Various gadgets and doodads related to pentesting that I messed around with as I study more.

Table of Contents

(Maybe I should write more table of contents first on these posts)

1. RP2040-One Bad USB Rubber Ducky
2. Raspi Zero portable router for MiTM attacks
3. wip

RP2040-One Bad USB Rubber Ducky

Got this from Akihabara for super cheap, turns out it was the perfect form factor and platform to get a USB rubber ducky for less than 1/4 the price of what you can get on Hak5. It uses the exact same chip as on the Raspberry Pi pico, so it’s pretty much compatible with any pico projects I believe.

Looked up people making bad USBs from raspi pico’s (like NetworkChuck’s video), but was still irked by the fact that it was really bulky when he was using the raspi pico with all the cables sticking out of it. This on the other hand came in one neat little package and is ready for you to flash stuff on it.

You can find my scripts on my github page, but I haven’t done anything much yet other than writing a few test scripts to confirm it was indeed working. After looking around forums a bit, it seems like I’d need to learn way more shellscript and CMD commands on windows before making anything complicated.

In the future, I’d like it to be able to do things like:

• Install Bonzi Buddy on a target computer
• Launches a simple image that can’t be closed on the main screen
• Getting credential exfil scripts to work
• etc.

Raspi Zero Portable Router for MiTM Attacks

In another episode of yet more things Andra doesn’t need, I also bought one of these kits that turns your Raspi Zero into a mini computer on a stick. It was cheap (about 900 yen I think?) so I pretty much bought it on an impulse, so I didn’t really think of what I can use it for until about a few hours ago. Reading through reddit also didn’t really help much (unsurprisingly huheh). That is, until I was watching NetworkChuck’s video on public WiFi hacking where he used a Raspi 4 as a router to perform Man-in-the-middle (MitM) attacks on a cafe’s network.

After seeing that it hit me, I can just turn this thing into a portable router or something and I can just plug it into my laptop in a cafe to do those attacks (legally of course). I wouldn’t even need to bring in 3 meters worth of cables like what he did in the video to power his Raspi 4 since it’s all powered and connected to my laptop. The only problem I can think about right now is that the Raspi Zero w that I have probably has a pretty poopy wireless antenna.. so I’ll probably need to find/modify a Raspi Wifi HAT in order to make it work well.