Penetration testers and threat actors (hackers) share a lot in common when it comes to the methods and tools used to test a network’s defenses, identify vulnerabilities, and compromise systems. The similarities far outweigh the differences except in authorized access.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
Note: The aim of this article isn’t to provide anyone with the green light to run security tools on any network that isn’t owned by the user. This goes for networks you might be allowed to work on in a certain capacity, but please understand that most networks will not look too favorably on their own IT staff performing pentesting tasks on them. So, unless you have explicit permission to do so: DON’T! Set up a lab of your own and test there instead.
It’s also not the aim of this article to walk you through the step-by-step process of hacking a network. Rather, it is to illustrate some of the uses for automated pentesting tools and how they may even be used for specific types of attacks to raise awareness of these unauthorized devices. They may even be sitting in your network closet or plugged in to the back of a desktop computer as you read this.
SEE: CISA warns of attacks on cloud-based services (TechRepublic)
Before we begin, some of the hardware tools you may need to set up one or all of these are listed below:
- Raspberry Pi
- USB flash drive (8GB or larger)
- microSD card (32GB or larger)
- microSD USB flash drive adapter
- USB wireless card (supporting packet injection and monitor mode)
- USB 2.4Ghz radio dongle
RasPwn OS on Raspberry Pi
This Linux distribution is a more defensive tool (or quite the opposite, depending on your perspective). What I mean is, this open-source OS image, when installed on a Raspberry Pi 2/3b, for example, emulates a vulnerable Linux server with vulnerabilities to exploit. The concept behind this vulnerable OS is for users to test their security skills, effectively learning how to exploit these systems and how to best protect them.
SEE: Is your boss spying on you? It’s possible, and privacy laws aren’t there yet (TechRepublic)
The installation process for RasPwn is straightforward for anyone with experience installing images on SD cards for use with Raspberry Pi. Depending on the OS installed on the computer you will be installing the image from, there are several different methods to copy the image over. Using the dd utility on Linux/macOS or Win32DiskImager can accomplish this task. Once the microSD is booted from the Raspberry Pi, RasPwn will boot and resize the image, and then the system will be ready for attack.
Rubber Ducky on USB flash drive
The USB Rubber Ducky is described by its vendor Hak5 as “a keystroke injection tool,” which comes in the form of a standard issue USB flash drive. Beneath its conventional exterior lies a small, yet powerful tool that effectively convinces computers that it is a keyboard and allows any number of commands, or “Ducky scripts,” to execute on the host device.
SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)
While it is possible to create your own Rubber Ducky using a development board, the complexity has been removed using Hak5’s own-built device available on its website, along with a number of tutorials and demonstrations of various attack types. Want to test keylogging capability? Check. Perform exfiltration of credential hashes? Yup. Create reverse shells? That and so much more can be done in mere seconds.
From an attacker’s standpoint, the capabilities are nearly endless whether the commands are being executed within the limited character space of the loader itself or leveraging the host’s own internet connectivity to phone home to a cloud-hosted server or shared drive space to retrieve more complex scripts from a command and control (C2) server. Depending on your skill set and what types of information you’re looking to test, your imagination is the limit.
Kali Linux on Raspberry Pi
Anyone who has more than dabbled in computer security should be well aware of Kali and all the glorious tools offered by the infosec-focused distro. In a nutshell, just about any open-source security tool in use today can be found in the latest Kali Linux image. Offsec Services, the maintainers of the Kali distro, make it available for a variety of hardware/device types, including Raspberry Pi, which makes perfect sense when looking to deploy a customized tool that is powerful, yet stealthy.
SEE: How to install Kali Linux tools on Ubuntu with this easy script (TechRepublic)
The process of getting the image onto the microSD card is similar to other Pi-based projects and referenced above in the RasPwn section. Once the image is written to SD card, the card is then loaded into the Pi device and booted to complete the installation and setup. It’s that simple! However, if you’re looking to pre-configure your Kali environment, like further customizing tools, installing or removing specific toolsets, or if you just like to tinker with the repositories, using the rpi.sh script allows users to modify it accordingly and build their own customized version of Kali.
By including the necessary tools and customizing them during installation, the resulting pre-configured environment ensures that your tools contain exactly what will be needed when deploying your security testing tools to the testing environment. And since Kali is a full-fledged OS in its own right, it is fully upgradable and manageable from remote connections, reverse shells, and over ad-hoc wireless connections for maximum flexibility.