
Then REBOOT!
Next, connect back VNC
Boot to Raspbian, and then VNC in again…
You should see…
Now, you should see your desktop:
Next, Kali!
Exercise:
This is where we start to have some fun
Please choose one of the following:– Set up the web server and some wiki software
(apache2, wiki software like mediawiki) Apt-cache search wiki Get it serving up a page!
– Compromise the vulnerable machine (CTF) There is a vulnerable machine on the wireless network Identify it, and break in
– CREATE YOUR OWN!
Additional Resources
www.raspberrypi.org
www.arduino.cc
elinux.org/RPi_Distributions
elinux.org/RPi_Hub
www.raspbian.org
www.kali.org
BerryBoot
Karlssonrobotics.com
Some additional notes
If you break your distro, no worries. Just reflash SD card.
You can mount the card & OS on most machines to edit files if you have a config error.
Your Pi comes with BerryBoot. You can add more operating systems by following the instructions on their website.
214.727.8227
brandenwilliams.com
@BrandenWilliams
facebook.com/
BrandenRWilliams
linkedin.com/in/bwilliams
How about we stay in touch?
– If you would like a copy of these slides: Text [email protected] the code bsdfwpi, a comma, & your email
address Example: bsdfwpi,[email protected]
– Stay up to date with things I’m working on (opt in)!
– Contact: @BrandenWilliams brandenwilliams.com
This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Branden R. Williams reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes.
This work is an unpublished work and contains confidential, proprietary and trade secret information of Branden R. Williams. Access to this work is restricted to Branden R. Williams and any employee who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected or adapted without the prior written consent of Branden R. Williams.
