In this chapter, we'll take a look at the hardware and software options available to us to build a low cost, small footprint, yet powerful penetration testing platform. We will go into some of the considerations we weighed, as well as why we chose the Raspberry Pi 3 as our hardware platform and the Kali Linux as the software distribution to build our penetration testing platform.
We will go through the steps of getting the hardware setup and the software installed so that we'll have a fully functional Raspberry Pi 3 with Kali Linux 2.0 running on it.
Most people get the operating system installed and immediately start playing around with the tools; however, we recommend not doing that. Many of the problems people experience can easily be corrected by following the setup and best practices covered in this chapter. These best practices include both pre-installation and post-installation modifications. We will go into some of the best practice tasks to be completed before we jump into the swing of things.
This chapter covers the following topics:
Hardware options and why the Pi
Software option and why Kali
Purchasing a Raspberry Pi
Assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
When researching for cheap and portable computing devices, there are many out there to choose from. This can make the process a little daunting if we don't know what we are looking for. Before we made our purchase, we started with a list of requirements that we felt were important. Some of the requirements we had when purchasing our option was the following:
Wide community support
There are very popular options out there such as, Arduino, Banana Pi, and even Intel with its newly announced Joule board. Each vendor out there is certainly a great option to use. The Intel platform is very powerful, but came in at too high a cost to justify. The Arduino certainly has a lot of community support and hardware options, but lacked some of the power we were looking for. Based on our requirements mentioned earlier, we decided to use a Raspberry Pi. It's the perfect small computer that offers a ton of flexibility, well-loved by the community with a lot of support, and definitely priced right.
This is the second edition of this book. The first edition focused on the Model B and all concepts are based on that limited performance. This edition, however, will be using a more current model of Raspberry Pi, Raspberry Pi 3, and therefore will provide more options.
Raspberry Pi has been around for some time. So if you do any research, we can see that there are multiple options out there. Here are the models to choose from:
Raspberry Pi 1 Model A+
700 Mhz ARMv6 32-bit Single Core
512 MB RAM
Raspberry Pi 1 Model B+
700 Mhz ARMv6 32-bit Single Core
512 MB RAM
Raspberry Pi 2 Model B
900 Mhz ARMv7 32-bit Quad Core
1 GB RAM
Raspberry Pi 3 Model B
2 Ghz ARMv8 64-bit Quad Core
1 GB RAM
Let's not forget about the littlest Raspberry Pi out there, the Raspberry Pi Zero. This is a very inexpensive computer, typically available for $5. The Zero was released shortly after the Raspberry Pi 2 Model B. It is great for a lot of different projects we may want to build, offering a single-core 1 GHz processor and 512 MB SDRAM, and a cheaper alternative than the Pi 2 or Pi 3 models.
We should keep in mind that the Raspberry Pi Zero is a low-powered device compared to the Pi 3, so our mileage may vary. It's definitely not a direct replacement for the Pi 3 model, especially if we're looking for more hardware resources for our project.
As the models advanced, so did the hardware. The Pi 1 and Pi 2 models are great units, and they are still perfect for embedded projects. But due to the hardware enhancements and the power of the Raspberry Pi 3, Model B was our choice for this project. We wanted to get as much power in this little form factor as possible. The more power we have at our disposal, the better we should expect the pen-testing tools will perform.
Some of the key advantages the Raspberry Pi 3 has over the Raspberry Pi 2 are as follows:
Bluetooth 4.1 Support
Bluetooth Low Energy (BLE)
2 GHZ Quad core ARM processor
802.11n wireless support
These new additions can definitely help us in our quest to create the perfect portable pen-testing platform, but as we'll see a little later, some of these features are still not quite ready for prime time.
So with all these options to choose from, we selected the Raspberry Pi 3. The power was there with the Quad cores running at 1.2 GHz as well as SDRAM. But that wasn't just it, the Raspberry Pi 3 also offered the flexibility to use new pen-testing tools with the built-in wireless, as well as Bluetooth. We were very excited to see these new options compared with the past versions.
One of the first things we notice about the operating systems we can run on Raspberry Pi is that the list is pretty extensive. There is a lot of support for the hardware. That is yet another reason why we chose the Raspberry Pi hardware versus the other platforms that are available. For the penetration testing software, we chose to use Kali Linux (https://www.kali.org) for our Pi pen-testing box. Kali Linux comes with a ton of security tools already installed, and it is the successor to BackTrack, a well-respected, security-oriented Linux distribution we've used in the past. The Raspberry Pi custom images for Kali Linux are maintained by Offensive Security (https://www.offensive-security.com/).
Kali Linux is not the only great distro (or distribution) the specific blend of Linux operating system and applications) out there. Other great pen-testing distros are available for penetration testing. These other distros include PwnPi, Raspberry Pwn, and PwnBerry Pi. We will talk about these distros a little later in the book, specifically in Chapter 6, Finishing the Attack - Report and Withdraw. But for now, we are going to focus on Kali Linux as our distro of choice because of its huge community and support for most projects we targeted to include in this book.
