So I recently obtained a new Raspberry Pi this week. Being as though many owners have already used the Pi as a simple web server, I found that it would be interesting to use this tiny computer for covert ‘analysis’ of remote networks. The Pi can be used to tap into networks via Ethernet or WiFi. Due to the size of this guy, it can easily be placed out of view.
Controlling the Pi over SSH will be the most difficult challenge to overcome when using this device remotely. A first option would consist of directly connecting to the Pi over the internet. It is most likely that the Pi will be behind some sort of firewall or router. This makes incoming connections unreasonably difficult. A second option would involve a repetitive reverse connection that would ‘call home’ on a given interval. This is noisy and could cause unwanted attention. The option that I would like to explore consists of using private networks to gain public exposure.
Since setting up a virtual private network can be time consuming and revealing, we will use Tor as an ‘anonymous’ and easy alternative. Before we get into that, lets download and image the Pwn Pi distribution. You can use whatever distribution that you like or make your own if you have the time. I don’t have the time.
Setting up the Pi
Double check the SHA1 hash. Unzip the image. Unmount the SD card. Copy over the image.
#Check SHA1 sha1sum pwnpi-3.0.img.7z #Install p7zip (optional) and unzip sudo apt-get install p7zip 7za e pwnpi-3.0.img.7z #Find your SD card df -h #Unmount it umount /dev/sdd1 #Copy over the image dd bs=4M if=~/pwnpi-3.0.img of=/dev/sdd
More detailed instructions for flashing an SD card can be found here.
Now that we have the Pi up and running, connect to your Pi through your local network. I simply plugged an Ethernet cable into the device and connected via ssh. Next, install tor.
ssh email@example.com #From the Pi command line sudo apt-get install tor
Open up the tor configuration file at /etc/tor/torrc and add the following lines:
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 22 127.0.0.1:22
These settings will create a hidden ssh service on port 22 of the local loopback address. For these settings to take effect you can either restart tor or simply restart the Pi.
service tor restart #Or shutdown -r now
Check to make sure that tor is up and running on port 9050 by running nmap on your localhost. You should now have two important files located in the /var/lib/tor/hidden_service/ directory called hostname and private_key. Your private_key should stay private, as the name implies, and your hostname should stay as private as you need it to be. The hostname contains the address to your raspberry pi’s hidden ssh service. This will be important later on. If Tor did not generate hidden service files or Tor does not appear to start automatically at boot time, you may need to change ownership of the directory. Run the commands below and restart.
#Check your ports nmap localhost #Check Tor logs ls /var/log/tor/ cat /var/log/tor/log #Change ownership chown -R debian-tor /var/lib/tor/hidden_service/ #Restart one more time shutdown -r now
Connecting to the Pi
Now that we have our hidden ssh service up and running, let’s attempt to make a connection. Download and install Tor if you haven’t already. Download connect.c and compile it. Next, create a file named config in your ~/.ssh directory. Adding the following lines to the config will cause all *.onion domains to be passed through the connect program.
#Install tor sudo apt-get install tor #Compile gcc -o /usr/local/bin/connect connect.c chmod 755 /usr/local/bin/connect #Change ssh configuration echo 'Host *.onion ProxyCommand /usr/local/bin/connect -S localhost:9050 %h %p' >> ~/.ssh/config
You should now be good to go. Startup tor and connect to your Pi via the hostname found at /var/lib/tor/hidden_service/hostname on the Pi.
tor & ssh firstname.lastname@example.org
It is very likely that you will experience a lot of lag when working through Tor. This is the price you pay. Overall, I think this is a pretty cool concept. Not only can you connect to your Pi from anywhere in the world, but your Pi could be anywhere else in the world too! As long as your two devices have internet access, they will never be apart.