MyLittlePwny - Make a Self Powered Pentesting Box Out of the Raspberry Pi for Around $100

293,481

249

36

Published

Introduction: MyLittlePwny - Make a Self Powered Pentesting Box Out of the Raspberry Pi for Around $100

MyLittlePwny is a $100 portable wireless pen-testing drop box running PwnPi or Ha-pi (Untested).  It is cost efficient, modular, easy to put together and, unlike PDAs and smartphones, the hardware is fully extensible. 

AUTHOR EDIT:  It was requested that I explain exactly what "Pentesting" is.  Pentesting is short for Penetration testing and while it can refer to the process of testing inked writing implements, I am referring to the process of testing a wireless access point, and underlying network, for security flaws.
http://en.wikipedia.org/wiki/Penetration_test
While I am not a network professional, I can tell you that there are MANY tools used for doing this; some open and some proprietary.  I also say that this is a Penetration testing platform because it refers to the lawful testing of your own access point against security flaws....Unless you work for a government agency, in which case you are the law and you can use it to steal network traffic from the bad guys.  Now, let's get cracking....no pun intended.


Here's what you'll need.

Raspberry Pi Model B.    $35 + shipping (maybe $42 max)
I recommend getting the Model B, because it has an Ethernet port, which is useful if you want to SSH tunnel into it for remote use.

USB to MicroUSB (May come with Battery Pack) Free if you have one or get it in with your battery pack.  Otherwise I paid $15 for a Motorola charging cable before I got one with my battery.

Alpha AWUS 036H Wireless Adapter   $40
I recommend the Alpha 036H because it is a very cost effective adapter and works well on the distribution you'll be using.

8GB Class 4 SD card (tested)   $8 on sale
This is the SD card that I have and it works great.  The image consists of a 4.1GB partition and 0.78 GB partition, so 8 GB's to be on the safe side.
You're going to image (dd) to this with pwnpi in this instructable: http://sourceforge.net/projects/pwnpi/

Gigaware Modular Powered USB hubWith an extra male USB for powering the hub   $8
I bought this from Radioshack and it works great, but you can use anyone as long as it take it's power from a USB cord not AC adapter.

5000 mAh power pack with 2 USB power ports.   Powers is for about an hour.  $14 + $6 shipping to New Jersey
I bought this one because it was cheap and works fine.  http://www.amazon.com/gp/product/B004P8E612/ref=olp_product_details?ie=UTF8&me=&seller= .  It was literally from China, the return adress was the Hong Shu Paint Building.   You can also get them from Newtrent and other phone accessory places if you don't want to wait a week for it.

Mouse and Keyboard  Free or cheap (depending on if you already own them)

Some little existing knowledge of Linux commands and working with wireless drivers.  Knowledge is FREE!

Now that we have our parts and our thinking caps on, let's get to it!

Step 1: Imaging Your SD Card.

First we must prepare our SD card with an image of PwnPi.  http://sourceforge.net/projects/pwnpi/files/
Download and unzip it with your program of choice.

Next, we must image our card with a program.  I use ImageWriter from the Ubuntu Software Center.
If you're using linux, you can dd it to your card as well.
If you're using windows, you can use https://launchpad.net/win32-image-writer/

At this time, you may want to start charging your battery pack.

Step 2: Powering Up Your Pi

Putting it together is really the easiest part.  Collecting the materials was the most difficult, I'm sure, but putting them together is really easy.  In short, your USB hub and Raspberry Pi get their power from the battery pack.  The Wireless adapter, keyboard and mouse are connected to your USB hub.

When putting everything in, wait to put your raspberry pi into the battery power pack until everything else is plugged in, because it will boot up immediately.

Step 3: Using Your OS and Tips

Log into your Pi (pwnpi user: root  pass: root)

From here you can do anything you would normally do.
For an example I enabled  a virtual adapter, used wash to check for access points and Reaver to do a WPS bruteforce test against my router.

This little guy works really well...Next we'll analyze what I'm sure everyone is asking.... "What about the battery life!?"

Step 4: Battery Life

Theoretically, the MLP should last for 3-4 hours.
The battery pack is 5000 mAh so:

@ 5v it should give 25 watt hours.
The pi should draw 2.6 watts and the Alpha adapter is about 1 W.

25 Wh / 3.6 W = 7 hours

During a test of my adapter ticking away at Reaver full speed ahead, it was only able to last 1 hour.
Past 1 hour it was usable, but was running into problems even initializing the wlan2.

Currently, two aspects need to be improved:
1.  Longevity on battery power
2.  Heat dissipation, (which can cause the Pi and adapter  to slow down if it is in a hot room or enclosed).



Step 5: Results

The Raspberry Pi as a portable, wireless penetration testing platform is very robust in capability but also lacking on longevity.
Pros:
  • Portable, small, fits in a small container.
  • Hardware is extensible, robust and has an ethernet controller.
  • Inexpensive and modular.
  • Perfect for shipping for remote administration and remote physical wireless presence by network security and law enforcement professionals.  Especially Law Enforcement in small jurisdictions, who do not have a large budget.
Cons:
  • Poor battery life.
  • CPU and adapter chips run hot.
  • No case (as of yet).

Step 6: Possibilities for the Future!

Possibilities....

While doing this project and thinking about it's capabilities, I realized that this platform had so many more applications, much cooler, than being a portable pen-testing platform that I almost dropped the idea.

Fun...
Battery powered HTPC.....at about 1/4 of the price of a laptop!!!
Battery operated game emulator or "In the groove" emulator.
On site livestream.  Capture live video or audio on location and live stream it over WiFi or 3G.

serious business...
Switch between a weather monitoring probe on the roof of a taxi, to capturing foot traffic patterns in a city, to anything else by switching SD cards.
Automate things DIY style with full terminals and GUIs on board.  Like a cowboy that welcomes people to a store...don't judge.
Strap a few onto RC helicopters and make a mesh network anywhere.

