Overview

Not long ago, I was scheduled for an upcoming Red Team simulation for an energy company and I started going through all of my gear that I usually bring for the engagement. Aside from my usual tools like shims, lockpicks, and networking gear, I wanted to create a dropbox that I could place on the client’s network that would “phone home” to my attack server, then use tools directly from the dropbox on their network.

Normally, I would use tools such as a LAN Turtle, which is great, but I wanted something that had a full Kali Linux toolset already on it where I could remote in without having to forward traffic through it. I also wanted a device that would connect back to me using multiple methods in case the client’s firewall blocked certain ports outbound. Since Raspberry Pi recently came out with their Raspberry Pi 4, I decided to give it a try. With this type of dropbox, I could walk into a facility in disguise, place the dropbox on their network (preferably on a network switch), then leave the area and have access to their network through an OpenVPN connection and reverse SSH tunnel. I also wanted a backup method incase their egress firewall blocked my outbound traffic so I opted to include a wireless setup for the device. Lastly, I wanted another attack method against employees who used vulnerable wireless mice and keyboards.

Desired Device Requirements

Looking at various options for devices that could be used as dropboxes, I wanted something that was dependable, light, small, fast, and cheap. My desired requirements were the following:

Device had to be relatively small in size where I could hide it behind a computer/under a desk, or by a network switch without being noticed.

Have the capability to use a persistent reverse SSH tunnel and/or OpenVPN for command and control.

Decent storage space (32GB-64GB or more)

Fast enough hardware where I could use pentesting tools and not have horrible lag/sluggishness.

Cost cheap enough where if it got destroyed or taken by someone, it wouldn’t kill my budget.

Option to later add modules for wireless connection and attacks or even a cellular interface for connecting to it via a backchannel.

There are many devices out there like the Hardkernel ODROID-N2, Beaglebone Black, etc but for the price and hardware, I decided to go with the new Raspberry Pi 4.

Hardware Specs

The list of specifications for the Raspberry Pi 4 can be seen below:

Specifications

Broadcom BCM2711, Quad core Cortex-A72 (ARM v8) 64-bit SoC @ 1.5GHz

1GB, 2GB or 4GB LPDDR4-2400 SDRAM (depending on model)

2.4 GHz and 5.0 GHz IEEE 802.11ac wireless, Bluetooth 5.0, BLE

Gigabit Ethernet

2 USB 3.0 ports; 2 USB 2.0 ports.

Raspberry Pi standard 40 pin GPIO header (fully backwards compatible with previous boards)

2 × micro-HDMI ports (up to 4kp60 supported)

2-lane MIPI DSI display port

2-lane MIPI CSI camera port

4-pole stereo audio and composite video port

H.265 (4kp60 decode), H264 (1080p60 decode, 1080p30 encode)

OpenGL ES 3.0 graphics

Micro-SD card slot for loading operating system and data storage

5V DC via USB-C connector (minimum 3A*)

5V DC via GPIO header (minimum 3A*)

Power over Ethernet (PoE) enabled (requires separate PoE HAT)

Operating temperature: 0 – 50 degrees C ambient

* A good quality 2.5A power supply can be used if downstream USB peripherals consume less than 500mA in total.

For the device, I purchased it from CanaKit and I decided to buy the 4GB Basic Kit which was right at $70. The board by itself would only be $55 but I wanted to get the power adapter, heat sinks, etc.

Hardware Shopping List

Raspberry Pi 4 Model B with 4GB RAM (Basic Kit) - $70

SanDisk 64GB Extreme microSDXC UHS-I Memory Card - $15

Raspberry Pi 4 Case with Fan - $12 (optional)

Wireless WiFi USB Dongle Stick Adapter RT5370 150Mbps - $9 (optional)

Crazyradio PA - $35 (optional)

[Note, you could get the Raspberry Pi 4 Model B with 4GB RAM by itself without extras for $55 if you wanted to go cheaper.]

Operating System

For the operating system, I opted to go with Kali Linux as it already has a lot of great tools on it and is geared for pentesting. You can definitely put something like Debian/Ubuntu on the device and add your own tools if you are worried about specific traffic getting noticed by a blue team member that corresponds with Kali Linux. For my needs and ease of use of this demo, I went ahead and installed Kali. Along with the desktop Kali images, Offsec also provides images for ARM devices which the Raspberry Pi 4 device falls under. Each of those Kali images can be found here.