Open in app

Sign in

Write

Sign in

CodeX

Everything connected with Tech & Code. Follow to join our 1M+ monthly readers

Follow publication

Member-only story

Raspberry Pi Zero Password Thief

Another Pi Zero W Hacking Gadget for Physical Penetration Testing

Why wouldn’t you want to plug a small computer into a bigger computer?

Requirements

This project requires a Raspberry Pi Zero W, a USB-A Addon Board, and a Micro SD Card. You’ll also need a computer to configure the SD Card and Pi. This is not an expensive project, total cost is around $35 depending on where you acquire your parts.

The article is informational only. Do not break the law.

Why Would You Want To Do This?

The idea of pulling credentials from a locked computer isn’t new. There are commercial products that can do this like the USB Armory and the LAN Turtle. They do, however, cost quite a bit more than a Pi Zero and a USB board. There are trade offs; commercial devices may cost more but definitely look less suspicious, for example.

How Does This Work?

We will be configuring the Pi as an USB Ethernet adapter. Because USB is plug and play, even if the system is locked, the device gets installed. And because it is an Ethernet adapter, it will be allowed to pass/capture traffic, giving us access to sensitive data and credentials.

Getting Started

Flash the SD Card with Rasbian Lite and add a ssh file to the boot partition. Circuit Basics has a good tutorial on configuring the Pi Zero to be a USB Ethernet gadget. Essentially we need to add dtoverlay=dwc2 to the config.txt file and modules-load=dwc2,g_ether after rootwait to the cmdline.txt file. Insert the SD Card and plug the USB port into your computer. After the Pi boots you should have a new Ethernet adaptor. SSH to pi@raspberrypi or pi@raspberrypi.local and run sudo raspi-config. Set localization options and expand the file system, then reboot. Update Rasbian:

sudo apt-get update && sudo apt-get upgrade -y

Because we are running headless, we’re going to add a script to rc.local to blink the power LED at boot five times once the Pi has fully boot up.

wget https://raw.githubusercontent.com/TheSmashy/Pi-Bash/master/ready_five.sh
sudo chmod +x ready_five.sh
sudo nano /etc/rc.local

Insert the line sh /home/pi/ready_five.sh into rc.local. Because we also want the LED…

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

CodeX
CodeX

Published in CodeX

27K Followers
Last published 10 hours ago

Everything connected with Tech & Code. Follow to join our 1M+ monthly readers

mr.smashy
mr.smashy

Written by mr.smashy

505 Followers
39 Following

Cybersecurity architect. Security dev and researcher. Infosec nerd. Linux enthusiast. All opinions and views are my own. Polite, professional, prepared.

Responses (2)

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech