Getting Started Hacking with Kali Linux on a Raspberry Pi

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello and welcome to another episode of hacking with friends my name is cody and this is my friend michael and today we're going to be going over an extremely popular topic which is how to get started hacking with the raspberry pi nice yeah yeah so the reason why this is popular is raspberry pi's are really cheap they've been around for quite some time and they have an amazing community built around them where basically there's just lots and lots of people who have tried out projects with the raspberry pi documented their experiences and are willing to lend some help and i find that to be really important for beginners getting into a project if you get started with something that has absolutely no documentation it can be a really frustrating experience so i love the raspberry pi's because they're generally around anywhere between like five to ten dollars to uh get started with like a really cheap one no i guess so adorable sorry yes the cat's really cute uh we need to get blinders for you that attached to the hat i can three people yeah yeah exactly yeah sorry so so yeah these things generally cost between five to ten dollars for the smallest variety the raspberry pi zero uh w although the five dollar one is like basically you can't you can't well no no no you can do some pretty sophisticated attacks you can do the poison top attack by sammy a cam car oh yeah but like so the five dollar one just doesn't have the wi-fi right right so it's like for five extra dollars for 500 bucks you can get keep in mind that raspberry pi are a little tricky you actually need some accessories in order to actually get started with one so let's say you want to get a raspberry pi well it starts at around 35 uh dollars or so but then uh if you want to actually run it you need a proper power supply today mine was crashing constantly it was because it was plugged into my macbook pro through a sketchy dongle so the problem was just power and the raspberry pi 4 also the first generation has a problem where if you don't get the right power supply it sometimes can't accept some of the more like this route this macbook pro cable it couldn't use it so um just keep in mind that uh you need to buy some extra things with raspberry pi an sd card that is pretty fast sorry a micro sd card that's pretty fast if you get a slow one your system is going to be slow and flashing it is going to be slow um a keyboard so you can interface with this thing an hdmi cable so you can connect it to some sort of interface there's other things that you'll need in order to get started with this but in general these start pretty cheap and they run linux so michael what's the difference between this esp8266 and this raspberry pi when it comes to hacking um i would probably say just like an order of magnitude computing power uh is the basic difference like they can both do wi-fi hacking like i don't think that the esp can capture handshakes right oh just wait so phone and i will get on that it can de-auth and do stuff like in do um reconnaissance type scans but the pi if you're gonna do like any kind of wi-fi hacking and in real reality like anyone i that's like oh hey i want to get into hacking i want to start a linux machine or something like that this is always what i recommend is just get like a raspberry pi mike try that first if you like that then you can go you know build or dedicate your laptop to kali linux but like this is a really good cheap option although i do still think like you were alluding to that uh 35 price tag is a little deceiving because once you get all those peripherals added on it's like 80 or more especially like the first time you start out because like then you're like well i don't technically need a micro sd card adapter but i don't have a device around here to program the micro sd card so now you have to have something for your computer to accept that and then so you just spiral into the the dongle world where you're like oh god i need 20 dongles to program this thing well that's a very long answer yeah and i would say that the primary difference between these two when it comes to hacking is that one of them is a microcontroller and the other one is a full on computer so it has an output for hdmi it has four usb type a ports it has audio jack out so you can make this a smart speaker and the raspberry pi pi also has two output hdmi outputs so you could plug it into two separate monitors just from this which is pretty cool for just a little computer that costs so little so if you have worked with the computer before um i'm assuming you have since you're watching this then this is pretty much what you should be used to this has a form of storage like a hard drive which is just the micro sd card it boots up an operating system with a graphical user interface and it's very very similar to every other computer you've used this is a microcontroller it's cool to program but we need a computer running an operating system generally to compile software and then flash it to this device so what that means is that this doesn't run an operating system we can't use it in the same way we can't really run programs on this the same way we can with this with this we need to figure out what we wanted to do in advance and then program that all into the microcontroller and then it pretty much just does one thing whereas this is much more like my macbook pro for example because you can put in a different uh an operating system that's appropriate for what you wanted to do it'll boot up and then you can run various different programs on it and that's exactly what we're going to be doing today only we're going to be using kali linux which is kind of the gold standard for people who want to get started with hacking and we're going to be starting this up using cali linux although this is a raspberry pi 4 which is in a little case with a fan on it we're going to be using a raspberry pi 3b i believe because all right um i do a lot of wi-fi hacking and a little known fact about the raspberry pi is that you don't need to get a separate wireless network adapter um to start hacking with the raspberry pi it supports monitoring it supports monitor mode so you can do de-offing and you can do monitor mode using a raspberry pi which means you can get and crack handshakes on the raspberry pi and we have done this at the rsa conference and it was really really cool so because of this uh if you want to get started with wi-fi hacking there's usually a you know wi-fi dongle or a wireless network adapter that you have to buy that goes along with it that's about 35 it's like the cost of the pie again so what's cool about this is you don't need to get anything else to start doing signals intelligent stuff running kismet our friend alex lynn has used this to be able to create something that uh like looks for creeps following him and like is able to use wi-fi and devices so it's really really cool that you can use the wi-fi card that's built into the raspberry pi to do a lot of stuff that normally you would have to pay extra for and that sounds like it'd be a great like network implant or something even like i could imagine you easily like if you uh were like pin testing or something and you got access to an office like you could just plug that into the ethernet and then have that generate a wi-fi like do wi-fi scans and then generate uh like an access point that you could log into and download all the data off of it oh yeah because it's a full linux system so anything you can do on a full linux system you can do on this within reason if you're gonna start cracking on it like it will do it it's just gonna take a while so i recommend the raspberry pi 3b just because that wireless card is particularly well suited to working um with evil wi-fi stuff the raspberry pi 4 i've gotten it to work um the raspberry pi 3b plus i believe i've gotten it to work but for the purpose of this guide i experienced i experienced some crashing and other stuff when i actually did try it so i recommend that if you don't already have a raspberry pi i recommend a 3b but if you already have a 3b plus or a 4 then you should be good to go if you have something older than that then i'm not totally sure if it's going to work a raspberry 2 pie 2 actually will work but it's too slow to do certain things like phishing and stuff like that it just doesn't have the processing power to convincingly you know do things like reroute traffic and serve as a router because it's just not fast enough itself did they actually change the wi-fi chipset between the three and the four i believe they did well no between the three and the four yes they did okay so that's why it doesn't work the same yeah because um this route this chip has 5g yeah so if it's fully working then i believe you could possibly do 5g attacks we may be able to if you guys like that idea um 5g wi-fi attacks with the raspberry pi then um yeah tell us you like it retweet it and what let us know in the comments not to go too deep down a rabbit hole but like what what 5g attacks work and like don't work like what can you all the stuff you can do on 2.4 g you can do on five okay so you can capture handshakes and do stuff like that there's no difference no there's no difference when it comes to the tools that will work it's just whether or not they're written for 5g so they have the right channels built in and whether or not your hardware supports it but like kismet like b site ng even i think uh will work on 5g that's pretty cool and arrogan is also really well tooled for for doing 5g as well they have it all built in so if you want to get started with that we can run air get in on our raspberry pi it's not installed by default but we can install it and then we can take advantage of um 5g attacks i'm not 100 sure if the if the card supports 5g for attacking but we should try it at some point again let us know if you're interested we'll do another one um so for the scope of this one what we're going to be doing is basically just getting set up with the normal kali linux tooling and this has changed since i wrote a guide about it a couple years ago and that guy got really really popular but now there's a bunch of comments that are saying that certain things don't work and when i tried it out today they are right there are some things that don't work for example the default password is different so you might go crazy trying to log into this thing if you were following a guide from too long ago so i know that this works as of well today so a couple hours yeah as of this broadcast uh it should be working and um yes uh so this should be a pretty good guide on getting set up on the raspberry pi for hacking um now all right so we're going to be using our raspberry pi 3v plus but on the raspberry pi for just an example michael how what do you think the first step is to getting this set up oh do you mean just like general raspberry pi raspberry pi setup yep uh take the microsd card like wherever you have and flash it yes using your favorite program i'm gonna stick it in here and that's like the very first thing you have to do yes okay so let's go ahead and go to my screen then and we'll just get started with that all right so uh first we're going to download kali linux from um the kali linux website let me see if i have it up still i hope i do so i'm just gonna so they make a custom arm image so don't download the general one um look for the one that's specifically for the raspberry pi today in this example i am using the 64-bit uh raspberry pi so that's an interesting note they they uh seem to have a bunch of other like single board computers on there so you don't have to you like you could use i think some of those are more powerful than a pie some are just cheaper um less supported ones from like china and stuff also just some feedback raspberry pi or not sorry offensivesecurity.com um when referring to your raspberry pi packages can you make it a little easier to differentiate what the difference between these is these are i have the raspberry pi and then two three four and then version one point two three four i get it after some study like i was able to understand this but like just being like which do i download it's like okay i have a raspberry pi 3. i guess this is only for like the original raspberry pi yeah yeah that's the way i would interpret it yeah yeah but and then like i also found that this one crashed i it got into a condition where it said that it wasn't able to access the root um profile so that one didn't work and then i had to download this one instead so if you experience some problems this the 64 bit one is the one that we're testing today i've gotten it to work and it seems very stable on the raspberry pi 3 b which is what i'm testing it on but it also should work just fine on the 4 and the 3b plus which is what i recommend using it on the raspberry pi 2 is fine but you're getting a little slow and you won't be able to do some attacks that are fun yeah cool so all right so we'll download this i recommend using a torrent and then also make sure to check the hash how do you check that for anyone that doesn't know is it simple or is it time consuming that's pretty simple i just kind of forget how to do it on a mac os because i've been on a different system let's do turn wow caps lock i think that's promising i'm not angry it's just caps lock can i just call this sometimes mac is uh mac os is great with just like making stuff easy like that but also often not shaw to 56 is that a thing i can do no um yeah i don't i've i've already forgotten it because i'm not thinking about that right now but yeah um you should generally check to make sure i pre i already downloaded this and i used a program that also verified the hash and i compared it so uh generally you want to make sure that the program you're getting is the one that the person who put it unintended so when you're using a third-party torrent website for example it's a really good idea to make sure that the torrent wasn't assembled with a little something extra so before you flash this just go ahead and make sure that the shaw value uh matches that okay so next up we're going to use a program called etcher and i really like this because it works especially well with linux it is terrible for flashing for windows so don't use it for that but for linux it's great so what you'll do is you know you say that but i had always used it on my windows machine and i didn't have any problems yeah it doesn't it doesn't work anymore really yeah specifically the newest version of windows or something broke something critical and now you have to use some other dumb thing for it interesting yeah i thought you could i thought i could just flash windows images and it's it's like we've detected a windows image like let's not do that because it's not oh you mean for flashing an image of windows i thought you were saying etcher working on windows oh yeah yeah yeah you can't flash windows images yeah yeah you can use windows to run etcher to flash linux images but you can't use any type of etcher to flash windows images yeah for running a windows computer that's why i love recommending etcher is because basically regardless of what platform you're on it's gonna work and it has a really nice interface stupid simple automatically detects like the micro sd card or any other uh like usb drive or anything you have plugged in yeah so recently etcher was purchased by some company uh actually it looks like a whale purchase etcher so that's cool um i don't know how to pronounce her name though so i'm not gonna say it but thanks for purchasing etcher i guess all right so here we go we have our image now which is auto selected um but i can go and i can change which image i'm searching for this is also cool because it can select the zipped image file actually yeah i can like see through it which is it actually took me an embarrassing amount of time to discover that because i would always extract it and then load it in and then one day i just accidentally clicked on the zip file and i was like oh hey it makes life easier it certainly does okay so i'm in the position where i have this plugged into what's also the hdmi cable so it might cut out for a second if i plug this unplug and plug in but i'm going to bravely try it so hold on no no no no this this is a unforgiving dongle having dongle problems oh my god oh yeah it works all right so this is a slow um micro sd card and i want to show you guys the consequences of using a slow micro sd card all right we have our thing selected we're going to flash this image the 64-bit kali linux to our sd card our micro sd card i'm going to flash it'll ask for my password it's going to send it to this whale and then um there we go okay so it's flashing and we're flashing at like five megabytes a second and we got 37 minutes until we're done oh okay that's a lot yeah it normally doesn't take that long so if you have a fast sd a micro sd card um like the one we're using in the raspberry pi right now then it will take about 10 minutes sometimes less to flash all of this so i highly recommend going for a faster micro sd card um you'll see increased speeds and also if something goes wrong for example one thing that will kill your raspberry pi is if you're updating it as root and then you unplug the power that is going to mess it up and it might not be able to recover and you might just have to reflash it and if it takes you like 20 30 minutes to do that every time like this is boring like you guys wouldn't want to watch this live stream if it was just us like you know just like talking crap like while we wait for this to flash for the next 30 no no this is definitely the kind of thing i recommend people like go get coffee get a snack come back and it should be done kind of thing um yes exactly okay so especially since it flashes it and then it has to go back and it like double checks to make sure it flashes yeah so after this it has to verify it where it basically checks the hash and make sure that it flash correctly there's no problems this isn't a security hash so again you should check the hash yourself but uh all right so this is the raspberry pi let's assume it's done we would take the sd card out of the microsd card um okay so question i know with like raspbian if you want to enable ssh uh you have to like unplug the micro sd card and then plug it back in and put in like a blank uh file that it says ssh wait i'm sorry explain this to me again what do you have to do why okay so like if you want by default like ssh enabled so like oh so if you want to connect headlessly yes okay so to or or if you wanted to connect via wi-fi you have to have the wpa supplicant file yeah that you add do you have to do those similar things with cali i don't know okay yeah i'm not sure gotcha i guess we'll find out let's just see if the ssh is open when we connect to it sure but i mean by um i imagine yes the procedure to have it automatically connect to a network will be the same yeah generally i think the supplicant file where because let's see for me that's always something i just had on my desktop to drag to any raspberry pi build because it just contains like your wi-fi network name and password useful i just always connect mine to ethernet um or just like connect to small yeah yeah network but um okay so let's say that this is done flashing so now we'll have a raspberry pi um that is successfully flashed with kali linux and we'll plug it into power we'll plug it into a keyboard and a mouse which we've done and then we'll go ahead and plug it into a screen so let's go ahead and switch over to that and i imagine it's saving power all right so yeah if you are trying to connect to a raspberry pi and this is your first time and you've read my really old guide on it you're going to type in root and tour yeah that's like the default like all linux passwords yep so not anymore why would they even change because it's like the default linux password they wanted to change it to something that was less specific to every type of linux yeah so well less general every type of linux so by doing this then it means that like now the default password kali is different from the default password to debian and uh like because so much more security from that change a little bit i mean at least they're not included in like the default pool that will hit literally every time every linux operating until it gets added i mean of course it'll get added eventually but you just see like why they wouldn't want it lumped in with like the most common room like two default passwords ever yeah so it's not like a huge change in security but whatever it still helps so now it the uh the default password and everything has changed so now it's cali and um actually all longer lowercase and then cali again much security yep what okay whoa did you change the password no no i didn't i'm actually we might have to reboot it which is fine um i'm not doing anything as rude right now i don't think so if i need to reboot it i kind of wanted to show that anyway yeah sure so it's going to go black for a second sorry guys but you'll get to see the whole rainbow sequence of the raspberry pi booting up so let's pretend that we're booting up for our first time and hopefully yeah so we get a rainbow if it stays like this you have a problem so then it'll go ahead and run [Music] and usually it takes a little bit to power up the like wireless radio and stuff it's also checking the disk to make sure that i didn't damage it when i unplugged it and checking the file integrity and all that and it generally will try to fix it if there's anything too bad otherwise we might have to fs check this one um or rather it might have to go fs check itself um because we have to run it in another computer uh so after this is done checking itself then it should oh this is also if it takes forever to raise its wireless interface you might have a problem with your power supply um that's i found that it takes like a really long time oh good we're in emergency mode um so if we're in emergency mode oh yeah wasn't this a problem you were encountering earlier no no so the other one boot looped into emergency mode um this one i unplugged while it was i guess doing something yeah link's not ready link is not ready yeah so it's trying to do oh wait no you're right uh cannot open access to console the root account is locked yeah yeah so that actually is a problem so uh can i do press enter to continue it looks like it's trying to start up but uh that's interesting so okay so just to diagnose what happened we had a raspberry pi default credentials was working fine we brought it in plugged it in suddenly all of a sudden it wouldn't let us log back in with the right credentials and then as soon as we rebooted it it now doesn't have access to the console is that that's and that's not normal at all no that's not normal at all so doing things yeah it's doing things um it seems like it might be like a transient problem or it seems like it's either it's either that or it's like a terrible problem like i guess yeah yeah maybe it's just slow booting up because uh there's a lot to the software here right so and it's also not running on the newest raspberry pi yeah so cali cali works just fine now that we've rebooted it cool like that's great what is it when all else fails turn it off and on again yep that's the first rule of engineering um well first is hit it and then second is turn it off and on no there you go so okay all right we're in kali linux it's gonna it's gonna get like sexier at a certain point and that's when you know it's done booting which is the film see yeah we got it we got the sexy dragon there yeah well no before it was not as like windy or whatever it got curves so uh you can see this we can i'm actually really used to navigating these without a mouse so i'll just like hit the windows key and it'll open that and i'll type in terminal and there we go so one of the first things we can do is um make sure that this is up to date i kind of don't want to do that um just because it's going to take up a well i guess we can see so let's go over here and see if it offers up the ability to connect anything presentation mode i don't care what's this what's that no uh if you do a network scan will this show up as like a cali machine uh well it's not connected to anything oh no yeah whatever okay yeah because i was gonna say um because one of the problems i would encounter when i'm working on a pie is oftentimes maybe you just have your laptop and you don't have a monitor mouse and keyboard around with you so that's why i was asking about ssh enabled by default earlier because a lot of times it's a lot easier to just uh sshn especially if you're mainly just doing terminal stuff um i'll connect to a different one uh this one come on give me the password dialogue no yes but all right so as soon as we connect it to so this is really really really easy to connect to the internet we can either plug in an ethernet cable or we can use the on-board wi-fi chip to just connect to wi-fi i think this yeah this one works connected all right so if i do paying 1.11 i know what address operation not permitted so you might notice some changes why can't i do that well what if happens if i run ifconfig command not found oh my god cali's broken what if i uh aircrack ng let's call that right all right aircrack ng works okay what if we're so let's do uh air mona ng that's included in the aircraft package it's not that i don't understand yeah they did i so we are not the root user so as a result we don't apparently have access to a bunch of random tools so if we want to become the root user then we can actually access the tools that are there but for example if i type sudo it's gonna ask me the password which is cali and look it's there okay so all the stuff is actually there it's just lurking beneath the surface it's really weird to me that like you know when you first start using this to a beginner anyway they're just like all the shit's broken yeah yeah and they're like mad because like it doesn't quite work out of the box the way it used to so like they really made some changes in terms of like how this is locked down originally you were just like root by default and like people would always criticize you know running route by default because it means that if you pick up any zero day exploit like over the air or something like that there have been zero day expos before that rely on wi-fi uh flaws and wi-fi chips to introduce code to the system so if you're doing that and you're running root then you really you know have the the possibility of a lot of damage being done also if you're running a program that's intercepting packets you never know what's going to happen um so you know running wireshark is rude like there's a lot of warnings about that so you know having the entire system by default root probably maybe you know for beginner is easy but not the best idea and also look at how easy it is to bypass sudo su yeah but i still feel like a lot of um newbies especially if you're following a guide particularly i can't tell you how many comments i've seen where people just don't realize that they need to add pseudo in front of it oh yeah i know i know well here here's the solution sudo su yeah so that'll permanently log you in and or no it'll for this session for the session and i am now rude and that's yeah it's kind of better to like make yourself root when you need to be rather than making yourself root all the time right that makes sense all right so let's try that command again ifconfig that's supposedly not their commands right it was totally there and in fact i'm gonna make this like bigger yeah i'm just gonna write that in in all my guides in the future just very first command if you're not already zero just yeah okay so we can see that here's our wireless card we're connected to a wireless network um and it totally does exist so that's great so what can we do on cali linux well pretty much anything i'm actually gonna move this over here yeah and to be clear this is for all intents and purposes a full cali install right it has like all the tools so anything you could do on a kali linux laptop you could do on raspberry pi albeit with a little more a little less horsepower behind the screen yes so here we can do our first command should always be apt update uh so now that we're we don't need to sudo it so apt update is going to make sure we have all the latest versions of the packages that we're running now a problem that might come up is if you're trying to you if you download a package it's going to be the most recent version it's going to rely on the most recent version of the libraries probably that are available for whatever tools it's depending on so if you try to run a hacking tool and you're relying on older versions of the libraries you're going to run into bugs and some of the tools you're trying to use while they're fully updated are not going to work so in order for your system to know what packages have been updated and what needs needs to be updated you need to run the apt update after you connect to wi-fi or ethernet so here um let's see and you know you mentioned it earlier but i think this is another important reason why you want a fast micro sd card yes it's just updating faster doing all this sort of stuff you don't want the bottleneck to be your scrolls if you have like a really slow end it just absolutely drags when you have to do installations and stuff so yeah getting a fast sd on microsd card is a really good idea um now michael brought up a good point while we're waiting for this to finish which is if you don't have access to maybe a monitor or something it's possible to set these up so you can just remotely connect to them from your computer now one easy way of doing it is just plugging it into ethernet and then it'll automatically connect but another way you can do that is configure it to connect to wi-fi by going into a configuration file after it's done flashing and basically putting in the the information so that as it boots up it automatically connects back to a network and then you can just basically log into it um okay here we go um and that's called running it headless which means you don't need a monitor or like a head on it in order to see what's going on so here we see um there's a bunch of stuff that could be updated if i want to start a very long command i can run do you know what it is uh app get upgrade yeah it's just an app now app yeah they got rid of get what because like who cares reasons okay of brevity yeah they they got rid of a third of it so it's 155 megabytes of stuff that needs to be updated on this raspberry pi in order for it to be fully updated but trust me it is worth it and again you probably want to be connected to um you know like ethernet while you're doing this but once this is done you'll know that your raspberry pi um running kali linux is fully updated with all the libraries and everything that it needs to make sure it doesn't crash or experience any other behaviors if you have a problem with your program the first damn thing the developer is going to ask you to do if you like ask them for help is update and upgrade and you're going to be embarrassed when it turns out that that fixes it i was when it happened multiple times and i was yelling at some dude about his code not working he's like have you tried update upgrade it was like of course i tried it it's like of course i was like and then just like i was about to hit send it's like i should probably actually try it and then i tried it and it worked so just be aware that like this process while painful we're at four percent and i've been stalling for like a good minute now uh oh yeah um is gonna take 24 minutes in order to fully come well no i think this is also an important distinction to make between the three and the four pi is that the ethernet is actually i think limited to 100 megabit on the three whereas on the four it's actually full gigabit um ethernet so that could make a real difference and i haven't done it myself but i from what i understand you can actually um with the most recent pies attach an ssd a solid state hard drive and you can actually boot from that so that could even be faster potentially than a micro sd card cool cool especially if you're going to use this more regularly all right so how much time do we have left do you think uh we need to go for about 10 15 more minutes ooh all right little well i don't want to spend that 10 or 15 minutes um updating this raspberry pi that sounds boring so let's cancel ctrl c that's gonna oh by the way if i were to unplug the pie right now it would be so hungry at me i would basically probably have to have a go fs check itself because it would it would basically corrupt like parts of the raspberry pi like as logged in as room while it was updating and it hates that so let me just say working with the raspberry pi you want to make sure you have a stable cable a stable power cable that is in not wiggling around and not going to disconnect suddenly because it hates being disconnected when it's updating his root um it really doesn't like that so if you unplug the raspberry pi you run the risk of corrupting the sd card anyway and you might just have to flash it make sure to frequently back up any projects you're working on on this i cannot stress that enough um before we do anything with raspberry pi i realize there's always the capacity to fry your work so back up your sd cards always make sure to do that because if you do something really precious on it you're going to be disappointed if suddenly you know the power cable wiggles out and you totally make it so you have to reformat your sd card there's no other way to boot it and two additional notes there too is um definitely with the power supply make sure it's rated for like two and a half amps particularly if you're going to be plugging in any additional devices like um if you want to scan extra channels or whatever and or have an external wi-fi antenna and you're going to have an adapter definitely put use the the right rated power supply and additionally i think they actually make a ups uh hat for the pie and an uninterruptible power supply that's like got a little lipoly battery attached to it and stuff so like if you're legit super concerned that is something that you you can look into yeah absolutely and uh wow there's a lot of attacks here um i'm just looking at all the things that are available we have wireshark so we can do wireshark stuff that might be fun um we have our latest plate we have the metasploit framework built in um aircrack i want this better cap here lame that's a little sad let's see if we can install it apt install better cap that's going to take a while isn't it i don't know it's pretty beefy installation but let's see um the connection speed isn't so much the problem it's just like how fast it can install it i just want to see you know this is okay it's 20 megabytes so better cap is a great tool to run on the raspberry pi um you can very effectively use even an older raspberry pi as a tool to snoop on connections in a network and even do some like spooky dns spoofing uh and all that stuff so for people that may not be as familiar what does better cap do better cop is the swiss army knife of wi-fi attacking that is i believe verbatim their description on their website their tagline okay cool and i could use some more stickers buttercup team um hint cough cough yeah wink wink there's spaces uh but yeah so better cap uh allows you to do all this great stuff with wi-fi they were one of the first ones to implement the pmk id attack which okay i am getting into jargon you're excited but no one knows what that means okay so if you're attacking wi-fi network or if you're talking an ethernet network there's a couple ways you can peroxide it you can do it from the inside or you can do it from the outside better cap does both it's able to stand outside of a wi-fi network and grab all the stuff you need to try to break into it and then once you're inside of that network it lets you do all the spooky stuff that really like turns the tables on the person that's in there and basically lets you take control of the wi-fi connection or the ethernet connection and really take over the entire network it says it's done okay that wasn't too bad i know right let's see if it works should we run this on our actual network i mean it's on our actual network so let's buck rock and truck help all right so we've got uh netflix oh yeah yeah so when we start out it's not running anything so let's do ours to these like services net net oops dot recon yeah that's really hard to spell wait why oh net dot recon start what denied all right uh oh on sorry net dot recon on see why can't we just like standardize some of this stuff okay so now when we type help we've got one service running let's do the next one net dot sniff on all right we've got some more stuff going on how about net so what are these services you're actually starting on so i'm starting to creep on the network and basically what i'm doing is i'm listening to traffic that's not supposed to be for me and i'm starting to pick up things so if i type um net.show hey i have a list of all the targets that have been located on the network by the raspberry pi i see myself um i see my dell computer which is not actually a dell computer i love that it's labeled dill and then dinner and that was like actually apple yeah so typically i spoofed my mac address but this time i didn't here we can also see there's traffic going through we can see um that this is intercepting traffic uh that is coming from my macbook so it's getting uh queries for different domains which is pretty funny we can also see your hoyt aspire is also being detected on the network so we're really creeping pretty hard on the network right now so we'll type help and we can see we're not even using a tiny amount of the different weapons we have yeah that is a little swiss army knife there in it yeah so let's do arp swifting huh sure arp dot spoof on so what's arp arp spoofing is gonna mess this network up from the inside it's basically gonna lie to every single device on the network and be like hey guess what i'm the router you gotta listen to me and i'm the boss and they're just like i'm a stupid computer i don't know what i'm doing so i'm gonna agree with you so now all these computers are putting their stupid traffic through this raspberry pi because they think it's the best because it says so huh that's so there's no like certificate kind of signing schemes or anything that can be implemented on the network to protect again there probably is all sorts of stuff that people would actually like spend the money on it but because people don't care about that that's like enterprise stuff yeah so like now um you know i'm on whoa i'm on wi-fi with this let's see if i can go to um [Music] url no don't go to my website i'm just gonna don't go to my screen okay in url http all right so i'm gonna try to go to a website and i just wanna see if we can capture it with this raspberry pi um or if i have any connection yeah okay cool so i'm going to just go to this random middle school website that i hope doesn't have they have http oh uh what a bunch of nerds oh but you can see it okay you can see what website i'm going to in real time that's uh creeper matt crate person yeah yeah okay let's see um i'm just trying to find one that doesn't have https yeah here we go now you can see everything i'm doing so let me log into this um middle school that hates security and uh wait no that one doesn't have a login let's do this middle school that hate security i have to say i really love um working with insecure login forms because bettercap i think also structures it to show you yeah we can log in let's log in oh hey now let us absolutely log into the sketchy website um username and password um so my username is um and my password is let's see if we can submit this and capture it using our raspberry pi boom i've submitted my login has i gotten it invalid credentials how dare you sir i am a member i thought we would see that but um it doesn't already missed it there is a lot of output going on but and we also might not be don't ever say that login please yeah we've got a pretty busy network yeah on here yes we're capturing a lot of stuff here so i wouldn't be totally separate and also here's the thing the raspberry pi um isn't like a super computer so there are some things nobody there are some things that it might get hung up on if it's routing too much traffic so right now i'm attacking like a lot of different devices that don't deserve this um so because we have all these other people on the network this little computer is really probably a little bit stressed with how much it's handling and how many different oh yeah see it just loaded this um so we're able to see some traffic um i didn't see us capture the credentials but that's okay because i know we can and i'm able to see everybody knows the update is http oh yeah isn't that great that sounds like a flaw oh yeah no you're just like oh someone's like downloading a windows request um that happens to just be in plain text like that's great like hope i'm not you can also basically i can stop um everyone's connection and a moment's notice so i can use the raspberry pi to poison this connection from the inside and just stop forwarding the stuff i'm just like no nobody gets mail like you said you send traffic out through me i return stuff when i feel like it right now i don't feel like it so you don't get any traffic at all which is hilarious and basically means that you know if you are on this network someone could connect using this raspberry pi and just take control of your network completely yeah that kind of reminds me of one of my other favorite raspberry pi projects the pi hole which acts as a dns server on your local network and you can totally do that just like oh that no that website doesn't exist google.com don't know where that is i'm i'm sorry i'm going to try to log into one more insecure portal and see i should probably just make one that automatically does this because like i spend more time looking for unsecure websites on just make your own interior website yeah i really should my bird i think there's a lot of there's like a lot of intentionally vulnerable websites i did an article on null byte a while back on i should know them hey oh my god that was it wait no don't take my victory away from me go get back scroll scroll off i'm trying uh whoa so you can see the raspberry pi is also a little just stressed so ooh what is that we have the contents of our actual requests so we can oh wow yeah cool sheets um i just we can see the computer that sent it so we can see that this was sent from a mac os computer so that's really useful so even just snipping this we're learning information about just oh here we go um we're getting a login gateway i really want to find that password you guys you have no idea how much this is bothering me um but okay all right well the point here wasn't to show you guys how to capture passwords on a raspberry pi on a network we're so far into the weeds now i mean yeah i know i'll just but no i think this is a beautiful demonstration of the kinds of things that a raspberry pi would be great for like i was mentioning at the beginning like a kind of network implant because like 35 dollars um you know i did discuss like the peripherals add a little on top of that but still like for all intents and purposes that is a disposable item at a certain point wait is this page 64 the pro this looks like basically okay i bet my password is based 64. well good on you middle school congratulations for using base64 to protect my freaking password i'm just better because i really wanted to see on the screen but as you can see plain text we're doing this on a 35 computer so i'm gonna i'm gonna stop this nonsense with better cap i'm gonna release the network okay everybody else on this network's gonna be very happy to know that the raspberry pi is no longer the router i'm sure as soon as we check our messages we're going to see a bunch of people being like the internet slows like sorry we're using a 30 computer yeah so so we're getting low on time but could we demonstrate real quick like the wi-fi hacking like what would that look like oh sure whatever the monitor mode yeah let's attack some stuff with wi-fi all right so you have to do anything special to put the uh card in monitor sure do all right so i mean it's really no different from doing this yeah you do four equal signs press enter all the wi-fi is hacked plus plus plus i want the font bigger sir all right so ifconfig that's wrong ifconfig that's right and we can see we have a default wireless card it's wlan zero yeah and that's basically by the way we we're doing wifi hacking because better cap also does all the attacks i want to show you but uh if you want to run uh an attack that i think is great for just grabbing handshakes and then being able to try to crack one let's try that so um we'll do ng start this keyboard is very sticky wlan0 yeah uh and then we should have it put into monitor mode so if i type ifconfig again we can see it there it's now wlan zero mod we can type ipa as well um or iw config they all work um so genuine zero mon um is the name of our wireless card now it's in monitor mode this crashed before when i didn't have a proper power supply when i ran the next command so if i want to see all the stuff that's in the area then i can type arrow dump ng but if i want to attack stuff and i don't care about scanning first i can type b sideng so let's type b sideng and um where's my phone i'm going to create a network and we're going to let's just hack it why not right okay yeah sounds like a plan all right so i'm going to create a hotspot it's going to be called i don't know testnet and the password is going to be password123 cool so let's see if we can hack this password now what we'll need to do for this is uh i'm going to connect my computer to this hotspot okay and we're going to use the raspberry pi to kick it off and grab the password so let's say that we download a password list from the internet i'm just going to nano password dot text passwords dot text oh does that come downloaded by default oh no i mean i imagine there's there are definitely default passwords here i just don't know where they are yeah so blah blah blah and there's lots and definitely password oops my password okay so now we got some passwords in here we saved it um so that's that's what we need we need a handshake and a password list so we could go to github and download it i don't really have time on the stream so we're not going to do that but our goal here is to try to brute forces from this big long list of passwords which in fact is just like eight um but this could be a bunch and again don't stress out this poor raspberry pi don't give it like a million it'll do it but it's gonna get really hot so we're gonna do b side ng wlan zero mon and it's gonna start attacking and hopefully not crash if it crashes then that means your power supply is weak yeah so it's gonna scan and um i'm going to um also on my computer just like ping something or reboot something or whatever just to create some traffic um and it's going to go and it's individually going to attack everything it sees nearby because this program is about the thing yeah so now it's attacking just absolutely everything so to be clear always make sure you have permission to do this on the network yes so this tool is dangerous as hell and i should make it very clear that running this in the way that i just did only worked because we are shooting in a basement it's a dia thing is that your test network yes it is okay yeah so we're fine because there's nothing in range that isn't ours but if you are doing this in a densely populated area you need to do a scan first and identify which what network you're actually trying to attack now here if i want to be responsible because michael's complaining about responsibility i think also an important note on the raspberry pi if you're going to use the internal wi-fi is that it's just like the little pcb antenna so you don't have the capability to attach a better like directional antenna or any kind of external antenna for that matter so it does have pretty limited range like you're not going to be hacking an entire house with this like right so this is without modification this is a pretty not the the most powerful of antennas so we can only see like our networks upstairs and downstairs and that's about it so now i've done a quick scan and i've identified that our test net is on channel 11 so now i've added the flag c11 to only attack things on channel 11. so hopefully it will see it yes it does um so it's gonna finish just just absolutely menacing um our upstairs network for a second and then after it moves on from that i'm gonna keep requesting this webpage in cantonese oh god why did i do that um now my entire google is in cantonese oh that's always a joy um but yeah if i just keep the traffic going uh yeah okay oh my god we can stop cool look at that we got a handshake for test net so again using a raspberry pi we've got a handshake so now that should be stored in a file called i type ls we should see wpa.cap that's where the handshake is stored so let's do aircrack ng and then we're going to do w passwords dot text and then we'll just do the um handshake so wpa.cat cool and then it'll give us some options which one do we want to hack well we're going to select option number two there we go we got the password from our huge list of passwords has set out of eight keys it was able to guess the right one computers are amazing such a lead hackster yeah so all right i guess that's what we can do for today uh but yeah this has been just an example of how quickly we got started hacking on a raspberry pi just by downloading the kali linux image and then putting it into the uh into the raspberry pi regardless if you have a 3 3b plus a 3b or 4 all of them will work we were testing out the 3b plus today but we were able to get its wireless card to not only attack a network from the inside and basically see the contents of people's communication but also attack a network from the outside and get the password to the network and we did all of that in uh how long um like 50 minutes 50 minutes so seriously if you're interested in hacking the raspberry pi is a really really good way to get started and there's plenty of documentation if you get confused or if you otherwise need help with getting the hardware working so i recommend if you guys are interested in hacking you have a raspberry pi sitting around consider the fact that it's wireless card is a lot more durable and robust than most people think and it's able to do some things that traditionally you just need to buy a much more expensive wireless network adapter to do so for the same cost you could get both the computer that's hacking and the wireless network adapter that's compatible all in one package yeah and that's absolutely why if you're a beginner and you want to get into hacking like buy a raspberry pi just do yourself a favor that's the best place to start it's not too expensive and then you'll get a better idea of this is this a hobby or a career that i want to pursue or is this kind of like oh that was an interesting thing to do one weekend now i'm gonna you know move on yep yep yep all right so that's all we have today thank you guys for joining us on this episode of hacking with friends for always we have to thank varonis for making sure that this broadcast is a thing and if you guys are interested in seeing how they're professional stop hackers like us who inevitably will get into a system you should check out the powershell workshop as well as the ad workshop and also some of the great attack labs they have which demonstrate just that awesome sounds really cool yeah all right guys so make sure to check out our other broadcast we are live every tuesday and friday so if you haven't seen uh the various episodes that we've already done and you're interested in seeing them check out the security forward youtube channel at youtube.com securityforward that's securityfwd and you'll find both this and also all the other streams that we've done saved there you can watch them at any time so yeah great all right we'll see you guys next time you

Info

Channel: SecurityFWD

Views: 18,614

Rating: 4.9168243 out of 5

Keywords: kali linux, raspberry pi, how to, raspberry pi 4, raspberry pi 3

Id: hjJIPBeJJDo

Channel Id: undefined

Length: 55min 15sec (3315 seconds)

Published: Tue Jun 30 2020