Covert operations as easy as Pi

pi3-300x214So I recently obtained a new Raspberry Pi this week. Being as though many owners have already used the Pi as a simple web server, I found that it would be interesting to use this tiny computer for covert ‘analysis’ of remote networks. The Pi can be used to tap into networks via Ethernet or WiFi. Due to the size of this guy, it can easily be placed out of view.

Controlling the Pi over SSH will be the most difficult challenge to overcome when using this device remotely. A first option would consist of directly connecting to the Pi over the internet. It is most likely that the Pi will be behind some sort of firewall or router.  This makes incoming connections unreasonably difficult. A second option would involve a repetitive reverse connection that would ‘call home’ on a given interval. This is noisy and could cause unwanted attention. The option that I would like to explore consists of using private networks to gain public exposure.

Since setting up a virtual private network can be time consuming and revealing, we will use Tor as an ‘anonymous’ and easy alternative. Before we get into that, lets download and image the Pwn Pi distribution. You can use whatever distribution that you like or make your own if you have the time. I don’t have the time.

Setting up the Pi

Double check the SHA1 hash. Unzip the image. Unmount the SD card. Copy over the image.

#Check SHA1
sha1sum pwnpi-3.0.img.7z
#Install p7zip (optional) and unzip
sudo apt-get install p7zip
7za e pwnpi-3.0.img.7z
#Find your SD card
df -h
#Unmount it
umount /dev/sdd1
#Copy over the image
dd bs=4M if=~/pwnpi-3.0.img of=/dev/sdd

More detailed instructions for flashing an SD card can be found here.


Now that we have the Pi up and running, connect to your Pi through your local network. I simply plugged an Ethernet cable into the device and connected via ssh. Next, install tor.

ssh root@
#From the Pi command line
sudo apt-get install tor

Open up the tor configuration file at /etc/tor/torrc and add the following lines:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 22

These settings will create a hidden ssh service on port 22 of the local loopback address. For these settings to take effect you can either restart tor or simply restart the Pi.

service tor restart
shutdown -r now


Check to make sure that tor is up and running on port 9050 by running nmap on your localhost. You should now have two important files located in the /var/lib/tor/hidden_service/ directory called hostname and private_key. Your private_key should stay private, as the name implies, and your hostname should stay as private as you need it to be. The hostname contains the address to your raspberry pi’s hidden ssh service. This will be important later on. If Tor did not generate hidden service files or Tor does not appear to start automatically at boot time, you may need to change ownership of the directory. Run the commands below and restart.

#Check your ports
nmap localhost
#Check Tor logs
ls /var/log/tor/
cat /var/log/tor/log
#Change ownership
chown -R debian-tor /var/lib/tor/hidden_service/
#Restart one more time
shutdown -r now


Connecting to the Pi

Now that we have our hidden ssh service up and running, let’s attempt to make a connection. Download and install Tor if you haven’t already. Download connect.c and compile it. Next, create a file named config in your ~/.ssh directory. Adding the following lines to the config will cause all *.onion domains to be passed through the connect program.

#Install tor
sudo apt-get install tor
gcc -o /usr/local/bin/connect connect.c
chmod 755 /usr/local/bin/connect
#Change ssh configuration
echo 'Host *.onion
ProxyCommand /usr/local/bin/connect -S localhost:9050 %h %p' >> ~/.ssh/config

You should now be good to go. Startup tor and connect to your Pi via the hostname found at /var/lib/tor/hidden_service/hostname on the Pi.

tor &
ssh root@swzwwr7xg6z77mjn.onion


It is very likely that you will experience a lot of lag when working through Tor. This is the price you pay. Overall, I think this is a pretty cool concept. Not only can you connect to your Pi from anywhere in the world, but your Pi could be anywhere else in the world too! As long as your two devices have internet access, they will never be apart. :D

Total Views: 981 ,
Posted in Tutorials, Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *