Low-Hanging Fruit: A toolset for finding unsecured Raspberry Pis
lhf uses Shodan to search for Internet-connected Raspberry Pis, then attempts to SSH into them with the default admin credentials (pi:raspberry).
On a default install of Raspbian, the pi user has full sudo access – so if you can log in, you basically have root.
Obligatory disclaimer: in the United States, it is illegal to log in to a remote machine without the owner's explicit consent. I offer lhf for learning purposes only. I am not responsible for your actions.
I've only tested lhf on Linux, but it should work on Windows and OS X macOS with few changes, if any.
git clone https://github.com/Fysac/lhf
cd lhf && virtualenv .env && source .env/bin/activate
pip install -r requirements.txt
After the dependencies are installed, you just need to add your Shodan API Key:
echo "YOUR KEY HERE" > SHODAN_API_KEY
find.py <max results=100>
scan.py <threads=10>
In true Unix fashion, lhf operates entirely on standard streams. This means you can chain commands together like so:
python find.py 500 | python scan.py 100 > owned_pies.txt
This command will find at most 500 Raspberry Pis, scan them all using 100 threads, and write the vulnerable host:port combos to a file.