Pi 4 Hacking Platform using DietPi and PTF

Building a Raspberry Pi 4 Ethical Hacking platform using The Pentesters Framework and DietPi.

I’ve been playing with using different hacking tools and Operating Systems with the Pi 4. In this article I cover installing The Pentesters Framework on a RPi 4 running DietPi.

DietPi is a very lightweight Debian OS for the Raspberry Pi. The Pentesters Framework by TrustedSec is an Ethical Hacking installation script that automatically installs and updates over 250 modules/ tools. It would be great if they would work together on a Raspberry Pi 4. The good news is that is does – With a couple tweaks.

I cover installing and using The Pentesters Framework on Raspberry Pi in my latest book. So, I am not going to go into great detail on using the tools in PTF. I just want to cover actually installing it on DietPi.

Installing

NOTE: You will need a Raspberry Pi 4, and at the minimum a 32 GB MicroSD card if you want to install all of the PTF tools. Don’t have a Pi 4? Seeed is currently offering free shipping for orders over $119 with a Raspberry Pi 4 4GB.

Insert the MicroSD card into your Pi, attach peripherals and lastly connect power (always connect power last). When DietPi boots up you will be presented with some options.

  • Pick any software install options you want, then “Go install software”
  • Requested software and updates will be installed
  • Reboot when finished

I just run through it quickly the first time to get the latest OS updates. Note the CPU temp warning, it’s a Pi 4, it runs hotter than a Pi 3.

To install an “X” Desktop or any other included software, type, “dietpi-software”.

There are a ton of add-on software options under “Software Optimised”. For example, if you want a graphical desktop, pick the X-Desktop you want and then the “Go install software” option. You can also setup your login preferences from this menu – auto login, desktop login, etc.

All we really need here is to install Python. Then we need to make a small config file tweak and finally install PTF.

Installing Python

From the DietPi-Software menu, go to “Software Additional” and install Python:

  • Cursor down to Python Pip, hit the space bar to select it.
  • Select “OK

You will return to the main menu.,

  • Cursor down and select “Go >> Start Installation
  • Reboot when finished

We need to install git:

  • Open a terminal and enter, “apt install git

Next we need to comment out a line in the ‘/etc/hosts’ file or the PTF install will error out.

  • Comment out the “::1 localhost  IPv6 localhost” line
  • Reboot

That’s it! We can now proceed with the standard PTF install:

You will then see the main PTF interface:

Type “show modules” to see all available modules. You can install individual ones if you wish. If you have a large memory card (32 Gb), you can install all of them.

  • To install all tools, enter “use modules/install_update_all
  • Reboot when finished

The install will take a very long time, especially if you install all of the modules. After install, all tools will be located in category themed directories under the ‘/pentest’ directory, as seen below:

Many of the tools can be run from anywhere, but some tools require you to change into its install directory for it to work properly. This is usually ‘/pentest’, but some run from ‘/usr/share’ as well. Check it out, there are a ton of very good tools at your disposal, like “Sniper”:

And there you have it. Again, I go into much deeper detail in my book about using PTF on a Pi, I just wanted to show how it could be installed on DietPi. If you want to learn a lot more about using Raspberry Pi for Ethical hacking check out my latest book – Security Testing with Raspberry Pi

Advertisements

New Book: “Security Testing with Raspberry Pi”

My latest book, “Security Testing with Raspberry Pi” is out. The newest in my “Security Testing” series is all about the versatile Raspberry Pi! †

The credit card sized Raspberry Pi has been a hit with makers for years, it is amazing how many different ways you can use these devices. What many don’t know is that they are also a great tool for use in the security field.

The RPi can run many of the popular Ethical Hacking tools and operating systems. The small size and portability of the Pi makes it a perfect tool for Red Teams and Pentesters.

For example, the RPi makes for great pentesting “Drop Boxes”, small scanning remote access tools left behind on a client’s website during a test. But that is just one use, thanks to P4wnP1, the Pi can also be used as a very powerful and live customizable HiD attack tool. They can even be used as surveillance cameras.

In my book, I cover how to install and use many of the top security tools on the Raspberry Pi.

How to install Kali Linux on a RPi, installing security tools on Raspbian, how to use Warberry Pi – a drop box like system, even how to setup your Pi to act like a security camera, and much, much more!

Like my previous books, the first thing covered is setting up a test lab with vulnerable targets. You will see how to use the RPi to scan test systems for vulnerabilities. I also cover how to use the RPi as an actual test target so you hone your ethical hacking skills without breaking the bank.

This book basically takes off where “Basic Security Testing with Kali Linux” ends and shows you how to use a Pi as a functional security tool. Though not a beginner, “How to use a Pi” book, I use step-by-step tutorials for those new to ethical hacking and the Raspberry Pi.

