A Pentesting Release for the Raspberry Pi
The Raspberry Pi is a credit-card-sized single-board computer developed in the UK by the Raspberry Pi Foundation with the intention of promoting the teaching of basic computer science in schools. The Raspberry Pi is manufactured through licensed manufacturing deals with Newark element14 (Premier Farnell), RS Components and Egoman. All of these companies sell the Raspberry Pi online. Egoman produces a version for distribution solely in China and Taiwan, which can be distinguished from other Pis by their red coloring and lack of FCC/CE marks. The hardware is the same across all manufacturers. (wikipedia)
Pwnie Express team has announced the initial release of Raspberry Pwn which can be used to turn your raspberry pi into a full-featured security penetration testing and auditing platform. This release of Raspberry Pwn and includes all the tool needed to perform a penetration testing. So, doing penetration testing from your raspberry pi, how does that make you feel? Sqlmap, nmap, wireshark, scapy, nikto, xprobe, socat, do you want more tools for pentesting your network?
Raspberry Pwn comes with the following tools:
Let us me give you a short description of the above tools. I am not gonna explain everything. Just want to explain a two or three tools. A simple Google search will help you to find the details of the remaining tools.
Nmap is a free and open-source tool for network discovery, helping us to map the network. Network administrators find it very useful in their daily job, so if you are planning to be a network administrator you should learn how to use Nmap. Nmap can help us to discover how many hosts are in a network, what operating systems are they running, what open ports do they have and services running in these open ports. It is a command line tool but for those that do not like to remember many commands there is a graphical version of Nmap that is called Zenmap. Both Nmap and Zenmap are multi-platform (Linux, Windows, Mac OS, BSD, etc.), so you do not have to worry about the operating system you need in order to use these tools. Nmap has the ability to save scan results to files and we can use these files for later analyzes. The great thing that I like about Nmap is its scripting engine (NSE). We can write our own scripts and use them with Nmap. See more at: http://www.unixmen.com/scan-your-home-network-with-nmap/
Netcat is a command-line networking tool which is able to read and write data across Transmission Control Protocol TCP and User Datagram Protocol. Originally coded for Unix, it was released in 1996 and has been ported to a number of operating systems and facts tell that it still stays strong in the game. It has been 17 years and netcat belongs in every network admin/security professional’s toolbox. People say “old is gold” and in my opinion this is true when it comes to netcat. Virtually, you can use netcat for everything and your imagination is the limit. Depending on what your intentions are you can use it for good or you can use it for bad. Netcat operates as a client and as a server. Even if there are few exceptions, netcat’s command options are the same for both Windows and Linux and this makes netcat a more powerful tool. In the next article you will be introduced to netcat command options and will learn how perform some basic operations with netcat. – See more at: http://www.unixmen.com/short-introduction-to-netcat
If you need a tool to exploit sql injection flaws in your web application or taking over database servers, sqlmap is the right one. Sqlmap is a tool used by penetration testers all over the world and it is full of feaures. Some of its features are:
- Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
– Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query, stacked queries and out-of-band.
– Support to directly connect to the database without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.
– Support to enumerate users, password hashes, privileges, roles, databases, tables and columns.
– Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack.
– Support to dump database tables entirely, a range of entries or specific columns as per user’s choice. The user can also choose to dump only a range of characters from each column’s entry.
– Support to search for specific database names, specific tables across all databases or specific columns across all databases’ tables.
Do you need a login brute-forcer? Medusa was developed on Gentoo Linux and FreeBSD for bruteforcing network services. Medusa works with FTP, HTTP, IMAP, MS-SQL, MySQL, NCP (NetWare), NNTP, PcAnywhere, POP3, PostgreSQL,rexec, rlogin, rsh, SMB, SMTP (AUTH/VRFY), SNMP, SSHv2, SVN and many other services. You can read more about Medusa here.
As you can see there are all tools you need for penetration testing in this release of Raspberry Pwn. Do you have a pi? Then go and turn it into a pentester machine.