f33d by Prelude

Share this post
Catch me if you can
feed.prelude.org

Catch me if you can

How to build a disposable attack box using a Raspberry Pi

David Hunt
Apr 5, 2021
Share this post
Catch me if you can
feed.prelude.org

This post describes the basic process of building an attack box on a Pi. The goal here is to introduce the concept and rationale for building a minimal-resource attack box - not to deep dive into each command. Have you seen our Part 2, where we take this box for a test drive?

If you’ve worked with me long enough, you’ve probably seen me whip out a Raspberry Pi and start coding. For years, I’ve started every serious project on a Pi with 1GB RAM before shifting the code to a laptop for continued development.

Why?

Resource management. Clean code. Efficiency.

Raspberry Pi’s leave little room for the clumsy mistakes that are a common by-product of rushing the early development stages. By starting on a Pi, I’ve been able to put proper thought into the foundation of the code before expanding into larger, more forgiving environments.

I’ve built small systems applications, custom malware and even high-performance, big data (billions of files of throughput) applications, all starting on a measly $35 Pi.

The other day, a Raspberry Pi 4, complete with 8GB of RAM, arrived at my doorstep. The plan for this one? Build a disposable attack box I can use in real-world red team operations. And I figured I’d blog it as I go, in case it helps other minimalist programmers like myself.

An attack box is the computer used to launch attacks. It can come in many shapes and sizes, such as a Windows or MacOS laptop, a virtual machine, a Vagrant image, or the most popular Kali or Parrot images on a Linux machine. I like Raspberry Pi attack boxes because they’re cheap and I can swap the SIM cards in/out for different experiences.


Step 1: Unboxing

Unboxing the Pi, I can see the my components.. the Pi, the case, the cords, the heat sinks and fan, the instructions. Tossing the latter aside, I start with the heat sinks. These little guys provide heat dissipation to the chips, to alleviate overheating.

The heat sinks went on a little uneven but that’s because my mother-in-law did this step (me, shifting blame). I thought she had less shaky hands…

Then, I move into installing the fan, which is as simple as plugging the red/black wires into the correct GPIO pins on the board. This isn’t really required but I hate the thought of overheating my new board - and since I’ll be enclosing it in the case - I’ll go on the side of safety and install the fan.

Note my pin placement on the board. The red wire could go in multiple locations, I chose the one which will run the fan at a slower speed. Moving the pin to a new location can speed it up but I’ll save that for the day I need higher performance.

Next, I add the case and insert the SD card. Then I plug it into my monitor, keyboard and mouse.. and voila!

Step 2: Installing

Because I bought a Pi with an included Raspbian OS, I can follow the prompts to install the operating system. Takes 10-15 minutes.

Through this, I will set my timezone, password and tinker with my screen resolution.

I have since repeated this process, using Manjaro Linux, as I like the ongoing release cycle the Arch Linux community uses.

Step 3: Adding my C2

Now for the fun part: adding my attack tools.

Prelude Operator is my daily driver, as a command and control (C2) center. I head to prelude.org and look around for a compiled ARM binary. No dice!

Hmm, stumped.

So I open Operator on my MacOS and click the help button, which dispatches a request to the Prelude development team. Within a few minutes @khyberspache gets a hold of me and I explain my case.


Yes, Alex is really that fast.

Downloading the binary, I go through the typical Linux install steps of making it executable and starting the program.

chmod +x operator-arm-binary
./operator-arm-binary

A few seconds later, I’m welcomed with the friendly Operator login page. Entering my email, and corresponding token, I’m able to log in. Moving on.

Step 4: Adding more tools

Operator is a post-compromise C2. Not a recon, initial access or throwing framework. So if I want to participate in these parts of the kill chain, I’ll have to add a few familiar tools.

I typically create a “toolbox” directory on my attack boxes and clone the tools I use into it. An all-inclusive operating system like Kali or Parrot is great - but for me, I have a small set of rotating tools that I already know well and I would rather use them on a stock ARM/Debian OS because it feels more quaint.

Back in “the day” I used to build my own operating systems using Linux From Scratch (LFS), as a way to create a minimal, 10MB operating system which was custom built around a kernel specifically to avoid fingerprinting from a memory forensics tool (like Volatility) if it was ever stolen from me.

Here are a few tools I like to use:

  • Metasploit (throwing framework)

  • NMAP and its speedy little sister, ZMAP (port scanning)

  • Burp Suite (general web spidering and HTTP proxy intercepting)


I hope you enjoyed this quick tutorial on an easy low-cost way to get an attack box online. If you’re not part of our Discord community, we’d love to see you there.

Share this post
Catch me if you can
feed.prelude.org
Comments
TopNewCommunity

No posts

Ready for more?

© 2023 Prelude Research, Inc.
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing