Portable Pen-testing Box



Similar documents
Qt on Raspberry Pi. Jeff Tranter Integrated Computer Solutions (ICS) Qt Developer Days

Motion Detecting Camera Security System with Notifications and Live Streaming Using Raspberry Pi

Chapter 1 Hardware and Software Introductions of pcduino

Live Streaming Motion Detection Camera Security System with Notification using Raspberry Pi

Industry First X86-based Single Board Computer JaguarBoard Released

LIVE STREAMING MOTION DETECTION CAMERA SECURITY SYSTEM WITH NOTIFICATION USING RASPBERRY PI Angela Antony 1, Prof. G. R.

SABRE Lite Development Kit

Raspberry Pi Webserver

PiMail: Affordable, Lightweight and Energy-Efficient Private Infrastructure

Banana Pi Open-Source Router Board

Getting Started in Red Hat Linux An Overview of Red Hat Linux p. 3 Introducing Red Hat Linux p. 4 What Is Linux? p. 5 Linux's Roots in UNIX p.

Vulnerability Assessment and Penetration Testing

4/2/2014 Linux Dev-Boards. Linux Dev Boards. Tagung Forth Gesellschaft e.v. Maerz file:///home/cas/talk/linux-boards/html/linux-boards.

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

Using the Raspberry Pi to establish a Virtual Private Network (VPN) Connection to a Home Network

User Manual of N280. Two cases are optional! N280 port schematic

CONNECTING THE RASPBERRY PI TO A NETWORK

Suricata Performance White Paper

Installing and Configuring Websense Content Gateway

Ingram Micro Cloud Hosted Services

Prototyping Connected-Devices for the Internet of Things. Angus Wong

Raspberry Pi Android Projects. Raspberry Pi Android Projects. Gökhan Kurt. Create exciting projects by connecting Raspberry Pi to your Android phone

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Raspberry Pi Setup Tutorial

Designed for the needs of automation, telecommunications, remote supervision, and monitoring

LABORATORIUM 1 Setup and basic configuration of Asterisk BPX on Linux

Adafruit's Raspberry Pi Lesson 1. Preparing an SD Card for your Raspberry Pi

Dell Wyse Cloud Connect discussion card

1 Scope of Assessment

HP Slate 500 Tablet PC Overview

Monitor Your Home With the Raspberry Pi B+

SINGLE DEVICE FOR MULTIPLE TASKS

Capacities Overview: 9.7 MultiTouch Screen with IPS technology Access to AndroidTM apps HD Multimedia playback

Self Service Penetration Testing

Guide for Updating Firmware and Troubleshooting Connection Issues

SPEED Cloud Computing Terminal. Model: SPEED-TY310

Raspberry Pi. Hans- Petter Halvorsen, M.Sc.

Quick Start Guide. The Raspberry Pi Single Board Computer. Source: Raspberry Pi & Wiki

Intelligence Gathering. n00bpentesting.com

Inspiron Series. Views. Specifications

Using AORUS Notebook for the First Time

Ruby on Rails (Ruby 1.9.2, Rails 3.1.1) Installation

SNAPPIN.IO. FWR is a Hardware & Software Factory, which designs and develops digital platforms.

Inspiron Series. Views. Specifications

Servers, Clients. Displaying max. 60 cameras at the same time Recording max. 80 cameras Server-side VCA Desktop or rackmount form factor

Android Box SNNPB73B

Standalone Attendance Monitoring and Projector System

Point of view HDMI Smart TV dongle Mini RF Keyboard

Recording. Smart recording (depending on the camera models)

Penetration Testing with Kali Linux

DVS-100 Installation Guide

How To Use A Tablet With A Touch Screen (I5) And A Touchscreen (I7) For A Long Time (I2) (I3) And I5) (Ii5) For Long Time

PC Desktop Specifications:

USB 2.0 USB 2.0 ETHERNET AUDIO JACK AND RCA VIDEO HDMI MICRO SD CARD MICRO USB POWER

June 2014 WMLUG Meeting Kali Linux

Adafruit's Raspberry Pi Lesson 5. Using a Console Cable

CT LANforge WiFIRE Chromebook a/b/g/n WiFi Traffic Generator with 128 Virtual STA Interfaces

Product Description Document. Network Monitoring Solution

STI Hardware Specifications for PCs

KeyScan KS-NAS-120. Applications Benefits

Embedded Based Web Server for CMS and Automation System

ANTI-HACKER TOOL KIT. ourth Edition

CompTIA Security+ In this course, you will implement, monitor, and troubleshoot infrastructure, application, information, and operational security.

Patch and Vulnerability Management Program

SYSTEM REQUIREMENTS Single User & Red River Software ASP Users (See Specific Info for Tills and/or Meters) are not Supported in RRS

Embedded Display Module EDM6070

Intel 4111 Generation i7 Processor (Quad Core, Base Frequency 2.BOGHz, 6 MB)

FreeTAB 1017 IPS2 X4+ Sint-Truidensesteenweg Hakendover

Computer Hardware and Software:

DVS-100 Installation Guide

Specifications. What s Inside The box

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

Cisco IP Communicator (Softphone) Compatibility

How To Use An Ipad With A Microsoft Powerbook 2 (I2) And A Microtower (I3) For A Long Time (For A Small Family) (For Business) (I5) (Microtower) (Mini

Internet Of things. Petr Ulvr, Business Development Manager Intel Corp. CEE New Biz Virtual Team

Open Source Security Tool Overview

Product Description. Licenses Notice. Introduction TC-200

Network Security. Network Packet Analysis

SwannSecure Wi-Fi Monitoring System

Penetration Testing for iphone Applications Part 1

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

Penetration Testing Workshop

Video Conference Server Bandwidth Requirements

Be sure to connect the USB cable from TonePort into your computer s USB port, and then proceed with the following steps

PD590-KT. Guide Android 4.4.2

Using GIGABYTE Notebook for the First Time

22 (21.5 viewable) Smart Display, Full HD, Rockchip Quad-Core, Optical touch, Android KitKat. VSD224

We are Legion: Pentesting with an Army of Low-power Low-cost Devices

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Specifications 17/17R

OpenWRT. Khalid Baheyeldin Kitchener Waterloo Linux Users Group. August 2014

Capstone Project Putting It All Together

OpenWRT - embedded Linux for wireless routers

Pen Test Tips 2. Shell vs. Terminal

Yun Shield User Manual VERSION: 1.0. Yun Shield User Manual 1 / 22.

Imprint. ecodms Version: (krusty) Manual Build Number: 20 Language: Copyright 2016: ecodms GmbH Salierallee 18a Aachen Germany

Mobile Devices and Systems Lesson 02 Handheld Pocket Computers and Mobile System Operating Systems

Wireless Auditing on a Budget

Vostro Series

Transcription:

Portable Pen-testing Box Saint Leo University COM 497 - Capstone Project Dr. Vyas Krishnan Authors: Hashim Alsalman, Khalid Alalshaykh,

i. Introduction Portable Pen-testing Box, What is it? It is penetration testing tool that is using Raspberry Pi 2 as a core hardware component for implementing the maximum capabilities, which other pen-testing tools may not reach. Mobility is a main subject in this small device, since it gets its power through micro-usb input like many smart phones do. ii. Hardware What is Raspberry pi 2? RP2 model B is a credit card-sized single board computer. It was introduced in February 2015. It has: A 900MHz quad-core ARM Cortex-A7 CPU 1GB RAM 4 USB ports 40 GPIO pins Full HDMI port Ethernet port Combined 3.5mm audio jack and composite video Camera interface (CSI) Display interface (DSI) Micro SD card slot VideoCore IV 3D graphics core Device Name Device Description Cost Raspberry pi 2 *Single board computer $35 Wireless Adapter Realtek 8191 300Mbps 802.11n/g/b USB Wireless WIFI LAN Network Card Adapter $8.50 SDHC Memory 32GB UHS-I/Class 10 Micro SDHC Memory Card Up to 48MB/s $9.99 PiTFT 3.5" display with 480x320 16-bit color pixels $44.99 Charger Power AA Battery Portable Charger Power Pack Power Supply $9.99 Case for RP2 Clear Case for Raspberry Pi 2 Model $9.50 Remote Control Raspberry pi Mini Wireless Handheld Remote Control Keyboard Keyboard with Multi-Touch Touchpad $8.50 Total Cost $126.47 Total without case, PiTFT, RC Keyboard $63.48

Raspberry pi 2 is just released so we had to wait long time to get it. Finding the best in the market with affordable price We had to buy several touchscreens to find the one that works perfectly with new Raspberry pi 2 iii. Software This section will cover only the fundamental software and application that are related to penetration testing, drivers and some additional software are not listed. Operating System o Raspbian OS o Debian wheezy o Kernel version:3.18 o Copy : 2015-02-16 o Free operating system based o Comes with over 35,000 packages Dealing with Linux based system and learning its commands. We had to install and test several operating systems before we decide which one is the best to the project. Raspbian OS just released its version that supports Raspberry pi 2, so we faced some bugs and problems. System Management 1. Webmin : Web-based system configuration tool for system administration. Using any web browser, it is easy to setup user accounts, Apache, DNS, file sharing and more other tasks.

Version: 1.740 o perl o libnet-ssleay-perl o openssl o libauthen-pam-perl o libpam-runtime o libio-pty-perl o apt-show-versions o python Download Link: o http://prdownloads.sourceforge.net/webadmin/webmin_1.740_all.deb Long process to install and configure. Not assessable from outside the network, PageKite solved the problem. A problem related to the SSL, solved by disabling it. 2. PageKite : A reverse proxy tool that connects the PI2 to the public Internet. It makes it possible to connect to the PI2 from anywhere even if it connected to a privet network with dynamic IP. Version: 0.5.4 o python-socksipychain (>= 2.0) Download Link: o http://apt.he.pagekite.me/ Long process to configure. Writing and editing files to make it works properly.

3. Postfix : Mail transfer agent (MTA), makes it possible to send emails directly from the command line using Gmail SMTP configurations. Version: 3.0 o mailutils o libsasl2-2 o ca-certificates o libsasl2-modules complicated, hard to configure. Penetration Testing Tools 1. OpenVas: Services &Tools for vulnerability scanning and vulnerability management Version: 7.0.4 o libmicrohttpd-dev o libxml2-dev o xsltproc o libxslt1-dev o pkg-config o flex o cmake o libssh-dev o sqlite3 o libsqlite3-dev o libgnutls28-dev o libgcrypt11-dev o libglib2.0-dev o libpcap-dev o libgpgme11-dev o uuid-dev bison o libksba-dev o nmap

Download Link: o rpm o doxygen o libgnutlsxx27 o libgnutls-dev o libghc-gnutls-dev o http://wald.intevation.org/frs/download.php/1722/openvas-libraries- 7.0.4.tar.gz o http://wald.intevation.org/frs/download.php/1726/openvas-scanner- 4.0.3.tar.gz o http://wald.intevation.org/frs/download.php/1730/openvas-manager- 5.0.4.tar.gz o http://wald.intevation.org/frs/download.php/1734/greenbone-securityassistant-5.0.3.tar.gz o http://wald.intevation.org/frs/download.php/1633/openvas-cli-1.3.0.tar.gz No clear instruction found, very advance tool. Very long process installing and configuration. Not programmed to work in Raspbian OS, so we had to do a lot of file changes, write new codes, and create new files. Dependencies files and applications needed some changes. Takes time to load. A new version released that needed new dependencies. 2. Metasploit: Exploit development framework. Version: 4.11.1 o build-essential o libreadline-dev o libssl-dev o libpq5 o libpq-dev

Download Link: o libreadline5 o libsqlite3-dev o libpcap-dev o openjdk-7-jre o subversion git-core o autoconf o postgresql o pgadmin3 o curl o zlib1g-dev o libxml2-dev o libxslt1-dev o vncviewer o libyaml-dev o ruby2.2.1 o nmap o pcaprub o wirble o pg o sqlite3 o msgpack o activerecord o redcarpet o rspec o simplecov o yard o bundler o pcaprub https://github.com/rapid7/metasploit-framework.git No clear instruction found, very advance tool. Very long process installing and configuration. Not programmed to work in Raspbian OS, so we had to do a lot of file changes, write new codes, and create new files. Dependencies files and applications needed some changes. Takes time to load. A new version released that needed new dependencies.

The new version nedded Ruby version 2.2.1 which doesn t work in Raspbian OS, se we had to install Ruby version 2.2.1 manually and that caused a lot of problem with other applications installed previously. Each application edited to take the old Ruby. 3. Nmap: Is a security scanner. Version: 6.47 o fontconfig o fontconfig-config o fonts-droid o fonts-liberation o ghostscript o gnuplot o gnuplot-nox o groff gsfonts o hicolor-icon-theme o imagemagick o imagemagick-common o libavahi-client3 o libavahi-common-data o libavahi-common3 o libblas3 o libblas3gf o libcairo2 o libcroco3 o libcups2 o libcupsimage2 o libdatrie1 o libdjvulibre-text o libdjvulibre21 o libexiv2-12 o libfontconfig1 Understanding and doing the installation process.

4. Wireshark Packet sniffer/analyzer. Version: 4.7.2 o build-essential o automake o autoconf o libgtk2.0-dev o libglib2.0-dev o libpcap0.8-dev o flex o bison Understanding and doing the installation process. 5. TCPdump Packet sniffer/analyzer. Version: 4.7.4 o Directly installed Understanding and doing the installation process. 6. Tshark Packet sniffer/analyzer. Version: 4.7.2 o Directly installed

Understanding and doing the installation process. 7. Netcat: A network analysis tool Version: 1.10 o Directly installed Understanding and doing the installation process. 8. MTR Network diagnostic tool Version: 0.92 o Directly installed Understanding and doing the installation process. iv. Scanning script We coded a scanning script that described as following: o Bash script o Scan the network looking for live hosts IPs. o Create file contains the Live IPs. o Create targets on OpenVas based on IPs. o Create separate scanning task for each target. o Start each scanning task. o Send email contains the result of each scanning task (if it contains vulnerabilities only) o Added as cron job, to work once a day. Learning Bash scripting

Learning XML Scan the network for live IPs and get the result as quick as possible, solved by using ping with specific parameters Communicating with OpenVas using bash script. Storing XML files and getting specific information from them. Handling errors. v. Connection The Portable Pen-testing Box can be accessed remotely using several types of connections as following: o Webmin : wm.com497.pagekite.me o SSH : ssh.com497.pagekite.me o OpenVas : ov.com497.pagekite.me vi. Conclusion Raspberry Pi 2 offers a lot of features that attract computer science majors. Its small size, low-cost, and capabilities make it very powerful tool for penetration testing. Although installing applications on it is not as easy as it is in the other known operating systems, it is still very stable and efficient.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information