P4wnP1 the Pi Zero W USB attack Platform

The P4wnP1 is an exciting and feature rich USB attack platform that runs on a Raspberry Pi Zero.

featured item

The P4wnP1 turns your Pi Zero/Zero W into a physical security Ethical Hacking pentest tool. In this article, we will cover installing P4wnP1 on a Pi Zero W and using several of its payloads against a target system running Windows 10.

For this article, you will need:

  • Rasberry Pi Zero W (I purchased mine from adafruit.com with a case)
  • Raspberry Pi Power Adapter
  • MicroSD Memory card
  • MicroSD card writer
  • P4wnP1 software

You will also need a target computer to plug the P4wnP1 into (I used a Windows 10 PC) and a secondary computer to SSH into the Pi to control and modify the P4wnP1.

Continue reading article on dantheiotman.com



Drone Autohacks other Drones, and you can Build one Too!

With Amazon making headline news about their automatic drone deliveries, a security consultant has released his plans for making a predatory type drone that takes over other drones.

Skyjack “Zombie Drone” software created by Samy Kamkar turns a Parrot AR Quadcopter drone into a flying hacking station that uses a Raspberry Pi and the Aircrack NG tools to find and take over other Parrot drones.

Non-Parrot drones should be safe from his design though, as it searches out for the Parrot’s particular MAC address, and only attacks Wi-Fi signals.

Let’s hope no one puts something like a WaveBubble on one of these Zombie Drone Attackers:

A WaveBubble, though highly illegal to actually build, finds and jams all RF signals in its proximity. This includes GPS, Wi-Fi, Cell Phones, BlueTooth, etc…)

A drone equipped with both technologies (which we don’t support or recommend) could, in effect, try to hack a Wi-Fi based drone and take it over, and if that didn’t work, could possible jam the drones signals and cause it to crash.

Oh the joys of technology…

Sammy has released the plans for his project, see the above YouTube page for links.

Disguised Raspberry Pi that can Hack your Network

I’ve been playing around with a Raspberry Pi on and off for a while now. The credit card sized, fully functional computer can do many things, including being transformed into a security testing tool!

There is a great article on TunnelsUp.com that demonstrates disguising a Raspberry Pi computer as a power plug and configuring it to connect out to a control server using SSH. Basically making it into something like the popular Pwnie Plug device.

When assembled, the device looks like a any other power adapter that clutters our power hungry offices. Except this one allows someone on the outside of the building to connect into the building, possibly allowing them to perform attacks against your infrastructure.

Though the author mentions just using “A Linux OS” on the PI, using something like this and placing Kali Linux on it would make it a very powerful (and affordable) attack/ security testing platform. Kali is the latest version of the Backtrack penetration testing platform, is loaded with security tools and works exceptionally well on a Raspberry Pi.

Very cool project, this should jog the creative mind of penetration testers and hopefully be a warning to IT departments to keep an eye out for rogue devices such as this.

Hacking Wi-Fi Networks with Fern, Kali and a Raspberry Pi

Fern Wifi Cracker 1

Wouldn’t it be cool to be able to test wireless network security using your Raspberry Pi? Well, thanks to Kali Linux, you can! With Kali you can scan for Wi-Fi networks and even perform active penetration testing using your $35 Raspberry Pi.

I just finished up another article for Hakin9 Magazine. In the article I covered using a Raspberry Pi to crack Wi-Fi security from install to basic pentesting.

With Kali you can use all the normal command line airmon-ng tools that you can use on a regular Linux machine. Fern is nice because it adds a graphical interface to the airmon-ng tools making things so much easier.

Let’s take a quick look at Fern:

(NOTE: As always, these techniques are for IT teams and computer security testers, never attack or attempt to access a network that you do not own or have permission to access.)

From the main menu (see picture above) just select your wireless card, then scan for access points. As they are found Fern lists them under the WEP or WPA Button.

Fern Wifi Cracker Detected

Clicking the associated button will display a list of the access points found. Then just select the one you want to test. You now have two attack options. You can select the Reaver WiFi Protected Setup (WPS) attack and a normal Association Key dictionary brute force attack :

Fern Wifi Cracker Detected 2

Fern works very well and is actually pretty responsive when run on a Raspberry Pi.

With the Pi being so small and cheap, this opens up some interesting options for professional penetration testers, especially when paired with a USB Wi-Fi adapter and a battery back.

For a lot more information on computer security, including bypassing the most common Wi-Fi security techniques, check out my new step-by-step tutorial book, “Basic Security Testing with Kali Linux”.