How To: Set Up a Practice Computer to Kill on a Raspberry Pi 3

Set Up a Practice Computer to Kill on a Raspberry Pi 3

The world is full of vulnerable computers. As you learn how to interact with them, it will be both tempting and necessary to test out these newfound skills on a real target. Today, I'll introduce a deliberately vulnerable Raspberry Pi image designed to help you practice and take your hacking skills to the next level.

Going Hands-on Without Handcuffs

Many of us are hands-on learners, and the best way to learn a skill is to actually try what you're being taught to gain a real understanding. This can get legally complicated when learning about cyber security, due to complex and beginner-unfriendly computer hacking laws in the US and other countries.

With hacking constantly in the news and on the national radar, police are less and less understanding when dealing with issues of computer intrusion. As many of the principals you will learn are designed to compromise or break computers, learning about ransomware on your sister's laptop or local library computer may not be the best place to make your first mistakes as a hacker.

The solution is a computer with no valuable data inside, one which is deliberately vulnerable and specifically made for attacking. So where do you get this vulnerable computer? Do you buy an old one and hope that it has some interesting vulnerabilities? Ten years ago, that's exactly how you'd practice hacking older systems. Today, specially designed vulnerable operating systems are used to practice hacking tools against common vulnerable software services.

My personal DV-Sadberry Pi Zero W in a 3D printed case for doing messed up things to. Image by SADMIN/Null Byte

Since Null Byte is a white hat hacking community, it's important we provide every opportunity to practice lawfully and safely as we learn to break things. The Raspberry Pi is a cheap, flexible computer that can run a wide variety of popular software and backend applications. This makes it a perfect alternative to running a virtual machine as a "firing range" computer for practicing attacks.

VM Versus Native Installation

So why not just run it on your own laptop in a virtual machine? I've always hesitated to unleash the fury on a virtual machine nestled inside my precious hacking laptop. Virtual machines can be complicated for beginners, and the price of running that logic bomb on your mom's HP versus the virtual machine could be destroying the computer.

Physical separation is desirable, but until recently, it was rather expensive to buy another computer for testing when a free VM is available. That has changed with the availability and price point of the Raspberry Pi. Now, for $35, you can get started hacking safe and legal targets thanks to the hard work of the InfoSec community!

Re4son's Damn Vulnerable Pi

Australian security researcher Re4son runs Whitedome Consulting, a site featuring custom Raspberry Pi images developed in support of both cyber security learning and active penetration testing. He also builds things with the Raspberry Pi that Blue Teams see hovering in their darkest nightmares. Offering both offensive and practice images, Re4son's Damn Vulnerable Pi image caught my eye after relying on his excellent "Re4son Kernel" to solve many problems running Kali Linux on the Pi Zero W.

Re4son makes things like this "Sticky Fingers Kali Pi" in a tactical penetration testing platform that gives hackers an air force. Image by Re4son/White Dome Consulting

The Damn Vulnerable Pi image is a perfect companion to an offensive Kali Linux build, simulating a target computer running vulnerable services for you to destroy. Setup is simple and use is elegant with an optional touchscreen, although we will be using the "dv-pi" tool to control our DV-Pi over SSH from any laptop or smartphone for the sake of simplicity and compatibility. This tool is perfect for practicing at home, running hacking competitions, or demonstrating at live hacking events.

Re4son's DV-Pi comes with the following features:

  • 3 GB image ready to go with all common TFT screens.
  • Re4son Kali-Pi Kernel 4.4 with touch screen support.
  • Supports Raspberry Pi 0/0W/1/2/3.
  • Tool (re4son-pi-tft-setup) to set up all common touch screens, enable auto-logon, etc.
  • Command line tool (dv-pi) for headless operation.
  • Each image comes with one vulnerability to get in and one vulnerability to get root.
  • Each image has two proof.txt with a hash to proof successful compromise.

What You'll Need

Everything you need to really mess up this Pi's day. Image by SADMIN/Null Byte

Optional: You can set up you DV-Pi from a smartphone instead of a laptop after the image is burned.

Step 1: Prepare the Image & SD Card

To begin, we'll need Re4son's DV-Pi image. You can find it on his blog here. We'll start with the "easy-ish" image version linked here.

After downloading the DV-Pi image, unarchive the image and select your favorite disk image burning software, because we'll be burning the image to an SD card. I like Etcher, which is what I use, but you can use anything that will write bootable disk images to an SD card.

At this point, you'll need to insert the SD card you intend to run the DV-Pi on into your laptop. I recommend using no less than 8 GB microSD cards. Put the microSD card into your adapter of choice, and after plugging it into your laptop, ensure you can see it listed with your other drives.

