How to perform a Pixie Dust WPS attack using the Raspberry Pi

About: WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and your wireless devices faster and easier. It only works for wireless networks that have WPA/WPA2 security. It is suppose to make it easier to connect devices without a keyboard, like a TV, to your home network. Most routers come with WPS enabled and work by pushing the WPS button on your router and connecting your device. I personally have never heard or WPS before doing this research and have never used it in my personal life.

WPS works by having the router generate an eight-digit PIN that you need to enter on your devices to connect. WPS can easily be cracked because rather than the router check the entire eight-digit PIN at once, the router checks the first four digits separately from the last four digits. This makes WPS PINs very easy to brute force. There are only 11,000 possible four-digit codes, and once the brute force software gets the first four digits right, the attacker can move on to the rest of the digits. Many modern routers try to prevent this by timing out incorrect pins after a certain time, but this is still not the norm.

Many routers come with WPS enabled and it can be disabled. You can follow my tutorial on how to disable WPS on my Netgear router here. The best router to purchase that will remain secure from this kind of attack is a router that doesn’t even provide WPS.

Objective: To demonstrate how insecure having WPS enabled on your router

Material: You will need the following:

Instructions: I am using PwnPi on my Raspberry Pi but this can also be performed using Raspbian. Let’s start by installing some software and the tools we will be using. I will assume you have the aircrack-ng suite already installed and know how to use your WiFi USB adapter. Continue Reading

How to setup your Raspberry Pi as an Access Point

About: Setting up your Raspberry Pi as an access point may come in handy. Especially in a pinch when your home router dies and you need some WiFi in your house while a new router is on order. It can also be useful if you want to set up an access point to perform evil doings like monitoring all the traffic or setting up an evil twin network.

In this tutorial we will be setting up a WiFi Access Point and linking all data to our Ethernet connection, so make sure we have an active internet connection on the Ethernet port to tunnel all the WiFi data to it.

Objective: To create a WiFi access point on our Raspberry Pi and link our WiFi connection to the Ethernet connection.

Material: You will need the following:

Instructions: Just a warning before continuing, setting up your network settings can mess things up if you are using the Raspberry Pi for something else. Be sure to make a backup of your Raspberry Pi before continuing if you need to. Also troubleshooting network issues can be difficult if you are inexperienced with networking. Be sure to follow the directions carefully and you should be alright.

Continue Reading

How to disable WPS on the Netgear JNR3210 Router

About: WPS stands for Wi-Fi Protected Setup and it is a wireless networking standard that tries to make connections between a router and wireless devices faster and easier. It works only for wireless networks that have WPA/WPA2 security. That’s great, however there is a problem with WPS, it can easily be cracked and allow a hacker access to your home WiFi network.

WPA2 security is very secure and there really is no way of hacking WPA2 without using a dictonary attack which can take months depending on the hardware you are using to bruteforce. It can also be a waste of time if your password is very long and includes many special characters, however if you have WPS enabled on your router (which it usually is by default) there is a faster way to hack your WiFi and it can be usually done in a maximum of 12 hours.

Objective: To disable WPS on our Netgear JNR3210 router to improve WiFi security.

Material: You will need the following:

Instructions: You will need to begin by opening your browser and typing in the IP address for your router. The default is usually on Netgear routers. Type in the username and password. The default username is ‘admin’ and the default password is ‘password’.

Login to your Netgear JNR3210 router

Continue Reading

Cracking WEP WiFi using the Raspberry Pi

About: WEP WiFi security has been debunked for years but thankfully for us there are still people who have never switched to the more secure WPA2 protocol. These are either older businesses who never invested in updating their security or have older equipment which is not compatible with the WPA2 security protocol. You will see how unsecured the WEP protocol is and how quickly it can be cracked. The Raspberry Pi I will be using is overclocked to 900 MHz so it will speed up the cracking process a little bit. I plan on writing a separate article on how the different overclock settings and how they compare.

Objective: To demonstrate how insecure the WEP security protocol is and how easily it can be cracked.

Material: You will need the following:

Instructions: In this tutorial I will be cracking my own WiFi router. I have set it up to WEP protocol and have a few phones connected to my network. If you will be doing this you will need to make sure that there is something connected to your network so that there is information being passed back and forth. We will be monitoring all the data and storing it to a file which we will be cracking afterwards. The more data we collect the better our success rate will be. I will also show you how to speed this process up by requesting data from the WiFi router without connecting to it. Continue Reading

How to install Kali Linux on the Raspberry Pi

About: Kali Linux is a OS that is based off of Debian. It is the successor to Backtrak and includes many tools that are used in penetration testing. Penetration testing is the act of testing a system, network or Web application to find vulnerabilities that could be exploited. The Raspberry Pi may not be the most powerful system to do penetration testing on, but it is cheap and is very easy to use. After installing Kali Linux you can set up scripts and perform attacks in the wild, and since a Raspberry Pi is very easy to hide the low cost makes it disposable.

Objective: To install Kali Linux 2.0.1 onto a Raspberry Pi B+ Model. I will be using Linux Mint to format the SD card.

Material: You will need the following:

  • Raspberry Pi
  • 8GB or larger SD card. Class 10 works best on the Raspberry Pi

Instructions: I will assume you know some basic linux terminal commands. If not this guide will be very clear regardless.

You must begin my downloading the Kali Linux Image. There is a compiled image for the Raspberry Pi located at the Offensive Security website. The download page can be found here. Scroll down half way and download the image for your Raspberry Pi. At the time of writing the current version was 2.0.1. Continue Reading

Setup the LM335 Therometer using the Arduino

About: The LM335 is a simple thermometer with only 3 pins. It can be easily interfaced to the arduino or any other microcontroller. The LM335 is pretty much just a diode in a TO-92 case. The voltage rises 10mv for every degree in Kelvins. You will pretty much need to convert the kelvin temperature to Celsius or Fahrenheit using simple calculations.

Objective: To build a simple digital thermometer using a LM335 and an Arduino.

Material: You will need the following:

Instructions: The connections are very simple, you will only need to use 2 of the 3 pins on the LM335. Pins 2 and 3 will only be used. Refer to the breadboard diagram below for connections. The resistors connects to the middle pin of the LM335. The middle pin then connects to the arduino analog0. Pin 3 of the LM335 is connected to ground. Continue Reading