I get questions about what kind of equipment I have in my travel hacking bag. Today we will go over most of the tools and hardware I keep on me at almost all times (it is even kept close at work). Most of the things I keep in my bag can be bought for pretty reasonable prices. There is a more expensive or non-homemade version of the same tools out there but I like to create things.
Disclaimer
I feel like I need to put this here; some of these things may be illegal to carry or possess in your country or town. Please check your local laws before carrying any of these things on you. You should also NEVER use any of these tools on anything you don’t own or have permission to attack.
List of things in my bag
- Raspberry Pi 4 – #1 – Network Implant
- Raspberry Pi 3 B – #2 – Kali Box (with HDMI adapter)
- Raspberry Pi 0W – #1 – Ruber Ducky (Exfill Data)
- Raspberry Pi 0W – #2 – Ruber Ducky (Malware Dropper)
- Think Pad Laptop/Tablet – Windows Box (and charger)
- External WiFi Card (monitor mode capable)
- WiFi Pineapple
- Lock Pick Set
- Mini Lock Pick Set
- RFID Card Cloner
- Handheld RF Detector
- Bluetooth Headphones
- NetHunter Phone
- HDMI Cable
- USB Flash Drive
- 4x USB Power Blocks
- 3x USB to USB-C Cables
- 2x USB to Micro USB Cables
- Cat 5 Cable
- Smaller USB Mouse
- Rollup USB Keyboard
- Notebook and Pens
You may notice I carry 4 or more Raspberry Pi’s on me at any given time. There is a reason I created this blog I love them and they have so many uses.
Everything has a place and a purpose
It may seem like a lot to have in my bag, but if you keep yourself organized it’s not too bad. Unless I feel I am going to need it I often will leave my laptop at home. I have plenty of cloud resources at my disposal. You can customize your bag based on your purpose but I always learned it’s better to be over-prepared for any situation.
Raspberry Pi 4 – #1 – Network Implant
Often in penetration tests, you will find unsecured ethernet ports, used right this can expand the attack surface you have available. As every good hacker knows the bigger the attack surface the easier it is to break in. When leaving a network appliance behind you need to put it somewhere it’s not going to be seen or unplugged. People often do not look behind their desks or computers, these can be great places to leave the device. A few of the tools I have on my implant:
- Responder
- Nmap
- WireShark
- Metasploit
- A large cache of scripts for privilege escalation, recon, pivoting, and enumeration
- More…
Raspberry Pi 3 B – #2 – Kali Box (with HDMI adapter)
If you are reading this I’m sure you know what Kali Linux is. If not, it’s a specialized operating system pre-loaded with tons of great hacking tools. I will not go into too much detail as there are a million sites that detail what tools are included and how to use Kali Linux.
Raspberry Pi 0W – #1 – Ruber Ducky (Exfill Data)
Using HID script I wrote (and continued to work on) a tool to gather data from unlocked windows machines, a link: HID Script Payload – WiFi Credentials & More.
Raspberry Pi 0W – #2 – Ruber Ducky (Malware Dropper)
If you came for the code for my custom dropper I am sorry I do not plan on sharing that here. The temptation to do evil things with it is too great for most people and I don’t want that weighing on my mind. I will say if you really want one you can write one pretty easily that will bypass most signature and AI-based antivirus solutions.
Everything else…
All the other items are pretty standard and their uses are well documented all over the web.
I hope you enjoyed the article and have a great day.