Hacking_and_Penetration_Testing_with_Low_Power_Devices
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Penetration</strong> testing <strong>with</strong> a single beagle<br />
105<br />
comm<strong>and</strong> sudo iwconfig txpower . Every<br />
3 dBm reduction in power will halve the transmit power. If you are sniffing traffic,<br />
there is no reason not to drop transmit power to the minimum.<br />
The wireless adapter can also be switched off when not in use. The comm<strong>and</strong><br />
sudo ifconfig down will shut down the wireless adapter. Turning<br />
the adapter back on is accomplished by running sudo ifconfig up.<br />
Note that if you are connected to a wireless network (vs. simply sniffing), you<br />
may have to rerun wpa_supplicant <strong>and</strong> dhclient3 if applicable. These utilities are discussed<br />
in greater detail later in this chapter.<br />
The power-saving measures discussed so far have no impact on performance.<br />
Further power savings can be realized by shutting down unused chips on the board<br />
programmatically <strong>and</strong> by reducing the CPU clock speed. Sending I2C comm<strong>and</strong>s to<br />
chips on the BeagleBone Black is a bit complicated <strong>and</strong> could also lead to a less<br />
robust drone. Resulting power savings are not likely to be substantial. For these reasons,<br />
I would recommend against messing <strong>with</strong> the onboard chips.<br />
CPU governors allow the clock speed to be throttled up <strong>and</strong> down based on load.<br />
The st<strong>and</strong>ard governors are conservative, ondem<strong>and</strong>, userspace, powersave, <strong>and</strong> performance.<br />
The comm<strong>and</strong> sudo cpufreq-set -g will change the CPU<br />
governor in effect. The ondem<strong>and</strong> governor is a good choice as it will change the<br />
CPU speed depending on system load. Using the ondem<strong>and</strong> governor may allow<br />
run times to be extended if your Beagles spend any significant time idling.<br />
PENETRATION TESTING WITH A SINGLE BEAGLE<br />
Now that we have a full-featured Linux <strong>and</strong> a way to power our Beagles, it is time to<br />
work through a penetration test <strong>with</strong> a single Beagle. More advanced penetration<br />
tests involving multiple devices will be covered later in this book. This first scenario<br />
involves a small financial planning company, Phil’s Financial Enterprises<br />
(PFE) LLC.<br />
PFE has a small office in a strip mall. The employees primarily work from tablets<br />
connected to a wireless network. The company also has some Windows <strong>and</strong> Linux<br />
servers. The server machines are used to purchase commodities, stocks, <strong>and</strong> other<br />
investments. PFE’s auditors have tried to hard sell them on security services including<br />
a penetration test, but the company has opted to hire you instead.<br />
Your test equipment consists of a lunchbox edition of a BeagleBone Black running<br />
The Deck, an Alfa AWUS036H wireless adapter <strong>with</strong> 9 dB omnidirectional <strong>and</strong><br />
15 dB unidirectional antennas, wireless keyboard/mouse, <strong>and</strong> a cigarette lighter<br />
power adapter. Test equipment is shown in Figure 5.6. You plan to conduct the penetration<br />
test from a minivan <strong>with</strong> tinted windows. The strip mall has sufficient activity<br />
<strong>and</strong> parking to allow parking your minivan around the corner from PFE for an<br />
extended period not to arouse suspicion. You plan on leaving the van throughout<br />
the day in order to take care of food <strong>and</strong> other biological needs.