This topic contains 1 reply, has 2 voices, and was last updated by crooq42 1 month, 1 week ago.
- March 8, 2021 at 9:04 am #370246
Hey, as I’m learning how to Pen Test etc, I wanted to setup a Raspberry Pi running whatever OS and attempt to set it up as I would any computer I use then on a computer using Kali Linux, attempt to gain access to it, be it SSH or something other method. Is this a possible idea? Any recommended OS I should put on the pi as well?
- March 8, 2021 at 9:04 am #370252
Lots of books I’ve read recomend practice on Windows XP. I don’t think a Pi can run that OS though.
- March 8, 2021 at 9:04 am #370253
Only downside to pi is it wont give you practice with x86 exploits.
- March 8, 2021 at 9:04 am #370254
You could just use a VM.
- March 8, 2021 at 9:04 am #370255
Give [RasPwn](http://raspwn.org/) a try. It’s a distro specifically for that.
- March 8, 2021 at 9:04 am #370249
Sure, a pi is great, but if you’re just learning, I’d recommend setting up a simple virtual environment with virtualbox. People may have different views on the best way to start learning, but here is a really good introductory [course on ethical hacking](https://www.udemy.com/course/learn-ethical-hacking-from-scratch/). It goes into setting up a virtual environment etc. I think the course only costs like $17 bucks right now. It’s self paced. It’s over 130 videos, most between 5-10 minutes long. IMO, it’s worth the money, but you can probably find the same stuff on youtube or wherever.
- March 8, 2021 at 9:04 am #370250
https://youtu.be/l9YxTXDiiFY This guy’s “networkchuck” has loads of great tutorials for exactly what you’re looking to do. I have nothing to do with him, but his videos are quick and easy to implement, and not nearly as boring or annoying as others.
- March 8, 2021 at 9:04 am #370251
You can set up a pi with kali and have fun with that. That’s what I do with my pi. My ethical hacking teacher required one for class. It’s very useful for MITM attacks and WiFi scanning and various other mobile uses. Also I have it set up as a ssh and rdp server so I can access it from my pc so I don’t even have to plug it in to my monitor anymore.
Remember only networks that have an open bounty or you have expressed consent to hack / scan is legal. Imagine going to someone’s house and looking at every door and window for an entry point. That is why a scan on a non consenting network looks very disturbing to a security team. A version scan would be like you reading the labels on the door locks and windows to find manufacturers so you can research how best to enter a property.
As others have said overthewire is totally doable from a pi or from a VM. The pi makes it more fun IMO.
Use a vm with metasploitable to hack yourself. Make sure to put it on the same network by using NAT when you setup the vm. Also you could set up docker on your pi and download owasp. It’s a web hacking lab environement lots of fun. All done through a browser.
- March 8, 2021 at 9:04 am #370248
Maybe metasploitable, but like the other guy said,. Vms these days. Or better yet tryhackme, hackthebox, overthewire, portswigger and that sort of thing.
- March 8, 2021 at 9:04 am #370247
Absolutely! If you want to set something up on physical hardware and hack it over your home network that is one way to do it. You can also set up a virtual machine on your computer and achieve the same effect through a virtual network. Both have their place but something to consider. Id check out vulnhub, they have tons of vulnerable ISOs that could be loaded onto a pi or put on a virtual machine. Most of them are some form of linux and run some sort of intentionally vulnerable service be it a webserver or something else. https://www.vulnhub.com/
You must be logged in to reply to this topic.