TJ2XNCjin0s/SwuTjOsihtI/AAAAAAAAAKU/0lJt-U-5DFY/s1600/blog-cru2-searchforip.png' alt='Hack Computer Through Port 8080' title='Hack Computer Through Port 8080' />The hardware that will be virtualized as well as.DHCP is configured to use both DNS and Gatway 192.If you are trying to assign clients on the 192.Whether youre a computer novice or a prolevel geek, you probably have some idea about Wifi security.You know that you need to have some kind of password, and you.Hack Computer Through Port 8080' title='Hack Computer Through Port 8080' />Setting up a man in the middle device with Raspberry Pi, Part 1 jeffq, published.I recently purchased that most marvelous of devices the Raspberry Pi and naturally my thoughts turned to the nefarious given its cheap price and small package.I decided to attempt to create a man in the middle device that could be discreetly attached to a remote network and could redirect and sniff traffic.Im only a very novice Linux user so it took a bit of learning to wrangle man pages as well as some intrepid Google fu, but Im going to document how I was able to turn this tiny device into an evil packet sniffing machine.For those who dont know, a man in the middle attack involves secretly becoming an intermediary between the communication between two parties each thinks they are talking to the other when in fact they are both talking to the attacker.The attacker can choose to pass the information along unmodified simply observing the communication or may choose to modify parts of the communication for the own evil ends.The Wikipedia article gives examples and also proposes counter measures.The most widely used counter measure currently in place is the use of SSLTLS to verify the other party in a communication.TLS however relies on a public key infrastructure, and there have already been examples of hackers breaking into certificate authorities and issuing fraudulent certificates so as to perform man in the middle attacks on HTTPS sessions.Hacking a CA is beyond the scope of this article and we will restrict ourselves to performing a MITM attack on HTTP traffic.The Raspberry Pi comes in two flavors, Model A and Model B.For the purposes of this article Ill be using a Model B since it has an Ethernet port the Model A, while 1.Since our plan is to surreptitiously plug our Pi into our victim network, well need a physical Ethernet port.Well also need an SD card of at least 4 GB these are pretty cheap.The regular install on a Raspberry Pi is NOOBS new out of box software and contains several pre packaged operating systems.However for the purpose of our MITM device well be using a different Linux distro for our Pi Pwn.Pi. Pwn. Pi is a distribution of the Raspbian OS that contains many pre installed packages for security and penetration testing which is naturally right up our alley.So, go ahead and download Pwn.Pi. Once its downloaded well need to load it onto our SD card.First, format your SD card using the SD card formatter from the SD association.If the size value shown in the formatter is less than the size of your card, be sure to choose format size adjustment in the card.Once your card is formatted and youve downloaded Pwn.Pi, extract it using a tool like 7 Zip.The result should be a.We can now use a tool like Win.Disk. Imager to write the Pwn.Pi image onto our SD card.For some reason Win.Disk. Imager always crashes on me when I click the folder icon to search for a file, so I had to manually type in the path to my Pwn.Pi image. Once youve selected the image, go ahead and write it to your SD card.Now, you would expect that we could plug this SD card in to our Pi and boot.But, attempting this will lead only frustration.This is because Pwn.Pi doesnt support Model B Pis.This is because the firmware for booting in the Pwn.Pi is extremely out of date, but we can download the latest Pi firmware and replace the necessary files on our SD card to get the boot to work.These files can be found here.Ive cached them all and you can download them directly from this site.The Pwn. Pi image contains two partitions a FAT partiton used to boot and a Linux formatted partition that contains the OS.Thankfully Windows supports reading the FAT partition we need to modify if you navigate to the SD card after writing the Pwn.Pi image it should look merely like a 5.MB FAT partition with a few files in it.Replace the files on the card with the files from the latest Pi firmware.Once youve done this your Pi Model B should successfully boot Pwn.Pi. A note about the Raspberry Pi if you have a keyboard and mouse plugged in which you should the Pi often takes more power than a standard AC adapter can provide.Im using a powered USB hub to ensure that all of my peripherals work.However, the default Pwn.Pi image is pretty out of date and may not support your USB mousekeyboard it didnt support mine, for example.Even if it does, its a good idea to update our Pi to the latest versions of software.Before we can do this however, we need to expand the file system to encompass our entire SD card.The. img we wrote to our SD card constituted a bit by bit image of the file system unfortunately this included a minimally sized data partition.We need to expand this partition.To do this, start the Raspberry Pi Software Configuration Tool by entering the following at console The first choice should be Expand filesystem, which is what we want.Press enter and follow the prompts.Reboot when asked to.When the Pi has rebooted, we can now begin the process of updating its software.Enter Aptitude, the package management system on the Pi by entering the following Once in Aptitude, press the u key to get the list of latest updates available.The Pi will update the latest list of packages from the Raspbian sources.When its finally finished updating there should be a large amount of packages available for update as of this writing 3.Pwn. Pi. Select Upgradable Packages and press the key.This will select all upgradable packages for installation.Press the g key to view what packages will be installed and press g again to begin downloading and installing.Wait a bit for various definitions of bit for all packages to finish download and install.When its all said and done you will be prompted to press return to continue.This will bring you back into aptitude, from which pressing q will quit.The updates we installed included a new kernel which requires a reboot, so go ahead and do this at the console.Weve almost finished getting our Pi into a workable state.If youre like me though and reside in the United States you will soon notice that the keyboard layout of the Pi doesnt match what you would expect.This is because the Pi is setup by default to use the British keyboard layout.To change this, we first need to configure our locale.Do this by entering the following.Use the arrow keys to scroll down to enGB.UTF 8 UTF 8. Press space to deselect this. Blizzard Account Hacked With Authenticator Key . Then, scroll down and select enUS.UTF 8 UTF 8. Press tab to select OK and press enter.You will then be asked to select the default locale for the system.Change the selection from None to enUS.UTF 8 UTF 8, and then press tab to select OK and press enter.A new locale will be generated on exit.Now we need to change our keyboard layout.Enter the following.Press enter on Generic 1.Intl PC. On the next screen scroll all the way down to Other and press enter.Then, select English US and press enter.On the next screen scroll all the way to the top and select English US again.Select The default for the keyboard layout, No compose key, and No on the subsequent screens.Finally, do a reboot for everything to take full effect.Once the Pi has rebooted we can finally start being evil Start up the graphical user interface by entering the following We can confirm that our keyboard layout is correct by right clicking and going to Applications accessories Notepad.If Shift 2 produces an then everything is good If youre feeling adventurous, explore the Pwn.Pi menu to see all of the tools available to us.Well be using a tool called mitmproxy to perform the actual man in the middle attack.HTTP traffic when performing a MITM.It also has Python library named libmproxy which we can use to script our attack.Unfortunately mitmproxy isnt pre installed on Pwn.Pi but we can fix this First we need to install pip, which is a tool for installing and managing Python packages.We can do this by right clicking, opening a Terminal, and executing the following.Once pip is installed we need to install a few prerequisites before mitmproxy will work.These packages are needed because we will be compiling mitmproxy as well as its dependent packages from source.Once theyve been installed we can download, compile, and install mitmproxy.Note this may take a very long 3.Specifically, compiling libxml.Raspberry Pi is quite a taxing task.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2017
Categories |