Loading…
BSidesLV has ended
Thank you for joining us for our 5th Anniversary celebration! We certainly hope you enjoy the conference. Here’s to Education, Collaboration, and Community!

Remember, we don’t take ourselves too seriously and you shouldn’t, either! To quote the old motto of another collaborative community, "We trick into learning with a laugh".

We wish you both laughter and learning - and lots of both!

-= Team BSidesLV 
Back To Schedule
Wednesday, August 6 • 11:45 - 12:15
Training with Raspberry Pi

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

One of the biggest questions facing people trying to learn how to hack is “How do you practice without committing a felony?” Wi-Fi is one of the easiest things to break, but it still requires practice to be proficient. To practice, you can either go after a random Wi-Fi network or you can create your own target network. Using an old router is fine, but the passcode has to be changed manually. A Raspberry Pi was turned into a Wi-Fi access point using Hostapd. The goal was to create a hackable target that changes the access code every time it boots.

The Hostapd configuration file has an issue where you cannot store the WEP Key as a variable and then call that variable when the key is defined. This prevents urandom from being used to create a random key. A shell script was written to create the config file every time the Pi boots. This allows for the creation of a random key that can be inserted into the config file before hostapd loads. For verification purposes, the key is logged with creation date and time in a separate monitoring file.

To increase the training benefits of using the Pi platform, a web server was added and vulnerable web apps are hosted. This creates a training platform where both Wi-Fi and web app hacking can be practiced. The ultimate goal is to have a device where you break the Wi-Fi, gain root on the Pi, and force it to reboot. Once it reboots, a new passcode is in place, and the process must start all over. This way, the challenge stays fresh and engaging, and previously collected key material cannot be reused.

Speakers
avatar for Nathaniel Davis

Nathaniel Davis

Nathaniel has worked in the field for more than six years. He started in policy, moved into network architecture and now work incident response. His interest in hacking has always been there, but it really started in earnest after wanting to understand how the security threats worked... Read More →


Wednesday August 6, 2014 11:45 - 12:15 PDT
Tuscany Suites 255 E. Flamingo Rd. Las Vegas, NV

Attendees (0)