Search icon Close icon
Search icon
0
Cart icon
Close icon
You have no products in your basket yet
Arrow left icon
All Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Newsletters
Free Learning
Arrow right icon
Penetration Testing with Raspberry PI
Penetration Testing with Raspberry PI

Penetration Testing with Raspberry PI: Construct a hacking arsenal for penetration testers or hacking enthusiasts using Kali Linux on a Raspberry Pi

€19.99 €13.98
Book Jan 2015 208 pages 1st Edition
eBook
€19.99 €13.98
Print
€24.99
Subscription
€14.99 Monthly
eBook
€19.99 €13.98
Print
€24.99
Subscription
€14.99 Monthly

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Jan 27, 2015
Length 208 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781784396435
Category :
Security
Concepts :
Penetration Testing
Tools :
Raspberry Pi (Beginner)
Table of content icon View table of contents Preview book icon Preview Book

Penetration Testing with Raspberry PI

Chapter 1. Raspberry Pi and Kali Linux Basics

Kali Linux is one of the most popular penetration testing platforms used by security professionals, hackers, and researchers around the world for security and vulnerability assessment, attack research, and risk testing. Kali Linux offers a wide variety of popular open source tools that can be used in all aspects of penetration testing. Kali Linux has evolved from BackTrack 5 R3 into a model of a complete desktop OS.

The Raspberry Pi is an extremely low-cost computer that plugs into a monitor using High Definition Multimedia Interface (HDMI) and uses your own USB keyboard and mouse. Many computer experts remember the days when computers would not just turn on and begin to operate; you had to actually do something with them. Raspberry Pi provides an environment to learn computing and programming at an extremely affordable price. People have used the portability and low cost of the device to build learning devices, remote cameras, security systems, earthquake detectors, and many other projects.

In this chapter, we will cover the following topics:

  • Purchasing and assembling a Raspberry Pi

  • Installing Kali Linux

  • Combining Kali Linux and Raspberry Pi

  • Cloning the Raspberry Pi SD card

  • Avoiding common problems

Purchasing a Raspberry Pi

In this book, we chose the Raspberry Pi Model B+. You won't find any major differences if you are using another model; however, you may need to tune some things to work with your particular configuration.

The following figure shows a Raspberry Pi Model B+ and highlights the differences between Model B and Model B+:

Some key benefits of Model B+ as compared to the previous generations are as follows:

  • More USB ports

  • Better hotplug capability

  • New Ethernet port with active lights

  • Support for 40-pin General-Purpose Input/Output (GPIO) header

  • A microSD card on the back apposed to a full-size SD card

  • Lower power requirements

There are some available Raspberry Pi bundles such as the Raspberry Pi Ultimate Kit, which at the time of writing this book was available for $79.99 in US from www.amazon.com. This kit provides a Raspberry Pi Model B+, case, power adapter, and Wi-Fi dongle. You can also find the basic B+ model that does not include the power adapter, SD card, and so on. This means that you can just get the chipboard for around $40 on www.amazon.com. Some tasks, such as wire tapping, may require a second Ethernet port, but the Raspberry Pi by default only offers one Ethernet port.

You can purchase a USB to Ethernet adapter for around $11.00 to meet this purpose. Also, many kits do not include an SD adapter for most computer readers. For example, portable MacBook Pro computers offer an SD port; however, you will need to pick up a microSD adapter for under $10 to be able to format the Raspberry Pi microSD card. For wireless penetration testing, you will need a USB to wireless adapter that can be purchased for around $10. Overall, most Raspberry Pi components are inexpensive, keeping the total project cost for most systems between $50 – $100.

The following image shows an example of an unboxed Raspberry Pi chipboard:

The following image contains an example of a Raspberry Pi bundle that is sold on eBay:

The following image is an example of a USB to Ethernet adapter:

The following image is an example of a microSD to SD adapter:

The following image is an example of a USB to Wi-Fi adapter:

The CanaKit Wi-Fi adapter is good for the Raspberry Pi because of it's size, portability, and compatibility.

In this book, we will explore how to use Raspberry Pi as a remote penetration testing agent, and use its wireless features to connect back to central management systems. It is most likely that you will need the components mentioned previously at some point as you become more familiar and comfortable with the Raspberry Pi using Kali Linux or other penetration testing applications.

Here is a summary list of the cost to build a Raspberry Pi for a penetration test:

  • Raspberry Pi B+ Model ranges between $35 and $45

  • USB to wireless adapter ranges between $10 and $20

  • USB to Ethernet adapter ranges between $10 and $20

  • SD to microSD converter with microSD card ranges between $10 and $20

  • Power adapter ranges between $5 and $10

  • USB power supply for mobile penetration testing ranges between $10 and $20

Starter kit bundles can range from $60 to $90 depending on what is included in them.

Tip

This list doesn't include an HDMI-capable monitor, a USB keyboard, and a USB mouse that are typically needed to build a startup image.

Assembling a Raspberry Pi

A Raspberry Pi is typically just a chipboard with exposed circuits. Most people want to protect their investment as well as conceal their Raspberry Pi at a target location using a case. The majority of Raspberry Pi cases are designed to either pop in the circuit board or slip between wedges designed to hold the Pi in place. Once your Raspberry Pi is seated properly, most cases have a cover to seal the Pi while exposing the input ports.

The next step for assembly is to attach the input and output devices such as keyboard, wireless adapter, and mouse. The Raspberry Pi Model B+ offers four USB input ports for this purpose. There is also an HDMI output that is used to connect it to a monitor. For power, the Raspberry Pi uses 5 V micro USB power that can come from a USB hub, power adapter, or such other devices. The brain for the Raspberry Pi is the software installed on the microSD card; however, we need to first install the Kali Linux image on it before inserting it into the Raspberry Pi.

Note

Some Raspberry Pi microSD cards come with preinstalled software. It is recommended to clone this software prior to formatting the microSD card for Kali Linux so that you have a backup copy of the factory-installed software. The process to clone your microSD card will be covered later in this chapter.

Preparing a microSD card

Now that your Raspberry Pi is assembled, we need to install Kali Linux. Most computers do not have microSD ports; however, many systems such as Apple MacBooks offer an SD input port. If your system does not have an SD port, external USB-based SD and microSD adapters are also available that are very cheap. For my example, I'll be using a MacBook that has an SD drive and a microSD adapter to allow me to format my Raspberry Pi microSD card.

Tip

Your Raspberry Pi microSD card should have a minimum size of 8 GB to run Kali Linux properly. You also need to make sure that the microSD card is a high performance card. We recommend a minimum of a class 10 card for most projects.

The following image shows a class 10 Kingston 8 GB microSD card:

Once you have found a way to use your microSD card in your computer, you will need to format the card. A free utility is available from the SD Association at www.sdcard.org, as shown in the following screenshot:

This utility will allow you to format your card properly. You can download it using the following steps:

  1. Go to https://www.sdcard.org/home/ through your web browser.

  2. On the left-hand side menu bar, select Downloads.

  3. Then, select SD Card Formatter 4.0.

  4. Then, select your platform. A Mac and a Windows version is available.

  5. Finally, accept the End User License Agreement, download the software, and install it.

Once you have downloaded and inserted your SD card, launch the SD Card Formatter application. Make sure that you select the correct media, and when it is ready, click on the Format button. This will erase all the information on the SD card and prepare it for your Kali Linux installation.

Make sure that you format the right drive or you could erase data from another source.

Tip

Make sure to make a backup copy of the existing image before formatting your microSD card to avoid the loss of default software or other data. Cloning a microSD card is covered later in this chapter.

The following screenshot shows the launch of the SDFormatter application:

If you are an Apple user, you can use the Disk Utility by clicking on Finder and typing Disk Utility. If your microSD card is seated properly, you should see it as a Drive option. Click on the microSD card and select the second tab in the center called Erase. We recommend that you use MS-DOS (FAT) for the Format. You won't need to name your microSD card, so leave Name blank. Next, click on the Erase... button to format it.

The following screenshot shows the launch of the Disk Utility:

Installing Kali Linux

You are now ready to download Kali Linux on your Raspberry Pi. By default, the Kali Linux installation for the Raspberry Pi is optimized for the memory and ARM processor of the Pi device. We have found that this works fine for specific penetration objectives. If you attempt to add too many tools or functions, you will find that the performance of the device leaves a lot to be desired, and it may become unusable for anything outside a lab environment. A full installation of Kali Linux is possible on Raspberry Pi using the Kali Linux metapackages, which are beyond the scope of this book. For use cases that require a full installation of Kali Linux, we recommend you use a more powerful system.

To install Kali Linux on Raspberry Pi, you will need to download the custom Raspberry Pi image from Offensive Security. You can do this from http://www.offensive-security.com/kali-linux-vmware-arm-image-download/.

The following image shows the Kali Linux Custom ARM Images available for download:

Tip

The best practice is to compute and compare the SHA1SUM hash of the image to verify it has not been tampered with prior to installation.

Once the image is downloaded, you will need to write it to the microSD card. If you are using a Linux or Mac platform, you can use the dd built-in utility from the command line. If you are using a Windows system, you can use the Win32 Disk Imager utility.

The Win32 Disk Imager utility is a free tool that is used to write raw images onto SD/microSD cards.If you are using a USB adapter for your microSD card, you might face difficulty in getting the tool to work properly since some people have reported this problem.

You can download the Win32 Disk Imager utility from http://sourceforge.net/projects/win32diskimager/.

Once the tool is downloaded, you simply need to select the image file and your removable media to start the image writing process. This process can take a while to complete. On our systems, it took almost 30 minutes to complete.

You are now ready to install the Kali Linux image that you downloaded earlier. Uncompress the archive onto your desktop. You can use a utility such as 7-Zip to uncompress the archive.

The following screenshot shows the Win32 Disk Imager utility:

If you are using a Mac platform, the first step is to determine from where the operating system is reading your SD card. You can do this from the terminal by issuing the diskutil list command as shown in the following screenshot:

You can see from the screenshot that my SD card is listed as disk1. You can also see that I have existing partitions on the microSD card. This indicates that I did not format my media. You should go back to the beginning of this chapter and ensure that you have formatted your media before you continue further.

Although I prefer to use the SD Card Formatter application described earlier, you can also format the SD card directly from the command line on your Mac using the following steps:

  1. First, you will need to unmount your SD card by issuing the diskutil unmountDisk /dev/disk1 command.

  2. You can now format the SD card by issuing the sudo newfs_msdos -F 16 /dev/disk1 command. (Make sure you select the correct disk. Failure to do so could result in catastrophic consequences.)

    Tip

    It is highly recommended that you use a partition tool and clear out any partition before formatting.

  3. You will be asked to enter your Mac OS System/Administrator password.

Tip

I have used disk1 in the commands that require an SD card number, as my SD card was assigned as disk1 automatically by my operating system. Your operating system might assign a different disk number to your SD card. Make sure to include your disk number when you issue the commands.

Formatting your SD card before copying the image is considered to be the best practice. One thing to note is that we will be using the dd command, meaning it is not required to format your SD card since the dd command performs a bit-by-bit copy from the image to the SD card. Formatting is recommended to prevent other errors and anomalies.

You are now ready to install the Kali Linux image that you downloaded earlier. Now, uncompress the archive onto your desktop. You can use a utility such as The Unarchiver or Keka for Mac to uncompress the archive.

Then, determine the name of your uncompressed image. In my example, the name of my uncompressed image is kali-1.0.9-rpi.img. You will once again need to identify how the system sees your SD card. You can do this again by issuing the diskutil list command.

You can create and install the image by issuing the following command (you may be asked for your Mac OS System/Administrator password again):

sudo dd if=~/Desktop/kali-1.0.9-rpi.img of=/dev/disk1

The following image shows the launch of the previous command:

The command prompt will freeze while the image is written to the microSD card. Sit back and relax as the process can take some time. On my system, it took over 30 minutes to complete.

Tip

You can see how far the dd process has progressed by pressing Ctrl + T and sending the SIGINFO command to the running process.

The following image shows the frozen command prompt when the image is being written to the microSD card:

Note

You may experience a permission denied error when you write the image to the microSD card on OS X systems if you do not include the sudo command. If you use a variation of this command, make sure the sudo command applies to the entire command by using brackets or you may still get this error.

Once you have completed the installation of the image, simply insert the microSD card into your Raspberry Pi and boot the system by plugging in its power source. Booting the system can take up to 5 minutes. You will be able to log in to the system using root as the username and toor as the password. If you wish to start the graphical environment, simply type startx in the terminal. Congratulations! You now have a working Kali system on your Raspberry Pi.

Note

The system can take some time to boot. The Raspberry Pi supports the Graphical User Interface (GUI) and you can invoke it using the startx command. However, we recommend that you only use the command line on the Raspberry Pi. If you issue the startx command, the GUI can take up to 20 minutes to load and possibly act very slow or unresponsive.

Combining Kali Linux and Raspberry Pi

The Kali Linux Raspberry Pi image is optimized for the Raspberry Pi. When you boot up your Raspberry Pi with your Kali Linux image, you will need to use root as the username and toor as the password to log in. We recommend you immediately issue the passwd command once you log in to change the default password. Most attackers know the Kali Linux default login, so it is wise to protect your Raspberry Pi from unwanted outside access.

The following screenshot shows the launch of the passwd command to reset the default password:

When you issue the startx command, your screen might go blank for a few minutes. This is normal. When your X Windows (GUI) desktop loads, it will ask you whether you would like to use the default workspace or a blank one. Select the default workspace. After you make your selection, the desktop might attempt to reload or redraw. It may be a few minutes before it is fully loaded.

The following screenshot shows the launch of the startx command:

The first thing that you need to do is upgrade the OS and packages. The upgrade process can take some time and will show its status during the process. Next, you need to make sure you upgrade the system within the X Windows (GUI) environment. Many users have reported that components are not fully upgraded unless they are in the X Windows environment. Access the X Windows environment using the startx command prior to launching the apt-get upgrade command.

The following screenshot shows the launch of the apt-get update command:

The following screenshot shows the launch of the apt-get upgrade command:

Here are the steps you need to follow to open the Kali Linux GUI:

  1. Ensure you are in the X Windows desktop (using startx).

  2. Open a terminal command.

  3. Enter the apt-get update command.

  4. Enter the apt-get upgrade command.

  5. Enter the sync command.

  6. Enter the sync command.

  7. Enter the reboot command.

After you have upgraded your system, issue the sync command (as a personal preference, we issue this command twice). Reboot the system by issuing the reboot command. In a few minutes, your system should reboot and allow you to log back into the system. Issue the startx command to open the Kali Linux GUI.

The following screenshot shows the launch of the sync and reboot commands:

You will need to upgrade your systems using the apt-get update and apt-get upgrade commands within the X Windows (GUI) environment. Failure to do so may cause your X Windows environment to become unstable.

At this point, you are ready to start your penetration exercise with your Raspberry Pi running Kali Linux.

Pros and cons of the Raspberry Pi

As stated in various parts of this book, the Raspberry Pi is designed to be an inexpensive computing option designed for various purposes. Inexpensive systems offer limited computing power, so one major drawback when using a Raspberry Pi for any type of penetration testing is its lack of power to run resource-intensive tasks. For this reason, it's highly recommended that use a Raspberry Pi for specific tasks rather than a go-to attack arsenal, as a full-blown Kali Linux installation offers many more tools over the limited Kali Linux ARM architecture.

The following two screenshots show the difference between the options available for one toolset category in the Kali Linux ARM architecture and a full-blown Kali Linux installation. We also found that some of the tools in the Kali Linux ARM do not function properly when they are run from the GUI, or they just failed in general. You will find more reliable tools in a full-blown installation of Kali Linux on a more powerful system than a Raspberry Pi. Here is the Kali Linux ARM screenshot showing Live Host Identification tools, which are ncat and nmap:

Here are the tool options for the same Live Host Identification category found in a full-blown installation of Kali Linux. As you can see in the following screenshot, a lot more options are offered:

Raspberry Pi penetration testing use cases

There are use cases for leveraging a Raspberry Pi outside of its "cool" factor. The first use case is delivering low-cost, remote penetration testing nodes to hard-to-reach locations. An example of this is when you offer penetration testing services to branch offices in China, UK, and Australia with limited bandwidth across sites. Rather than flying to each location, you can charge your customer the cost to build a Raspberry Pi and ship out each box to a location. You can have a local person plug in the Raspberry Pi as a network tap and perform the penetration test remotely, thereby dramatically saving in travel and hardware costs. In most cases, you can probably let the customer remove and keep the Raspberry Pi after the penetration test due to its low cost. You would have saved a customer thousands of dollars using this method as an alterative to enterprise cloud scanning tools that on a average have a much higher cost associated per location.

Another use case is abusing the average user's trust by physically accessing a target's location by claiming to be an IT or phone support representative doing maintenance. The Raspberry Pi chipboard can be hidden in any official looking hardware such as gutting a Cisco switch, hub, and so on, and placing the Raspberry Pi in one port. The average user wouldn't question a network box that looks like it belongs there.

In both these use cases, the major selling point is the Raspberry Pi's low cost, which means that losing a system won't break the bank. Also, both the use cases showcase the Raspberry Pi's value of being very mobile due to its small form. So, the Raspberry Pi makes a great alternative to more expensive remote penetration toolsets such as the ones offered by PWNIE Express (we are not saying that the PWNIE Express tools are not cool or desirable, but they will cost you a lot more than the Raspberry Pi approach). Speaking of which, you can run a light version of the PWNIE Express software on a Raspberry Pi as well, which is touched upon at the end of this book.

A common reason to consider a Raspberry Pi is its flexibility of design, its software, and its online community. There are thousands of websites dedicated to using the Raspberry Pi for various types of use cases. So, if you run into a snag, you are most likely to find a solution on Google. There are many options for operating systems and pretty much everything seems to be open source. This makes requirements for many design requests possible, such as the need to develop a large amount of affordable systems for mobile classrooms.

With a Raspberry Pi, the possibilities are endless. Regarding penetration testing, Kali Linux offers pretty much everything you would need for a basic exercise. The Kali Linux ARM is limited; however, you can always use apt-get to download any missing tools to meet your requirements for a penetration testing exercise as long as the tool doesn't require massive computing power. We will be covering how to download missing tools later in the book. So, go shell out $50 – $100 on a Raspberry Pi and check out the online communities for more information on how you can take your Raspberry Pi to the next level.

Cloning the Raspberry Pi SD card

It is recommended that you back up the original system software that came with your Raspberry Pi prior to formatting it for a Kali Linux installation. Most Raspberry Pi microSD cards come with a form of New Out of the Box Software (NOOBS) that contains various operating system options from which you can select your primary operating system. If you already erased your microSD card, you can download the NOOBS software from http://www.raspberrypi.org/downloads/.

The cloning process for your SD card is very simple. Many Windows utilities such as Win32 Disk Imager, which was covered earlier in the chapter, will make an exact copy of the SD card. On a Mac, open a command prompt to identify your SD card and type the diskutil list command:

In the preceding screenshot, my microSD card is /dev/disk1. On your system, your microSD card might be different; so, make sure to verify it. I can clone my card by creating a disk image and saving it to the desktop. I will issue the following command:

sudo dd if=/dev/disk1 of=~/Desktop/raspberrypi.dmg

The following screenshot shows how I had to enter my password before the command would execute:

The process can take up to 30 minutes to clone an SD card. The speed of creating the image will depend on the size and speed of the microSD card, the amount of data on it, and the speed of your computer. In other words, be patient and let it copy.

Note

You may experience a permission denied error when you write the image to the microSD card on OS X systems if you do not include the sudo command. If you use a variation of this command, make sure the sudo command applies to the entire command by using brackets or you may still get this error.

Avoiding common problems

One of the worst things is following the directions from a book and running into an error during the process. We have imaged multiple Raspberry Pi systems and at times experienced interesting and sometimes unpleasant behaviors. Here are some problems that we ran into with their suggested workarounds: hopefully, this saves you the time we spent banging our heads against the wall.

  • Power issues: We attempted to use small USB keychain power adapters that had 5 V micro USB power to make our system very portable. Sometimes these worked and sometimes they just showed that the Raspberry Pi was powered but the system didn't boot. Make sure to test this because sometimes you might find certain power adapters that don't work. Most Raspberry Pi systems have lights on the side, showing red for power and yellow for when it is operating properly. Check the manufacture website of your model for more details.

  • MicroSD card reading issues: We heard that some people's microSD card readers didn't identify the SD card once it was inserted into their systems. Some Mac users claimed that they had to "blow into the SD reader hole", while others found that they had to use an external reader to get the microSD card to be recognized by the system. We recommend that you try another system. If you are purchasing a microSD converter, make sure that the seller has listed it as being Raspberry Pi microSD compatible. An external microSD reader shouldn't cost more than $10. You can also follow the troubleshooting steps that are available at http://elinux.org/R-Pi_Troubleshooting.

    If you find that your Raspberry Pi isn't working once you install an image to the microSD card, verify whether the microSD card is inserted properly. You should hear a slight click sound and it should pop in and out with the help of a spring-like support. If it doesn't seem like it's sliding in properly, the microSD card is probably upside down or it is the wrong type of card. If you insert the microSD card properly and nothing happens once the system is powered up, make sure you are using the correct power. The next problem could be that the image wasn't installed properly. We found that some people had their computers go to sleep mode during the dd process causing only part of the Kali Linux image to copy over. Make sure that you verify whether the image is copied over properly. Also, verify whether the image that you downloaded is authentic. Offensive Security includes SHA1SUM, which is used to verify whether your image has been tampered with. Another issue could be the way you uncompressed the tar file. Make sure that you use a valid method or the image file could become corrupted. If you notice that the image is booting, watch the boot sequence for error messages before the command prompt becomes available.

  • Permission denied: Many Mac users found they didn't have the proper permissions to run the dd command. This could be caused by a few things. First, make sure that your microSD card or SD adapter doesn't have a protection mode that is physically set. Next, make sure the reader and the adapter are working properly. There have been reports that MAC users have had to "blow into the SD reader" to clear the dust and get it to function properly. Make sure that you use the sudo command for the entire statement as stated in the previous warnings. If the error continues, try an external microSD reader as your current one may permit formatting but have problems with the dd command.

  • Blank screen after startx: If you access the command line and type startx, you should see the Raspberry Pi start the Kali Linux GUI. This may take a few minutes to start depending on the size and speed of your Raspberry Pi as well as what you have installed. If you have too many applications installed that boggle your system, you may find that they overwhelm your Raspberry Pi and freeze the GUI. As stated earlier, we highly recommend using a Raspberry Pi for targeted penetration goals with limited functions rather than loading it with more tools than necessary. There are many other systems that are more powerful and should be considered over a Raspberry Pi if your mission requires heavy processing power or a full-blown version of Kali Linux. Also, we find that many applications run better using the command line rather than launching them from the GUI. It is recommended to use Kali Linux from the command line whenever possible.

  • Blank screen with working mouse after startx: We ran into this problem after we accessed the Kali Linux GUI, ran apt-get update from a terminal window, and rebooted the system. On the second boot, we ran startx and found that the system seemed to boot properly; however, we were stuck with a blank screen and a working mouse. If we had an open web browser prior to shutting the system down, that browser would also appear; however, if we had closed it, then we would have nothing but a mouse scrolling over a blank screen. Sometimes our Raspberry Pi did this after the second startx boot even if we didn't perform the update.

    This problem is caused by some files that don't update properly while running apt-get update, and this causes problems with the display adapter or just a general issue with the version of Kali Linux that you have installed. There are two possible workarounds for this.

    You most likely ran the apt-get update and apt-get upgrade commands outside the X Windows environment. Therefore, you will need to reimage and run your microSD card with a fresh version of Kali Linux, run apt-get update and then apt-get upgrade within the X Windows environment, and then sync and reboot your system. Follow these exact steps to avoid the problem.

    The second workaround is to reimage your microSD card with a fresh version of Kali Linux and not run the apt-get update command. I know this, but some people will spend two weeks troubleshooting when they could have spent 30 minutes reimaging and moving on. Keep in mind that you may run into the blank screen with operating mouse problem regardless, so it is recommended to follow the update and upgrade procedure provided in this book prior to using Kali Linux on your Raspberry Pi.

  • Kali Linux programs not found in GUI: We found that some versions of the Kali Linux ARM image for Raspberry Pi would boot up properly, launch the GUI once we entered startx, but would not display the Kali Linux tools under the applications drop-down menu once the GUI was done loading. This is a similar problem to the display issue explained earlier, which means that it can be fixed by performing the apt-get update and apt-get upgrade steps explained in this book that tell you what to do once you log into the GUI for the first time. The update and upgrade process should install and upgrade any corrupt files that are causing this problem. We once found that after going through the recommended update and upgrade process, the Kali Linux software appeared under the applications menu upon successfully upgrading and rebooting the system.

Tip

A great resource for troubleshooting problems is http://elinux.org/R-Pi_Troubleshooting.

Summary

In this chapter, we covered options for purchasing hardware and how to assemble a Raspberry Pi. We discussed recommended hardware accessories such as microSD cards and Wi-Fi adapters so that you are able to complete the steps given in this book.

Once we covered purchasing the proper hardware, we walked you through our best practice procedure for installing Kali Linux on a Raspberry Pi. This included the detailed procedure to format and upgrade Kali Linux as well as the common problems that we ran into with possible remediation tips. At the end of this chapter, you should have a fully working Kali Linux installation, updated software, and everything running on your Raspberry Pi for a basic setup.

In the next chapter, we will discuss the advantage of using a Raspberry Pi as a penetration testing platform. We will cover how to optimize Kali Linux applications for the Raspberry Pi as well as how to remotely control and manage your Raspberry Pi as a Kali Linux attack platform.

Left arrow icon

Page 1 of 8

Right arrow icon

Key benefits

What you will learn

Install and tune Kali Linux on a Raspberry Pi for hacking Use a Raspberry Pi for pentests such as breaking wireless security, scanning networks, and capturing sensitive data Perform maninthemiddle attacks and bypass SSL encryption Compromise systems using various exploits and toolkits Bypass security defenses and remove data off a target network Develop a command and control system to manage remotely placed Raspberry Pis Turn a Raspberry Pi into a honeypot to capture sensitive information Grasp professional penetration testing through proper documentation

What do you get with eBook?

Product feature icon Instant access to your Digital eBook purchase
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Buy Now

Product Details

Publication date : Jan 27, 2015
Length 208 pages
Edition : 1st Edition
Language : English
ISBN-13 : 9781784396435
Category :
Security
Concepts :
Penetration Testing
Tools :
Raspberry Pi (Beginner)

Table of Contents

14 Chapters
Penetration Testing with Raspberry Pi Chevron down icon Chevron up icon
Penetration Testing with Raspberry Pi
Credits Chevron down icon Chevron up icon
Credits
About the Authors Chevron down icon Chevron up icon
About the Authors
About the Reviewers Chevron down icon Chevron up icon
About the Reviewers
www.PacktPub.com Chevron down icon Chevron up icon
www.PacktPub.com
Disclaimer Chevron down icon Chevron up icon
Disclaimer
Preface Chevron down icon Chevron up icon
Preface
Raspberry Pi and Kali Linux Basics Chevron down icon Chevron up icon
Raspberry Pi and Kali Linux Basics
Purchasing a Raspberry Pi
Assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
Summary
Preparing the Raspberry Pi Chevron down icon Chevron up icon
Preparing the Raspberry Pi
Raspberry Pi use cases
The Command and Control server
Preparing for a penetration test
Overclocking
Setting up wireless cards
Setting up a 3G USB modem with Kali Linux
Setting up the SSH service
SSH default keys and management
Reverse shell through SSH
Stunnel
Installing a Stunnel client
Wrapping it up with an example
Summary
Penetration Testing Chevron down icon Chevron up icon
Penetration Testing
Network scanning
Cracking WPA/WPA2
Getting data to the Pi
Driftnet
Tuning your network capture
Scripting tcpdump for future access
Beating HTTPS with SSLstrip
Summary
Raspberry Pi Attacks Chevron down icon Chevron up icon
Raspberry Pi Attacks
Exploiting a target
Metasploit
Social engineering
Phishing with BeEF
Rogue access honeypots
Summary
Ending the Penetration Test Chevron down icon Chevron up icon
Ending the Penetration Test
Covering your tracks
Masking your network footprint
Developing reports
Summary
Other Raspberry Pi Projects Chevron down icon Chevron up icon
Other Raspberry Pi Projects
PwnPi
Raspberry Pwn
PwnBerry Pi
Defending your network
Running Raspberry Pi on your PC with QEMU emulator
Other Raspberry Pi uses
More uses
Summary
Index Chevron down icon Chevron up icon
Index

Recommendations for you

Left arrow icon
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Microsoft Defender for Endpoint in Depth: Take any organization's endpoint security to the next level
Mar 2023 362
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
CompTIA Security+: SY0-601 Certification Guide: Complete coverage of the new CompTIA Security+ (SY0-601) exam to help you pass on the first attempt, Second Edition
Dec 2020 550
ebook
eBook
  • ebook eBook $16.99
  • print Print $30.99
$16.99 $24.99
$30.99
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Mastering Linux Security and Hardening: A practical guide to protecting your Linux system from cyber attacks, Third Edition
Feb 2023 618
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Effective Threat Investigation for SOC Analysts: The ultimate guide to examining various threats and attacker techniques using security logs
Aug 2023 314
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Keycloak - Identity and Access Management for Modern Applications: Harness the power of Keycloak, OpenID Connect, and OAuth 2.0 to secure applications, Second Edition
Jul 2023 350
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Practical Threat Detection Engineering: A hands-on guide to planning, developing, and validating detection capabilities
Jul 2023 328
ebook
eBook
  • ebook eBook $32.99
  • print Print $59.99
$32.99 $47.99
$59.99
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Mastering Microsoft 365 Defender: Implement Microsoft Defender for Endpoint, Identity, Cloud Apps, and Office 365 and respond to threats
Jul 2023 572
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam
Mar 2022 654
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $44.99
$27.98 $39.99
$49.99
$44.99
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
Mastering Windows Server 2022: Comprehensive administration of your Windows Server environment, Fourth Edition
May 2023 720
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
$27.98 $39.99
$49.99
Right arrow icon

Customer reviews

Filter icon Filter
Top Reviews
  • Top Reviews
  • Most Recent
Rating distribution
Empty star icon Empty star icon Empty star icon Empty star icon Empty star icon 0
(0 Ratings)
5 star 0%
4 star 0%
3 star 0%
2 star 0%
1 star 0%

Filter reviews by

No reviews found

People who bought this also bought

Left arrow icon
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Privilege Escalation Techniques: Learn the art of exploiting Windows and Linux systems
Nov 2021 340
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
The Ultimate Kali Linux Book: Perform advanced penetration testing using Nmap, Metasploit, Aircrack-ng, and Empire, Second Edition
Feb 2022 742
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
  • audiobook Audiobook $45.99
$29.99 $43.99
$54.99
$45.99
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Cybersecurity – Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system, Third Edition
Sep 2022 570
ebook
eBook
  • ebook eBook $22.99
  • print Print $41.99
$22.99 $33.99
$41.99
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Mastering Windows Security and Hardening: Secure and protect your Windows environment from cyber threats using zero-trust security principles, Second Edition
Aug 2022 816
ebook
eBook
  • ebook eBook $29.99
  • print Print $54.99
$29.99 $43.99
$54.99
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Cybersecurity Career Master Plan: Proven techniques and effective tips to help you advance in your cybersecurity career
Sep 2021 280
ebook
eBook
  • ebook eBook $27.98
  • print Print $49.99
  • audiobook Audiobook $32.99
$27.98 $39.99
$49.99
$32.99
Pentesting Web Applications: Testing real time web apps [Video]
Pentesting Web Applications: Testing real time web apps [Video]
Nov 2017
video
Video
  • video Video $130.99
$130.99
Right arrow icon

Authors (3)

Left arrow icon
Profile icon Aamir Lakhani
LinkedIn
Aamir Lakhani is a leading cyber security architect, senior strategist, and researcher. He is responsible for providing IT security solutions to major commercial and federal enterprise organizations. Lakhani leads projects that implement security postures for Fortune 500 companies, government organizations, major healthcare providers, educational institutions, and financial and media organizations. Lakhani has designed offensive counter-defense measures, and has assisted organizations in defending themselves from active strike-back attacks perpetrated by underground cyber groups. Lakhani is considered an industry leader in support of detailed architectural engagements and projects on topics related to cyber defense, mobile application threats, malware, advanced persistent threat (APT) research, and Dark Security. Lakhani is the author and contributor of several books that include Web Penetration Testing with Kali Linux and XenMobile MDM, both by Packt Publishing, and he has appeared on National Public Radio as an expert on cyber security. Lakhani runs the blog DrChaos.com, which was ranked as a leading source for cyber security by FedTech Magazine. He has been named one of the top personalities to follow on social media, ranked highly as leader in his field, and he continues to dedicate his career to cyber security, research, and education.
Read more
See other products by Aamir Lakhani
Profile icon Joseph Muniz
Joseph Muniz is a technical solutions architect and security researcher. He started his career in software development and later managed networks as a contracted technical resource. Joseph moved into consulting and found a passion for security while meeting with a variety of customers. He has been involved with the design and implementation of multiple projects ranging from Fortune 500 corporations to large federal networks. Joseph runs TheSecurityBlogger.com website, a popular resources regarding security and product implementation. You can also find Joseph speaking at live events as well as involved with other publications. Recent events include speaker for Social Media Deception at the 2013 ASIS International conference, speaker for Eliminate Network Blind Spots with Data Center Security webinar, speaker for Making Bring Your Own Device (BYOD) Work at the Government Solutions Forum, Washington DC, and an article on Compromising Passwords in PenTest Magazine - Backtrack Compendium, July 2013. Outside of work, he can be found behind turntables scratching classic vinyl or on the soccer pitch hacking away at the local club teams.
Read more
See other products by Joseph Muniz
Profile icon Joseph Muniz
Joseph Muniz is an architect at Cisco Systems and security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and US Government. Joseph's current role gives him visibility into the latest trends in cyber security both from leading vendors and customers. Examples of Joseph’s research is his RSA talk titled Social Media Deception quoted by many sources found by searching “Emily Williams Social Engineering” as well as articles in PenTest Magazine regarding various security topics. Joseph runs The Security Blogger website, a popular resource for security and product implementation. He is the author and contributor of several publications including a recent Cisco Press title focused on building a Security Operations Centers (SOC). Follow Joseph at www.thesecurityblogger.com and @SecureBlogger. Outside of work, Joseph can be found behind turntables scratching classic vinyl or on the soccer pitch hacking away at the local club teams. Publications: CCNA Cyber Ops SECOPS #210-255 Official Cert Guide (Certification Guide) – Cisco Press CCNA Cyber Ops SECFND #210-250 Official Cert Guide (Certification Guide) – Cisco Press Security Operations Center: Building, Operating, and Maintaining your SOC – Cisco Press Penetration Testing with Raspberry Pi - Packt Publishing Web Penetration Testing with Kali Linux - Packt Publishing Acknowledgements I will start by thanking Mike and Jason for taking on the daunting task of revising our book. We were extremely picky about who would work on this and it was great having our friends step up and take on this project. We feel really lucky to work with them and love what they came up with. Next I want to thank the PackT team for their work on this book. They are professional and really fun to work with. Finally I would like to give a huge thank you to my friends and family. I feel lucky to know and hang out with such great people.
Read more
See other products by Joseph Muniz
Right arrow icon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

How do I buy and download an eBook? Chevron down icon Chevron up icon

Where there is an eBook version of a title available, you can buy it from the book details for that title. Add either the standalone eBook or the eBook and print book bundle to your shopping cart. Your eBook will show in your cart as a product on its own. After completing checkout and payment in the normal way, you will receive your receipt on the screen containing a link to a personalised PDF download file. This link will remain active for 30 days. You can download backup copies of the file by logging in to your account at any time.

If you already have Adobe reader installed, then clicking on the link will download and open the PDF file directly. If you don't, then save the PDF file on your machine and download the Reader to view it.

Please Note: Packt eBooks are non-returnable and non-refundable.

Packt eBook and Licensing When you buy an eBook from Packt Publishing, completing your purchase means you accept the terms of our licence agreement. Please read the full text of the agreement. In it we have tried to balance the need for the ebook to be usable for you the reader with our needs to protect the rights of us as Publishers and of our authors. In summary, the agreement says:

  • You may make copies of your eBook for your own use onto any machine
  • You may not pass copies of the eBook on to anyone else
How can I make a purchase on your website? Chevron down icon Chevron up icon

If you want to purchase a video course, eBook or Bundle (Print+eBook) please follow below steps:

  1. Register on our website using your email address and the password.
  2. Search for the title by name or ISBN using the search option.
  3. Select the title you want to purchase.
  4. Choose the format you wish to purchase the title in; if you order the Print Book, you get a free eBook copy of the same title. 
  5. Proceed with the checkout process (payment to be made using Credit Card, Debit Cart, or PayPal)
Where can I access support around an eBook? Chevron down icon Chevron up icon
  • If you experience a problem with using or installing Adobe Reader, the contact Adobe directly.
  • To view the errata for the book, see www.packtpub.com/support and view the pages for the title you have.
  • To view your account details or to download a new copy of the book go to www.packtpub.com/account
  • To contact us directly if a problem is not resolved, use www.packtpub.com/contact-us
What eBook formats do Packt support? Chevron down icon Chevron up icon

Our eBooks are currently available in a variety of formats such as PDF and ePubs. In the future, this may well change with trends and development in technology, but please note that our PDFs are not Adobe eBook Reader format, which has greater restrictions on security.

You will need to use Adobe Reader v9 or later in order to read Packt's PDF eBooks.

What are the benefits of eBooks? Chevron down icon Chevron up icon
  • You can get the information you need immediately
  • You can easily take them with you on a laptop
  • You can download them an unlimited number of times
  • You can print them out
  • They are copy-paste enabled
  • They are searchable
  • There is no password protection
  • They are lower price than print
  • They save resources and space
What is an eBook? Chevron down icon Chevron up icon

Packt eBooks are a complete electronic version of the print edition, available in PDF and ePub formats. Every piece of content down to the page numbering is the same. Because we save the costs of printing and shipping the book to you, we are able to offer eBooks at a lower cost than print editions.

When you have purchased an eBook, simply login to your account and click on the link in Your Download Area. We recommend you saving the file to your hard drive before opening it.

For optimal viewing of our eBooks, we recommend you download and install the free Adobe Reader version 9.