Recently I was reading a few articles online about different techniques and tools trying to make sure I always know the latest in cybersecurity. I came across a guy who was working on creating a portable hacking appliance, and well this was right up my ally. To be honest I didn’t even read the article my mind started going a million miles an hour thinking of different tools and attacks I could include on my appliance. The first thing I always do with any project is to make a mental map of the basic features I will need.
If you are unsure how to set up a headless raspberry pi you can check out one of my older blog posts. If you have never heard of BlueDot you may also want to check out this post. We are going to assume we have our Pi all set up before going any further.
sudo apt update && sudo apt upgrade -y
sudo apt install libffi-dev libbz2-dev liblzma-dev libsqlite3-dev libncurses5-dev libgdbm-dev zlib1g-dev libreadline-dev libssl-dev tk-dev build-essential libncursesw5-dev libc6-dev openssl git python3 -y
curl -O https://bootstrap.pypa.io/get-pip.py
python3 get-pip.py
rm -fr get-pip.py
sudo mkdir /tools
sudo chown -R pi:pi /tools
cd /tools
So we now have our basic requirements taken care of let’s talk about some of the attacks our portable hacking appliance will be able to perform while we set them up. The first attack we are going to set up is mitm6 and ntlmrelayx.
mitm6 & ntlmrelayx IPv6 Attack
This is a pretty cool idea for an attack vector if we can manage to get our appliance inside the network we are trying to attack this can work wonders. This attack leverages the default configuration in Windows Vista and up.
mitm6 will respond to IPv6 DHCPv6 requests and assign an IPv6 address it will then assign itself as the default DNS server. From there ntlmrelayx will create HTTP and SMB servers to be used by the exploited DNS server. For more details on this specific attack check out this post.
cd /tools
git clone https://github.com/fox-it/mitm6
git clone https://github.com/SecureAuthCorp/impacket
cd /tools/mitm6
pip3 install -r requirements.txt
cd /tools/impacket
pip3 install .
Metasploit on Our Hacking Appliance
Metasploit is a framework with a ton of uses: exploitation, post-exploitation, shells, and enumeration. It has a nice command-line interface we will be able to use over SSH to help us once we are inside a network. I am sure you can find a million guides on Google on Metasploit better then I could write so if you are not sure how to use it search there. NMap will also get installed during this process if you don’t already have it. This could take a little bit so grab a cup of coffee.
sudo apt-get remove ruby1.9.1 libruby1.9.1 -y
sudo apt-get purge ruby1.9.1 ruby1.8
sudo apt install git ruby rubygems ruby-pg postgresql-common libpq-dev libpcap0.8 bundler ruby-pcaprub libpcap0.8 libpcap0.8-dev libsqlite3-dev namp -y
sudo gem install bundler
cd /tools
git clone git://github.com/rapid7/metasploit-framework
cd metasploit-framework
./msfupdate
bundle install
How do we talk to our Portable Hacking Appliance?
So we have our device inside our target network but we have no way to connect to it. Well, this is true we could use a reverse SSH connection but that is kind of loud when it can’t find the server to connect to because it will keep retrying. We could use a simple reverse shell but it will have the same issue as above. So let’s use ZeroTier for SSH, Discord & Email to exfiltrate data. You may have other ideas in mind on how to do this like setting up a full command and control server over HTTPS or TCP but this seems like a lot of coding for a short pentest. Lets get started installing ZeroTier, first you will need to make a account over at their website (here).
curl -s https://install.zerotier.com | sudo bash
sudo systemctl enable zerotier-one
sudo systemctl enable zerotier-one
Now lets check to make sure everything is working properly by running
sudo zerotier-cli status
You should see something like “200 info [ID] [version] ONLINE” if everything worked properly. Now we need to join the network we made on the website.
sudo zerotier-cli join [network id]
Finally, go back to the website and allow the new device onto the network. You can then add your computer and you will be able to connect to the portable hacking appliance.
We have the basics of our pen-testing box set up we will continue more in part 2.