قالب وردپرس درنا توس
Home / Tips and Tricks / How to Set Up a Practice Computer to Kill on a Raspberry Pi «Zero Byte :: WonderHowTo

How to Set Up a Practice Computer to Kill on a Raspberry Pi «Zero Byte :: WonderHowTo



The world is full of vulnerable computers. As you learn how to interact with them, it will both be tempting and necessary to test out newfound skills on a real target. Raspberry Pi image designed for practicing and taking your hacking skills to the next level.

Many of us are hands-on learners, and the best way to learn a skill is to try a real understanding;

With hacking constantly in the news and on the national radar, they are less and less understanding when dealing with issues of computer intrusion.

The solution is a computer. As a hacker, the solution is a computer inside which is deliberately vulnerable and specially made for attacking. So where do you get this vulnerable computer? Do you have some interesting vulnerabilities? Ten years ago, what exactly did you practice hacking older systems.

My personal DV-Sadberry Pi Zero W is printed in a 3D printed version Case for doing messed up things to. Image by SADMIN / Zero Byte

Since Zero Byte is a White has hacking community, it's essential to have every opportunity to practice lawfully and safely as we learn to break things. The Raspberry Pi is a cheap, flexible computer that can run a wide variety of popular software and backend applications;

VM Versus Native Installation

So why not just run it on your laptop in a virtual machine? I've always been hesitated to unleash the fury on a virtual machine inside my precious hacking laptop. Virtual machines can be used to start the process of bombing your mom's HP versus the virtual machine could be destroying the computer.

Physical separation is desirable, but until recently, it was rather expensive to buy another computer for testing when a free VM is available. Now, for $ 35, you can get hacking safe and legal targets thanks to the InfoSec community!

Re4son's Damn Vulnerable Pi

Australian security researcher Re4son runs Whitedome Consulting, a site with custom Raspberry Pi images developed in support of both cyber security learning and active penetration testing. So he builds things with the Raspberry Pi that blue teams see hovering in their darkest nightmares. Re4son's Damn Vulnerable pi image caught my eye after relying on his "Re4son Kernel" to solve many problems running on the Pi Zero W.

Re4son makes things like this "Sticky Fingers Kali Pi" in a tactical penetration testing platform that gives hackers an air force. Image by Re4son / White Dome Consulting

The Damn Vulnerable Pi image is a perfect companion to an offensive Kali Linux build, simulating a target computer running vulnerable services for you to destroy. Although we want to use the "dv-pi" tool to control our DV-Pi over SSH from any laptop or smartphone for the sake of simplicity and compatibility.

Re4son's DV-Pi comes with the following features:

  • 3 GB image ready to go with all common TFT screens. [19659018] Re4son Kali-Pi Kernel 4.4 with touch screen support.
  • Supports Raspberry Pi 0 / 0W / 1/2/3.
  • Tool (re4son-pi-tft-setup) to set up all common touchscreens, enable auto logon, etc.
  • Command line tool (dv-pi) for headless operation.
  • Each image comes with one vulnerability to get in and one vulnerability to get root.
  • Each image has two proof. txt

What You'll Need

Everything you need to really do up this Pi's day. Image by SADMIN / Zero Byte

Step 1: Prepare the Image & SD Card

To begin, we'll need Re4son's DV-Pi image. You can find it on his blog here. We'll start with the "easy-ish" image

After downloading the DV-Pi image, unarchive the image and select your favorite disk image burning software, because we'll be burning the image to SD card.

At this point, you'll need to insert the SD card that you want to run the DV-Pi on into your laptop. I recommend using no less than 8GB microSD cards.

Burning the DV-Pi to a 16GB microSD card.

In Etcher, select the .img file you downloaded and unarchived, and burn it to the SD card;

Step 2: Load Your SD Card & Connect Ethernet

After you're finished burning the OS onto the card, load the card into your Raspberry Pi and connect it via Ethernet to your network. Plug in the power, and you'll see the DV-Pi start up. So you can connect it to the HDMI display and make sure everything is working correctly. It should look exactly like this:

A successful DV-Pi startup sequence. Image by SADMIN / Zero Byte

After the Pi is booted, you should be able to scan your network with arp-scan or Fing network scanner from your laptop or phone to discover the Pi's IP address. In this case, the device name is "dv-pi3."

Scan of the DV-Pi over the network to find its IP address. Image by SADMIN / Zero Byte

Step 3: SSH Into the DV Pi

Armed with the IP address, we can now SSH into the Raspberry Pi. You can scan the Pi's IP address with the Fing Network Scanner

Image by SADMIN / Zero Byte

You can SSH into the Pi via ssh pi @ [ip address here]

The password will be "raspberry."

Connecting to the DV-Pi via SSH on an Android phone. Image by SADMIN / Zero Byte

Once you SSH in, you will have access to the DV-Pi's administrative controls! SSH connection.

Image by SADMIN / Zero Byte

Step 4: Check Status & Start the DV-Pi

To check the current status of our Damn Vulnerable Pi, we can use the dv-pi tool helpfully included by Re4son. To check to see if the DV-Pi is running and vulnerable, enter the following:

 dv-pi status 

This is the current status of the device. Initially, it should be off / not vulnerable.

Ready to start hacking? To start the DV-Pi's vulnerable applications, you'll need to run:

 dv-pi start 

Then authenticate with the password "raspberry" in the terminal.

To confirm the DV-Pi is running, scan your network again using the Pi's IP address.

Port 80 is running a vulnerable web service. Image by SADMIN / Zero Byte

Tap on port 80, or in your browser go to the IP address of your Raspberry Pi. A WordPress service should be running on the Pi if the system is vulnerable.

Ready to get your fingers sticky. Image by SADMIN / Zero Byte

Hacking the DV-Pi

Once your DV-Pi is set up, you're ready to start hacking it. To prove you gained access, a fake "customer database" of credit card info is included to simulate exfiltrating real data and provide some excitement upon succeeding. Re4son runs a fantastic blog and responds to questions and questions on his builds.

Zero Byte & the Community

After speaking with Re4son about how useful his images for our community, he's updated the images to support all versions of the Raspberry Pi including the new Pi Zero W. Wi-Fi tools are easy-to-use methods for wireless security techniques.

If there's interest, please mention in the comments and we'll start taking community requests for features and look into giveaways for ours community!

Stay tuned for tutorials on the DV-Pi and other DV images on the Pi Zero W, and for Re4son's Wi-Fi focused DV-Pi. Twitter or Instagram.

Do not Miss: How to Automate Hacking on the Raspberry Pi with the Rubber Ducky USB

Cover photo and screenshots by SADMIN / Null Byte




Source link