Burning the DV-Pi to a 16 GB microSD card.

In Etcher (or whatever program you use), select the .img file you downloaded and unarchived, and burn it to the SD card you have inserted. This will give you a bootable image on the card, ready to insert into your Raspberry Pi.

Step 2: Load Your SD Card & Connect Ethernet

After you're finished burning the OS onto the card, load the card into your Raspberry Pi and connect it via Ethernet to your network. Plug in the power and you'll see the DV-Pi start up. You can also connect it to an HDMI display and watch it boot to ensure everything is working correctly. It should look exactly like this:

A successful DV-Pi startup sequence. Image by SADMIN/Null Byte

Once the Pi is booted, you should be able to scan your network with arp-scan or Fing network scanner from your laptop or phone to discover the Pi's IP address. When you have the IP address, you'll be able to SSH into the Pi. In this case, the device name we're looking for is "dv-pi3."

Scan of the DV-Pi over the network to find its IP address. Image by SADMIN/Null Byte

Step 3: SSH into the DV-Pi

Armed with the IP address, we can now SSH into the Raspberry Pi. You can scan the Pi's IP address with Fing Network Scanner to ensure port 22 is open and waiting for a connection.

Image by SADMIN/Null Byte

You can SSH into the Pi via command line from the terminal on your laptop by running:

ssh pi@(ip address here)

The password will be "raspberry." You can also log in on a smartphone using an app like JuiceSSH.

Connecting to the DV-Pi via SSH on an Android phone. Image by SADMIN/Null Byte

Once you SSH in, you will have access to the DV-Pi's administrative controls! To know you've logged in, you should see a "Message of the Day" screen like below on a successful SSH connection.

Image by SADMIN/Null Byte

Step 4: Check Status & Start the DV-Pi

To check the current status of our Damn Vulnerable Pi, we can use the dv-pi tool helpfully included by Re4son. To check to see if the DV-Pi is running and vulnerable, enter the following:

dv-pi status

This will show the current status of the device. Initially, it should be off/not vulnerable.

Ready to start hacking? To start the DV-Pi's vulnerable applications, you'll need to run:

dv-pi start

Then authenticate with the password "raspberry" in the terminal. This will start the vulnerable applications.

Image by SADMIN/Null Byte

Step 5: Confirm It's Working

To confirm the DV-Pi is running, scan your network again using Fing to find the Pi's IP address. Tapping on the device will allow you to "scan services" to see that both port 22 and port 80 are open.

Port 80 is running a vulnerable web service. Image by SADMIN/Null Byte

Tap on port 80, or in your browser go to the IP of your Raspberry Pi. A WordPress service to attack should be running on the Pi if the system is vulnerable. If you see the site below, you know the DV-Pi is live!

Ready to get your fingers sticky. Image by SADMIN/Null Byte

Hacking the DV-Pi

Once your DV-Pi is set up, you're ready to get started hacking it. To prove you gained access, a fake "customer database" of credit card info is included to simulate exfiltrating real data and provide some excitement upon succeeding. Re4son runs a fantastic blog and responds to comments and questions on his builds, so check out his site in the future for more great work.

Null Byte & the Community

After speaking with Re4son about how useful his images are for our community, he's updated his images to support all versions of the Raspberry Pi, including the new Pi Zero W. Our hope is to bring a custom Null Byte image for our community to practice on, focusing on wireless security techniques using the Pi Zero W as a cheap, easy way to practice offensive Wi-Fi tools.

If there's interest, please mention in the comments and we can start taking community requests for features and look into giveaways for our community!

Stay tuned for tutorials on using the DV-Pi and other DV images on the Pi Zero W, and for word on Re4son's Wi-Fi focused DV-Pi. You can ask me questions here or @sadmin2001 on Twitter or Instagram.

Cover photo and screenshots by SADMIN/Null Byte

5 Comments

Cheers for the guide! I'll try it on my Pi!

Let me know how it goes!

I figured out the wordpress vulnerability (I think!) even figured out where the user file is stored but getting a hold of the pw is taking some time.

Right now I'm using Armitage & 30k+ word dictionary but it's taking some time. Without giving away any spoilers any other approach you would suggest to expedite the process?

Thanks and keep the tutorials coming!

Would be very interested! Thank you!

Hi there.

I'm trying to set this up on a RPi 1 model B. I got it booting and everything looks fine as in the picture of the boot, but when i scan my network it doesn't show up.

Any ideas why this won't work, I assume it should be possible on the regular RPi and it doesn't hve to be the RPi 3.

Share Your Thoughts

  • Hot
  • Latest