Many people never bother to change their default password on their devices. For a Raspberry Pi, this can leave it extremely vulnerable. Today, we will be looking at a little tool that can discover Raspberry Pi’s on a network and attack those devices.
Rapberry Pi is your tiny, dual-display, desktop computer …and robot brains, smart home hub, media centre, networked AI core, factory controller, and much more.The tool we will be looking at today is rpi-hunter, this tool will scan a network looking for Raspberry Pi’s with default credentials and log into the device. Once it identifies them and logs in, you can pretty much push any payload you want onto the device.
To do this you will need a Raspberry Pi running Raspbian with default credentials with SSH powered on and a computer that runs Python.
The instructions are on the Github page (https://github.com/busescanfly/rpi-hunter) to download and install this software. It’s pretty simple, just open a terminal and use the one liner on the page.
sudo pip install -U argparse termcolor && sudo apt -y install arp-scan tshark sshpass && git clone https://github.com/BusesCanFly/rpi-hunter && cd ./rpi-hunter && chmod +x rpi-hunter.py
Next what we will do is log into our Raspberry Pi via SSH.
The default password is raspberry. And that will log us in.
Perfect, we know that we have a Raspberry Pi with default credentials. Now let’s install rpi-hunter. So exit from the SSH session and run the one liner script.
Now that we have it installed, let’s see what option rpi-hunter gives us for evil purposes.
As we can see there are some nice options and the payload option sticks out to us. So let’s try a few commands. To list the various payloads that are available to us we can run
sudo python ./rpi-hunter.py --list
Here we go. so we have a whole list of payloads to choose from. To craft a command for this tutoril let’s use the –help option to see what we can do with this tool.
Let’s say we want to specify the IP range, we can use -r to do that.
sudo python ./rpi-hunter.py-r 192.168.0.0/24 --payload 'whoami'
This will give us the whole network range so that we can see what Rapsberry Pi’s are connected that have default credentials and drop a payload asking who am I?
As we can see we have identified a Raspberry Pi and the payload was dropped to tell us we are pi. So we have successfully SSH’ed into the device.
So now that we are logged in, let’s have some fun. You may have noticed there was a rickroll payload, let’s try that.
sudo python ./rpi-hunter.py-r 192.168.0.0/24 --payload rickload
Never gonna give you up, never gonna let you down 😀
Success!! this payload is quite loud and may be used as a prank on your friends.
That’s it guys and girls. Thanks for reading and please, don’t forget to leave a like. Also, if you like the content you can subscribe and come back to learn more hacking tools from ls /blog. Ciao for now 🙂
Also, if you can, please consider donating to ls /blog, for as little as €5 once off payment below. We can’t do this without your help, thanks.