Today I received my Raspberry Pi GPIO Electronics Starter Kit which extends the functionality of the PI to operate virtually any electronic device connected to the PI. The starter kit I received basically came with the following:
- 1 X T-Cobbler for Raspberry Pi
- 1 X GPIO cable
- 1 X IR remote controller
- 1 X IR receiver module with cable
- 1 X DS18B20 Temperature sensor module with cable
- 1 Bundle Jumper cables
- 1 X high quality Breadboard .
- 1 X Blue 1602 LCD
- 1 X header for 1602 lcd
- 1 X color LED
- 2 X Red 5mm LEDs
- 2 X Green 5mm LEDs
- 4 X bigger Swithes
- 10 X 560 ohm resistors for the LEDs
- 10 X 10K resistors for pullups on the buttons
- 1 X 10k Rotation resistor for 1602 LCD
So as geek’d up as I was about the kit I decided to get my feet a little wet with using the PI’s GPIO (General Purpose Input Output)
So the first project that I stumbled upon was a Gmail LED Notifier which essentially powers on a green LED if I have new mail or a red LED if I do not have new mail. See the Python code below which was very straight forward.(This was not written by me)
import RPi.GPIO as GPIO, feedparser, time
DEBUG = 1
USERNAME = "username" # just the part before the @ sign, add yours here
PASSWORD = "password"
NEWMAIL_OFFSET = 1 # my unread messages never goes to zero, yours might
MAIL_CHECK_FREQ = 60 # check mail every 60 seconds
GREEN_LED = 18
RED_LED = 23
newmails = int(feedparser.parse("https://" + USERNAME + ":" + PASSWORD +"@mail.google.com/gmail/feed/atom")["feed"]["fullcount"])
print "You have", newmails, "new emails!"
if newmails > NEWMAIL_OFFSET:
Essentially the script imports the RPI.GPIO python module and a mail feed parser, initializes the GPIO pins and then a loop is run basically containing a condition to power the green or red LED.
The result of my first project… Success!!
Share the post "First Raspberry Pi Project!"
So strangely enough I have never really used Scapy or at least for anything meaningful in the past (partly due to the fact that I didn’t know how to use it as well as until now didn’t really think I needed it). I think after tonight my opinion of the tool has changed and certainly could find use for it more sooner than later with the amount of VoIP testing I’ve been doing.
So I was browsing some of SecurityTubes videos and came across a video on creating your own wireless SSID sniffer. The video introduces you to Scapy which is a packet manipulation tool that you can find ready to go in Kali Linux. In short this power tool can be used as a sniffer, crafter and modifier of most common protocols.
To speed things up I will show you the packets I collected using the Scapy interactive interface.
Welcome to Scapy (2.2.0)
>>> conf.iface = "mon0"
>>> pkts = sniff(count=5)
RadioTap / 802.11 Control 12L None > c8:d7:19:0d:24:73 / Raw
RadioTap / 802.11 Data 8L c8:d7:19:0d:24:73 > ac:3c:0b:29:fe:96 / Dot11QoS / Dot11WEP
802.3 90:f6:52:00:ba:b7 > ac:3c:0b:29:fe:96 / LLC / Raw
RadioTap / 802.11 Control 9L None > c8:d7:19:0d:24:73 / Raw
RadioTap / 802.11 Management 8L c8:d7:19:0d:24:73 > ff:ff:ff:ff:ff:ff / Dot11Beacon / SSID='druidia' / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt / Dot11Elt
In line #2 I am instructing Scapy to use the the wireless virtual interface mon0 (which has been set to monitor mode). In line #3 I call the sniff() function grabbing 5 packets and storing the contents in an array called “pkts” In line #4 we summarize what we have collected and we can see typical 802.11 Frames (Control, Management and Data). Having a sample management frame (Line #9) gives us all that we will need to create a sniffer. Additionally, If you would like to get a visual breakdown of the packet we could dump the packet to a PDF file using the pdfdump() function as such:
We use pkts to dump the 5th packet in the pkts array we have created. (Line 9 Above which is a management packet)
The output of a management packet should look similar to the following:
Under the 802.11 Header we can see the Type and Subtype of the Management Frame.
Using the following code which I have commented heavily… we have our sniffer.
### We import the scapy module into our program here
from scapy.all import *
#we define a list calles aps to store all APs we detect
aps = 
#The following function is a packet handler that will check each packet as it
#is passed by the sniffer. If the packet has an 802.11 layer and the type is 0
#which is a management frame and subtype 0. If the AP's address is not already in
# the aps list then add it to the list and print it.
def PacketHandler(pkt) :
if pkt.haslayer(Dot11) :
if pkt.type == 0 and pkt.subtype == 8 :
if pkt.addr2 not in aps :
print "Found BSSID %s and SSID %s " %(pkt.addr2, pkt.info)
#Begin sniffing and pass each packet to the PacketHandler function above.
sniff(iface="mon0", prn = PacketHandler)
The output shows as…
Found BSSID c8:d7:19:0d:24:73 and SSID druidia
Found BSSID 00:1d:d3:1b:46:60 and SSID HOME-4662
Found BSSID 02:1d:d3:1b:46:60 and SSID
Found BSSID 06:1d:d3:1b:46:60 and SSID xfinitywifi
Found BSSID 00:1e:2a:57:d0:b4 and SSID NETGEAR
Thanks for reading and P.S. I AM aware of the wireless information contained within this post.
Share the post "Wireless SSID Sniffer in Python"
I just scooped up an Android Mini PC for $35.79 on Amazon for the sole purpose of weaponizing it with some hacking tools including a VoIP sniffing tool that I am currently developing by the name of Prometheus. The native OS on the device is Android 4.0 (Ice Cream Sandwich) which I am not overly impressed with from a performance standpoint. I figure if you are going to sell a device with an OS on it, it should probably run as if the OS were built for the hardware. Now I wouldn’t want to deter anyone from purchasing the device ( too late ) because I do think that $35 is well worth the capabilities that this device withholds.
Any how, I figured I would share the goods incase anyone is looking for a cheap media center or perhaps even something that could suffice as a decent web browsing device. As I mentioned earlier my reason for purchasing it is to eventually utilize it for security testing purposes. At this moment I working on getting a flavor of linux to run on the device with some level of stability. More on my progress soon…
OS: Android 4.0
CPU: Allwinner A10/ 1 GHz Cortex-A8
Internet: Wireless 802.11b/g, WAPI (Ralink8188)
Expansion: Micro TF card, max32GB
IO/Ports: Micro 5pin USB/ USB2.0 data transfer/ OTG and host expand
Share the post "MK-802 Android Mini PC"
Currently working on what I would call my first real tool named Prometheus which is a VoIP sniffing utility. I really don’t want to share too much information on the tool at this time but I will just say that it is coming along well and I hope to share a PoC of the tool within the next few weeks. Below is a screenshot of the command usage:
Share the post "Prometheus"
I didn’t even notice but appearently a directory traversal vulnerability that I discovered back in January was converted into a Metasploit module. Not sure how that one slipped past me… but still cool. Here is the write-up and the source code. Thanks sinn3r!
Share the post "Simple Web Server 2.3-RC1 Metasploit Module"
So I ended up purchasing Security Tube’s Python Scripting Expert course and I am so glad that I did. Right now I am just getting started on Module 2 which focuses on I/O, working with files and much more. Module 1 was a great refresher for me as well as it helped clear up my fuzzy understanding object-oriented programming. The entire module which is broken into 10 parts (videos) covers the essentials of Python programming and is vital to understanding python. Topics such as Lists, Tuples, Functions, Conditions, Classes and much more are explained through practical exercises and examples.
The author, Vivek Ramachandran, delivers the subject at a digestible pace and order which to me is key to putting the puzzle pieces together. As I take this course, it reminds me of the Offensive-Security classes that I have taken in that the teacher finds a way to make complicated material seem much less complicated. At this point in my career I am no longer interested in the multiple choice brain dump exams such as the CEH and CISSP. I don’t want to discredit either of the certs as I think they were both instrumental in me furthering my career, but I think of these certs as more of a badge that you flash to get in the door. For example, it is no secret that right now the industry still recognizes the CEH over the OSCP, but for anyone who can testify to the degree of knowledge gained after taking the OSCP course, they will likely state that CEH holds no water in “Knowledge retention”. To me it is simple, I learn by practical application. Now when I take a course I think about how will the course help me in my career and will I remember what I learned. The OSCP was a course that I could never forget and Security Tube’s Python Scripting Expert course is one that I know I won’t forget either.
As I continue to work through the course I will provide you with a more extensive review.
Share the post "Python Course"
I’ve been really thinking hard about taking this course to help improve my knowledge of python. Python has become a life saver for me at work and it seems like every day I’m finding better and more efficient ways to write my scripts. I’m thinking a course like this would be a great opportunity for me to improve on coding on the fly. If you’d like to check out the course details you can do so here
Share the post "Security Tube Python Certification"
As if the tragic events that took place in the city of Boston wasn’t enough, reports are now stating that malware authors are exploiting the curiosity of Internet users through an email campaign claiming to provide the user with video footage of the explosions that took place at the marathon in Boston.
The email shown below contains a link to a malicious site that hosts two videos of Monday’s events while simultaneously attempting to exploit a vulnerability in the Java platform CVE-2012-1723.
More details on the latest threat can be viewed at naked security.
p.s. The Bruins lost in overtime
Share the post "Spam campaign leverages Boston Marathon events"
I kept hearing about this new remote password change vulnerability on select linksys routers and finally got a chance to take a look at some coverage on it. So it turns out this is a Cross-Site Request Forgery vulnerability which essentially allows you to embed a malicious request against a vulnerable system (Usually an unprotected form or one that does not confirm a submission). I have to say I thought that this was going to be a remote unauthenticated command injection vulnerability of some sort but it looks like at the very least there is some user action required to carry out the attack.
If you are unfamiliar with Cross-Site Request Forgery or you just want to check out the vulnerability itself, there is a decent write up found at Naked Security.
Share the post "Linksys Router Remote Password Change (CSRF)"
Seems like there is a new exploit kit or crimeware kit surfacing every day now. A new crimeware kit labeled “Whitehole” contains contains exploits for a number of known Java vulnerabilities (CVE-2011-3544, CVE-2012-1723, CVE-2012-4681, CVE-2012-5076 and CVE-2013-0422).
More coverage on the new crimeware kit can be found here .
Share the post "Whitehole Exploit Kit In The Wild"