Raspberry Pi Zero Password Thief

mr.smashy
CodeX
Published in
4 min readApr 26, 2021

--

Another Pi Zero W Hacking Gadget for Physical Penetration Testing

Why wouldn’t you want to plug a small computer into a bigger computer?

Requirements

This project requires a Raspberry Pi Zero W, a USB-A Addon Board, and a Micro SD Card. You’ll also need a computer to configure the SD Card and Pi. This is not an expensive project, total cost is around $35 depending on where you acquire your parts.

The article is informational only. Do not break the law.

Why Would You Want To Do This?

The idea of pulling credentials from a locked computer isn’t new. There are commercial products that can do this like the USB Armory and the LAN Turtle. They do, however, cost quite a bit more than a Pi Zero and a USB board. There are trade offs; commercial devices may cost more but definitely look less suspicious, for example.

How Does This Work?

We will be configuring the Pi as an USB Ethernet adapter. Because USB is plug and play, even if the system is locked, the device gets installed. And because it is an Ethernet adapter, it will be allowed to pass/capture traffic, giving us access to sensitive data and credentials.

Getting Started

Flash the SD Card with Rasbian Lite and add a ssh file to the boot partition. Circuit

--

--

mr.smashy
CodeX
Writer for

Cybersecurity architect. Security dev and researcher. Infosec nerd. Linux enthusiast. All opinions and views are my own. Polite, professional, prepared.