The Hackerlab

ByTheDeLay
The Hacker B&B: How I Turned a Pile of Old Laptops into a Hacker Superweapon

Every family holiday starts with a question. “What should we pack?” “Who’s bringing the good snacks?” For me, it started with a slightly different question: “Could I build a private cell tower for our VRBO?”

That ambition, while legally and financially… problematic, sparked a new mission. I would turn our holiday rental into a pop-up, hands-on Hacker Conference. But the real challenge wasn’t just coming up with cool demos. The real question was: How do you take a dozen random, mismatched laptops in a temporary location and orchestrate them into a seamless, centrally-controlled presentation platform?

The answer: you build a hacker superweapon. A portable, automated, and powerful system for fleet management and content delivery. I called it the “Holiday Hacker Demo Lab,” and this is the story of how it was built.

Act I: The Payloads – The “What”

Before we dive into the “how,” let’s talk about the “what.” The entire platform was built to deliver a series of high-impact, educational demos. These were the payloads; the “warheads” for my new delivery system. I won’t spoil all the surprises—you can explore them in detail on the live site—but here’s a taste of what the platform made possible:

  • The Welcome Party You Can’t Escape: I turned the simple act of connecting to “free WiFi” into an unforgettable lesson about browser security. With a click, I could make a dozen different devices play random videos or redirect to hilarious websites, all thanks to the power of the Browser Exploitation Framework (BeEF). The platform allowed me to show, not just tell.
  • The All-Seeing Eye in the Sky: A $40 radio dongle became a live air traffic control radar for the Des Moines area. Icons of real aircraft filled a map on every screen in the room, demonstrating that the air around us is overflowing with data just waiting to be seen.
  • The Ghosts in the Airwaves: We exposed the “digital ghosts” our phones leave behind, showing how they constantly broadcast the names of every WiFi network they’ve ever known. It was a visceral demonstration of digital privacy (or the lack thereof), made possible by a Flipper Zero and my custom presentation platform.

These demos were the show, but they were only possible because of the powerful, automated nerve center running behind the scenes.

Act II: The Nerve Center – The “How”

The demos were the show, but the platform was the magic. Pulling this off required a robust, portable, and fully automated technical backbone. This was the true challenge and the most rewarding part of the build. My goal was a “rip and replace” philosophy: the laptops were disposable cattle, not precious pets. Any old machine could be transformed into a part of the fleet in minutes.

From Zero to Hero: The 5-Minute Laptop Transformation

I started with a pile of assorted, dusty laptops—old Dells, forgotten ThinkPads, a random Asus. These were perfect. The philosophy was to use cheap, available hardware to create something powerful and ephemeral.

Manually configuring each one would have taken days. Instead, I used Ansible.

I created an idempotent master playbook, a digital blueprint that could turn a fresh Kubuntu installation into a hardened, fully-featured “Hacker Kiosk” in under five minutes. I could have cranked out 20 of them in an afternoon.

Running a single command would trigger a flurry of automated activity:

ansible-playbook provision.yml --limit new-laptop
  • User Provisioning: Create dedicated user accounts (hacker for participants, jd_ansible for remote management).
  • Tool Installation: Silently install a suite of security tools via apt—Wireshark, nmap, hashcat, aircrack-ng—the works.
  • Kiosk Mode: Configure the display manager (SDDM) to auto-login the hacker user and immediately launch a full-screen, locked-down Chrome browser. No desktop, no distractions.
  • Agent Deployment: Install and enable a custom systemd service for the C2 agent, ensuring it started on boot and would report in automatically.
  • Theming & Polish: Deploy custom “hacker” desktop themes, Konsole profiles (green-on-black, of course), and desktop shortcuts for the few times we’d break out of kiosk mode.

The process was brutally efficient. A laptop would go from a blank OS to a mission-ready state faster than it took to brew a cup of coffee. If a machine misbehaved or a participant broke something? No problem. Wipe it, re-run the playbook, and it was back in the fleet, identical to its siblings.

The Puppet Master: Wielding the C2 System

With a provisioned fleet, the next challenge was orchestration. In a temporary, dynamic network environment, how do you control a dozen laptops at once without knowing their IP addresses?

My solution was to build a lightweight, custom Command & Control (C2) server.

  • The Brain: A Python Flask application, running on a dedicated admin laptop, served as the central registry. It exposed a simple API for device registration and queries.
  • The Agent: A simple bash script, deployed by Ansible, ran as a systemd service on each kiosk. Every 60 seconds, it would phone home, POSTing its hostname and current IP address to the C2 server’s /register endpoint.
  • The Controller: This is where the power lay. I wrote a master control script on my presenter machine, hackerlab-ctl, that acted as my remote. It became my scepter, allowing me to conduct the entire room like a digital orchestra from a single terminal.

With simple commands, I was a puppet master:

# Target a single laptop and switch its screen to a slick, Matrix-style standby page.
hl-standby Pwn3dUser

# Instantly command the *entire fleet* to display a live VDO.Ninja stream of my presenter screen.
hl-present-all

# Direct every single browser in the room to the live voting page.
hl-url-all https://hackerlab.thedelay.com/vote

# A kill switch. Reboot every machine simultaneously.
hl-reboot-all

If a kiosk was rebooted and got a new DHCP lease, it didn’t matter. Within 60 seconds, its agent would check in, and the C2 server would update its registry. The hackerlab-ctl script always had fresh intel. It was a resilient, self-healing system that made managing the chaotic reality of a live demo environment feel effortless and incredibly powerful.

The Umbilical Cord: Networking in the Field

The entire pop-up network ran off a GL.iNet travel router. This little box did double duty: it provided local DHCP for the kiosks while establishing a persistent WireGuard VPN tunnel back to my homelab’s UniFi Dream Machine. This gave me a secure, stable connection to my home infrastructure, allowing me to run the resource-intensive BeEF server and the PostgreSQL-backed showcase application from the reliability and power of my own servers, no matter where I was in the world.

Act III: The Main Stage – The Showcase App

The centerpiece of the entire experience was the web application I built, which served as the “Jumbotron” for our little conference. Accessible to everyone on the local network, it was far more than a simple dashboard.

Built on a PostgreSQL backend with a Flask and Socket.IO frontend, the app featured:

  • Auto-Rotating Scenes: The display cycled through various “scenes”—the live dashboard, the BeEF counter, demo carousels—on a 60-second timer, keeping the content fresh and dynamic.
  • Live Analytics: Every vote and interaction was logged, providing real data on what the audience found most engaging.
  • Presenter Controls: A hidden /presenter URL gave me full control to pause the rotation, skip to specific scenes, and trigger events with keyboard shortcuts.

The Audience Engagement Engine: A Voting System with a Purpose

The feature that truly transformed the event from a lecture into an interactive show was the live voting system.

Accessible via a QR code or a simple URL (hackerlab.thedelay.com/vote), my family could use their phones to vote on what they wanted to see. The showcase app displayed the results in real-time with animated bar graphs.

This wasn’t just a gimmick. It was a powerful storytelling device. It allowed me to:

  1. Create a “Choose Your Own Adventure”: Instead of rigidly following a script, I could let the audience’s curiosity guide the demos. It gave them agency.
  2. Generate Excitement: As votes came in and the bars animated, it created a sense of shared experience and friendly competition.
  3. Gather Real-Time Feedback: It was instant market research. The runaway winner? The “Browser Takeover” demo. People wanted to see the hack that felt most personal.

The Payoff

The Hacker B&B was a resounding success. The “holy shit” criterion was met multiple times over. The RF expert and I had deep-dive conversations about SDRs. Folks spent hours just watching planes land at DSM on the aircraft tracker. My non-technical family members left with a new, tangible understanding of digital security.

And most importantly, it was fun. It was a nerdy, ambitious, and deeply engaging way to share my passion with the people I care about.

Explore it Yourself

The project continues to evolve. I’ve since expanded the showcase application and added even more lab details. You can see the live version today:

View The Showcase Vote on Demos

This project was a powerful reminder that a homelab isn’t just for hosting services—it’s a launchpad for creating experiences. What will you build?

Similar Posts

One Comment

  1. Pingback: The Bulletproof Kiosk

Leave a Reply

Your email address will not be published. Required fields are marked *