Instructables

MyLittlePwny - Make a self powered pentesting box out of the Raspberry Pi for around $100

Featured
MyLittlePwny is a $100 portable wireless pen-testing drop box running PwnPi or Ha-pi (Untested).  It is cost efficient, modular, easy to put together and, unlike PDAs and smartphones, the hardware is fully extensible. 

AUTHOR EDIT:  It was requested that I explain exactly what "Pentesting" is.  Pentesting is short for Penetration testing and while it can refer to the process of testing inked writing implements, I am referring to the process of testing a wireless access point, and underlying network, for security flaws.
http://en.wikipedia.org/wiki/Penetration_test
While I am not a network professional, I can tell you that there are MANY tools used for doing this; some open and some proprietary.  I also say that this is a Penetration testing platform because it refers to the lawful testing of your own access point against security flaws....Unless you work for a government agency, in which case you are the law and you can use it to steal network traffic from the bad guys.  Now, let's get cracking....no pun intended.


Here's what you'll need.

Raspberry Pi Model B.    $35 + shipping (maybe $42 max)
I recommend getting the Model B, because it has an Ethernet port, which is useful if you want to SSH tunnel into it for remote use.

USB to MicroUSB (May come with Battery Pack) Free if you have one or get it in with your battery pack.  Otherwise I paid $15 for a Motorola charging cable before I got one with my battery.

Alpha AWUS 036H Wireless Adapter   $40
I recommend the Alpha 036H because it is a very cost effective adapter and works well on the distribution you'll be using.

8GB Class 4 SD card (tested)   $8 on sale
This is the SD card that I have and it works great.  The image consists of a 4.1GB partition and 0.78 GB partition, so 8 GB's to be on the safe side.
You're going to image (dd) to this with pwnpi in this instructable: http://sourceforge.net/projects/pwnpi/

Gigaware Modular Powered USB hub With an extra male USB for powering the hub   $8
I bought this from Radioshack and it works great, but you can use anyone as long as it take it's power from a USB cord not AC adapter.

5000 mAh power pack with 2 USB power ports.   Powers is for about an hour.  $14 + $6 shipping to New Jersey
I bought this one because it was cheap and works fine.  http://www.amazon.com/gp/product/B004P8E612/ref=olp_product_details?ie=UTF8&me=&seller= .  It was literally from China, the return adress was the Hong Shu Paint Building.   You can also get them from Newtrent and other phone accessory places if you don't want to wait a week for it.

Mouse and Keyboard  Free or cheap (depending on if you already own them)

Some little existing knowledge of Linux commands and working with wireless drivers.  Knowledge is FREE!

Now that we have our parts and our thinking caps on, let's get to it!
 
Remove these adsRemove these ads by Signing Up

@Bellerophon2200

Thanks for sharing. Is there an updated image? Would be nice using two radios. One in client mode to control it and another for Attacking. Use it headless.

Bellerophon2200 (author)  WilsonBradley12 days ago

hey, it's just the standard image of pwnpi which can be found here http://pwnpi.sourceforge.net/

Good luck :)

Ya, I found a newer version

https://github.com/xtr4nge/FruityWifi/wiki/Install

Wonder whats better that or using Kali

wakojako2 years ago
Damn it! You had to get here first! I had the exact same idea.
I tip my hat to you still - great 'ible.
Bellerophon2200 (author)  wakojako2 years ago
Thanks man! I'm just glad I could put some thoughts to page. There are still SO many better ways to make it mobile with a more robust power source that lasts longer. Please let me know about your mods, would love to do more with my Pi. :D
Oh I will.

I was thinking somewhere along the lines of Hak5's "Wi-Fi Pineapple".* My idea (well, one of) was to have airdrop-ng running to force all nearby clients onto my rogue AP (on the Pi) or automate dsniff's Arpspoof to automatically become the man in the middle.

For black hat stuff, you could of course run sslstrip to acquire passwords etc but I was thinking of a more grey hat kind of thing.

E.g. A script could automatically use these password to gain access to the compromised account (E.g. facebook, twitter etc) where it would post a warning message that the account has been compromised and that the user should take better precautions to protect their data - very much like what Idiocy** does. This is only one idea though, I may think up a better one if I get a Pi.

*You'll love Hak5 if your into this kind of thing (link to the episode I referenced)
**Idiocy (It's a safe link, it's only the tool that does the hacking, not the site)

Love Hak5

Had the same interest. Did you ever make a good working image you can share.?

Bellerophon2200 (author)  wakojako2 years ago
Awesome idea man! I've never even heard about Idiocy, that's really cool! Thanks for letting me know about that. I've also thought about installing Karma, but I can't find the time working two jobs haha.
How about one of these: http://www.fxitech.com/products/? Whole deal could be powered by any usb power. I know a dozen places that could be hidden in my house with little likelihood of finding it.
For power I was thinking if a sealed lead acid battery from Toolstation - two 4ah 6volt ones are only 18 quid. The problem is (apart from not having a pi) that my current USB wifi card (zyxel nwd-270n) is a bit naff, for karma or long range I'd want a awus036nha from alfa but they're the same price as a pi.
desti8411 months ago
Hey !
First, sorry but my english ist not good ;)

Same over here. Made a pwnpi with nearly the same configuration (got 1 more wireless if).