The possibilities are endless and I'm sure I'll think of more cool things once I'm finished typing this, but the idea is that, you don't have to be a rocket scientist to make something cool now.  I know I'm not and I did.

RasBMC - http://www.raspbmc.com/download/
PwnPi - http://sourceforge.net/projects/pwnpi/
Hi-Pi - http://www.seclist.us/2012/06/ha-pi-hack-with-raspberrypi.html
In The Groove - http://openitg.gr-p.com/
BATMAN (open mesh network) - http://www.open-mesh.org/projects/open-mesh/wiki

Share

    Recommendations

    • Casting Contest

      Casting Contest
    • Oil Contest

      Oil Contest
    • Make it Move Contest

      Make it Move Contest
    user

    We have a be nice policy.
    Please be positive and constructive.

    Tips

    Questions

    36 Comments

    Same, i am on a raspberry pi zero and the only image i have EVER got to work is raspbian

    Forgot to add, it boots if I use my old rasbmc sd card

    $40 for Alfa AWUS036H? Cmon :D http://www.aliexpress.com/item/2014-New-High-Tech-ALFA-AWUS036H-1000MW-WIFI-Wireless-USB-Network-Adapter-5DB-Antenna-with-Realtek8187L/2039700785.html

    Using your OS and Tips step is empty. This is why this instructable is not helpful for "How to use pwnpi" Yes, you have explained how to connect things and how to image and eeprom. And yes you explained how to login to OS. But where is the most important part? (How to use this pwnpi OS) But good instructable and similar to the other raspi instructables.. Thank you for sharing.

    2 replies

    Hey, sorry for the lack of information. I didn't want to make it too long.

    What about the OS were you having trouble with? I'll add it to the guide. Anyway, overall the image is just a standard Debian image with lots of tools on it. http://www.pwnpi.com/tools-list/

    As for wireless drivers. I believe the drivers come with it, otherwise you can look here for all about mac80211 and compat drivers: http://www.aircrack-ng.org/doku.php?id=install_drivers

    Thanks :D

    Yes there are a lot of tools (200+) and this is why they are hard to explain. I can understand you :D I have never seen an explanation of them anywhere. So i think if you do it, this will be the first instructable of pwnpi usage. ;) And also it will be very helpful for anyone who use unix OS like backtrack, kali linux.. Thank you for reply

    I did a similar set up (which I still am using). To improve on your battery life, you can ditch the Alfa Network adapter and use a low power one (Airlink 101 has this great RTL8187 based usb adapter, since your design is small enough you don't really need a long range wireless adapter when you can drop it nearer the access point that you're trying to crack). This will greatly reduce the Watts consumed to about 2.80 W (or less since the USB adapter will only be powered from the RPi's USB Port).

    5 replies

    Hey bro...

    Im looking for this exact setup on Raspberry (love to have it convenient like Pineapple) Do you have an image you could share? You can also ping me direct.

    I have spent MANY hours trying to get access point to work using a USB wifi(RTL8192cu). After that, use an additional RTL8187 to look around and play with.

    Hi there,

    I'm using the same image mentioned from this page (pwnpi v3.0). You can get it here: http://pwnpi.sourceforge.net/. I didn't modify the image in anyway to have it work, it's great that the RTL8187 is supported out of the box.

    The developer of that image had set it up to work pretty much like the backtrack/kali linux distro and that it works out of the box without much setup.

    That's awesome! I'll check it out, because you're right, you can leverage the size to save power. Thank you.

    You can also limit the power of the Alfa using power saving mode. This way you don't have to buy a new card.

    Question for you. Do you know how to enable monitor mode on the RPI? The card works, just doesn't monitor properly. Where did you get your drivers?

    Yes you can limit the power of the Alfa, per se, but then you would have to plug it in first before you can do so. While there's no set up needed for the low powered one.

    @Question: Sure, PwnPi includes the "Aircrack-NG" suite which includes "airmon-ng". You can type in the command "airmon-ng start [interface]", if this is what you're already doing and it's still not working, your card might be supported for the raspberry pi, but not with airmon-ng. In my experience the best cards to use for monitor mode are those with "rt2800", and "rtl8187" chipsets. Not all cards support monitor, or packet injection modes.

    @Bellerophon2200

    Thanks for sharing. Is there an updated image? Would be nice using two radios. One in client mode to control it and another for Attacking. Use it headless.

    2 replies

    Love Hak5

    Had the same interest. Did you ever make a good working image you can share.?

    Hey !
    First, sorry but my english ist not good ;)

    Same over here. Made a pwnpi with nearly the same configuration (got 1 more wireless if).

    Currently I am working on some features of the Operation System like:
    -powersaving changes like deactivated unnecessary services, lower cpu power etc. //in progress and testings

    - creating scriptfiles for the first configuration of the pi (like, setting upthe "normal" wifi device for use with the own mobile phone.) //in progress

    - autom. connect to my mobile phone after power up with the "normal" wireless device //done

    -autom. reconnect to my mobile phone after a interrupt of the connection. //done

    -creating a webinterface for "easy using" with the most necessary functions for wardriving to make it as easy as possible (without SSH/VNC) //in progress.

    -starting monitor mode on the alfa wifi card. //done

    -Scan the World and put the output into a file //done

    - use the output of the scan and make it useable with the webserver (generate an html file of the output) //in progress

    - And some more features. Much work here ;)

    Maybe you like to share some ideas or just wanna get in contact with someone whos working on the same things ;)

    Regardz,
    Desti84

    1 reply