What about the Raspberry Pi 4? The book now includes notes for those who want to use the brand new Pi 4. As the Pi 4 was just released, many of the operating systems and tools are not 100% functional yet with the Pi 4. But you can install Kali Linux on the Pi 4, and use many of the popular security tools in Raspbian. Functionality will increase as time goes on and as tools are updated to work with the Pi 4.

If you are interested in the Raspberry Pi and want to see how to use it in the security realm, check out, “Security Testing with Raspberry Pi“!

Basic Security Testing with Kali Linux Giveaway Contest

Want a chance to get a signed copy of my latest Kali Linux book? I am giving away a total of 10 signed copies of “Basic Security Testing with Kali Linux, 3rd Edition”!

Simply follow, like and share this article, or my official Twitter or Instagram announcement, for a chance to win a signed copy of my new book!

10 lucky winners will be randomly selected on October 31st.

The Contest is for those living in the United States only. I may do another one for international readers in the future.

Liking this article & sharing the Official Contest announcements on Twitter and Instagram will increase your chances of winning.  Winners will be notified on October 31st. If a winner cannot be notified or does not respond by the end of the first week of November, another winner will be picked.

Good luck!

 

Finding Spy Bugs with an RTL-SDR & Salamandra

With the explosion of Internet of Things (IoT) devices, and some hardware now being banned from certain facilities due to spying concerns, it would be nice if there was an easy way to scan your office to see if there are any hidden microphone “spy” devices.

Salamandra is a tool to detect and locate spy microphone devices in closed environments. Usually the “Spy” microphones you can find online will record audio and then re-broadcast it at a certain frequency. Salamandra displays any detected microphone type devices along with its broadcasting frequency. Using a displayed signal strength, it is possible to find the general location of the device.

In this article we will use Kali Linux, an RTL-SDR (I used a NooElec Nesdr Smart with the included extendible antennae), and Salamandra.

Installing RTL-SDR software

On the Kali system, connect your RTL-SDR card. Open a Terminal window and install rtl-sdr:

  • apt install rtl-sdr

Spy_Microphone_SDR1

  • Run “rtl_test” to make sure Kali correctly sees the card.

You should see an output as below:

Spy_Microphone_SDR2

  • Press “Ctrl-c” to stop test.

Installing Salamandra

Tool authors: Sebastian Garcia, Veronic Valeros
Tool Website: https://github.com/eldraco/Salamandra

Download Salamandra with git clone:

Spy_Microphone_SDR3

Change to the Salamandra directory.

You will need to install “pygame” as it is required by Salamandra and is not installed by default in Kali:

  • pip install pygame

Spy_Microphone_SDR4

Now, just run Salamandra with the recommended options:

  • ./salamandra.py -t 0 -a 100 -b 200 -s -S

Spy_Microphone_SDR5

Salamandra will then automatically detect any RF bugs it can find. The display includes the frequency and the signal power. Power is displayed by “#” signs. The stronger the signal, the more “#” signs that will be shown:

Spy_Microphone_SDR6

  • Press “q” to quit.

Listening to a Detected Signal

Now that you have the frequency of the bug, you can listen to and/or record it using Gqrx.

To install Gqrx:

  • apt install gqrx

Spy_Microphone_SDR7

Now run the program:

Spy_Microphone_SDR8

On the “Configure I/O devices” screen, select your device. Mine was the Realtek RTL2838UHID device, as seen below:

Spy_Microphone_SDR9

You may want to drop your sampling rate if you have any issues.

When you click “OK”, you will then see the main Gqrx program interface. Just hit the “Play” icon in the upper left corner to turn it on, and then select your frequency by clicking on the large frequency numbers on the top of the screen:

Spy_Microphone_SDR10

Picking a live radio station (as shown above) is usually the best way to figure these programs out if you are not familiar with them.

Change your mode to the correct signal type. Usually it is one of the FM signals (WFM, NFM). Click in the middle of the graphical signal wave to put the red line in the middle of the highest peak. Then drag the sides to the right and left of the signal slopes, as seen above.

And that is it! If you have the correct settings you should have audio.

  • Now that you know it works using a radio station, tune in to the frequencies that were detected by Salamandra

You may need to play with the setting some to get a clean signal. Most likely there may be nothing there, it may be picking up your headset microphone or something else. But it is very good at picking up analog listening devices.

To Record Signal

In Gqrx, hit “Rec” at bottom right to record.

  • The file will record and save in the “Root” folder.

You can hit the Play button in Gqrx to listen to the file that you just recorded. You could also install a program like Audacity to listen to the saved file.

Conclusion

In this article we covered how to use an SDR-RTL device as a bug scanner. With Internet of Things type devices becoming more common place in the home and office, it isn’t a bad idea to scan to see if any of these may have a built-in microphone. For more information on the tool, see RTL-SDR’s article, which includes a link to a white paper written by the tool authors.