Currently I am working on some features of the Operation System like:
-powersaving changes like deactivated unnecessary services, lower cpu power etc. //in progress and testings

- creating scriptfiles for the first configuration of the pi (like, setting upthe "normal" wifi device for use with the own mobile phone.) //in progress

- autom. connect to my mobile phone after power up with the "normal" wireless device //done

-autom. reconnect to my mobile phone after a interrupt of the connection. //done

-creating a webinterface for "easy using" with the most necessary functions for wardriving to make it as easy as possible (without SSH/VNC) //in progress.

-starting monitor mode on the alfa wifi card. //done

-Scan the World and put the output into a file //done

- use the output of the scan and make it useable with the webserver (generate an html file of the output) //in progress

- And some more features. Much work here ;)

Maybe you like to share some ideas or just wanna get in contact with someone whos working on the same things ;)

Regardz,
Desti84

Can you share the Raspberry image?

I did a similar set up (which I still am using). To improve on your battery life, you can ditch the Alfa Network adapter and use a low power one (Airlink 101 has this great RTL8187 based usb adapter, since your design is small enough you don't really need a long range wireless adapter when you can drop it nearer the access point that you're trying to crack). This will greatly reduce the Watts consumed to about 2.80 W (or less since the USB adapter will only be powered from the RPi's USB Port).

Hey bro...

Im looking for this exact setup on Raspberry (love to have it convenient like Pineapple) Do you have an image you could share? You can also ping me direct.

I have spent MANY hours trying to get access point to work using a USB wifi(RTL8192cu). After that, use an additional RTL8187 to look around and play with.

Bellerophon2200 (author)  tacticalninja2 years ago
That's awesome! I'll check it out, because you're right, you can leverage the size to save power. Thank you.

You can also limit the power of the Alfa using power saving mode. This way you don't have to buy a new card.

Question for you. Do you know how to enable monitor mode on the RPI? The card works, just doesn't monitor properly. Where did you get your drivers?

Yes you can limit the power of the Alfa, per se, but then you would have to plug it in first before you can do so. While there's no set up needed for the low powered one.

@Question: Sure, PwnPi includes the "Aircrack-NG" suite which includes "airmon-ng". You can type in the command "airmon-ng start [interface]", if this is what you're already doing and it's still not working, your card might be supported for the raspberry pi, but not with airmon-ng. In my experience the best cards to use for monitor mode are those with "rt2800", and "rtl8187" chipsets. Not all cards support monitor, or packet injection modes.

EPICBRONY1 year ago
HL3!!!!!!!!!!!!!!!!!!!!!!!!!!!1
Skymeat2 years ago
Great Stuff! I've also been waiting for people to start doing cool things with the Pi. I only wish you could power it with PoE!
Sure you can, though you need to do some soldering.
XTL2 years ago
The WR703N modem is an integrated wifi and linux box for only 25 dollars.
The pen testing distribution and instructons are here.
http://www.minipwner.com/
Yeah I did something similar using that mini-router. Since the router part is built-in on the board and can be an access point on it's own, the only thing left for me to do is host fake websites, wherein people will be redirected to a fake frontpage of a website (facebook twitter myspace etc.) using captive portal and returns a "403 error Page Not Found" when they login with their credentials. Those credentials are then saved on a mySQL database using PHP5.
geneorama2 years ago
I'm so glad you defined "pentesting". Very nice intro, background... and pun
For some of those who are questioning the concept of pentesting is more of a hacker centric idea. Sadly there is still a rift between hacker logic and mainstream IT engineering although that rift is shrinking.

A device like this is perfect for "red team" exercises. The concept dates back to the cold war wargames where a malicious "red team" would attack and the "blue team" would defend. This concept has been updated and is becoming widely implemented in network security. A company hires either an outside organization or has an internal member simulate going rogue and they attempt to do bad things. There are ground rules written up at the start as what is untouchable but the system security personell are usually left in the dark. This way both human and hardware systems are tested. At the end of the exercise both teams are brought together and the weaknesses are analyzed and are either resolved or at least the network admins are made aware of their existence and can adjust their practices accordingly.

as inexpensive and easy as this device and others like it are to construct it would be a choice tool in a person wishing harm upon any network. or an equally valuable tool to the system administrator who tend to often be hampered by cash and hardware constraints.
wikipedia article on red team.. for fun reading

http://en.wikipedia.org/wiki/Red_team
kmpres2 years ago
Yes, I too, am involved with network engineering and have never heard of this. For those of us who don't know, could you please explain what pentesting is, and what you can use your pentesting box for? Thanks.
Light_Lab2 years ago
Like Billyup I too had to search the internet to find what "Pentesting" meant. As it turns out I am actually involved in network penetration testing but we don't use the term "Pentesting" at the company where I work here in Oz, possibly because of the confusion with with testing writing implements. It would help if you explained at the start exactly what the device is used for and expanded the section on it's use.
billyup2 years ago
Some of these things are WAY PAST me even knowing what you talk about! I had to do two searches to even find out what "Pentesting" meant!
David972 years ago
I have just bought a raspberry pi and thought that it's great to finally see instructables comming out about it. I have intentions of making mine mobile!!!
1up2 years ago
No Rainbow Dash theme? I'm highly disappointed.

Ah well, nice Instructable!