If just looking for the supported distros for the Raspberry Pi, you can check out the Raspberry Pi website for downloads (https://www.raspberrypi.org/downloads/). The New Out Of Box Software (NOOBS) is a great option if you are unsure and is the recommended default.
Purchasing a Raspberry Pi can be a daunting task. There are lots of kits on the Internet to choose from, as well as a ton of accessories available. We went to the CanaKit website (http://www.canakit.com) to look over some of the options. For beginners to the Raspberry Pi, we definitely suggest getting one of many available kits rather than piecing together the platform. Most, such as the CanaKit we selected, come with a lot of the things we will need right away, and will save us some money by buying the bundle versus purchasing the individual components a la carte.
The two main CanaKit offerings for Raspberry Pi 3 are the Ultimate Starter Kit and the Complete Starter Kit. The Ultimate Starter Kit comes with quite a few more accessories than the Complete Starter Kit. These additions include breadboards, a ribbon cable, a General-purpose input/output (GPIO) to Breadboard interface card, just to name a few. The price is only $15.00 more for all the additional stuff, so we went with the Ultimate Starter Kit because we not only found it to be the best deal overall, but also were not sure what future projects we may need the additional hardware for. We ordered ours through Amazon for about $89. Shop around, there are other sites out there as well to order from, and if we were in education, there are sites that provide these kits at significant discounts.
The following image is from CanaKits of the Complete Starter Kit, which is a good option if we were looking for all the major components needed in this book at the lowest price:
As for the Ultimate Starter Kit, the following image from CanaKits shows just how much more is included. This is one of the kits we purchased, just so we had more project options in the future:
Putting together Raspberry Pi 3 for basic operation is a pretty straightforward process. There are a few items that need to be assembled before the initial use. Depending on package we get, we may have some additional parts that can be put together. The first thing we did was installed the heat sinks onto both the Broadcom chip, as well as the LAN chip:
Next, we put the board in the case for protection, since we don't want anything to happen to our Raspberry Pi. There are different case options, and depending on the kit we get, we may get a different color or type. For example, there may be a need to hide our Pi from others. So stealth is sometimes a need or requirement, and the Pi can be hidden in objects or placed in a plain white case to look like it belongs to something else, such as a power adapter. In situations such as this, we may want to consider using a USB power supply to power our Raspberry Pi so as not to draw attention to the power cable running from the hidden Pi to the wall. This is ideal for a true plant scenario. Based on our tests, powering our Pi with the USB power stick gives us about 1 week or so, but our mileage will vary depending on the size of the power stick, as well as how heavily we consume the resources of the Pi over that time period.
Some people choose not to use the heat sinks or want to know if they are needed. We would always use the heat sink, especially if the Raspberry Pi is in a case and/or you plan on overclocking it (more on that topic in Chapter 2, Preparing for Battle). The chips tend to get a little hotter than the previous generations, and the last thing you would want to do is to overheat your Raspberry Pi.
After that, the Raspberry Pi 3 was fully assembled, we merely hooked up our monitor via the High-Definition Multimedia Interface (HDMI) interface using the cable provided,which is plugged in our USB mouse and keyboard, and start preparing for the SD card for the operating system.
The first step in installing Kali Linux onto our Raspberry Pi 3 is to prep the microSD card. For Kali Linux, we need to have at least 8 GB of capacity. For best performance, we'll try to make sure that the microSD card is a class 10. We want to make sure that with all of that new power and speed from the Quad core CPU, we won't get slowed down by a slow microSD card. It also helps to ensure that any separately purchased SD cards we may be considering are compatible or suitable, as some SD card brands and product lines work better than others. A great resource for checking this is the eLinux website (http://elinux.org/RPi_SD_cards).
Be sure to check out the SD Associations website to get a better understanding of the class speeds of the SD cards and where to locate them. This holds true for all types of SD cards, including the microSD cards, which are used on Raspberry Pi 3.
The SD card that comes with our Raspberry Pi may have software on it already. Ours came with NOOBS on it, which is handy if we are not sure what distro we are looking for, as we can choose from several options in the menu within NOOBS. Because we knew we wanted Kali Linux on our Raspberry Pi, we formatted the microSD card to start fresh and installed our own operating system on it. It is always a good idea to copy the existing content of the microSD card to another place before blowing it away. This way, we have the initial version of NOOBS in case we need to use that in the future. With the Ultimate Starter Kit, we received a USB-based microSD adapter. This is a very handy adapter, as most computers do not have a microSD card slot on them, including Apple devices. We plugged in our 32 GB microSD card into the adapter and then into our computer; then, we were ready to rock.
The following image shows the USB-based microSD adapter that we used in our lab:
Getting the right image of Kali is important for proper operation. When we browse https://www.kali.org/, we can find all the options available for Kali Linux. Since we are using an ARM processor on the Raspberry Pi, we will need to install the Raspberry Pi-specific image. The link will redirect us to the Offensive Security site (https://www.offensive-security.com/kali-linux-arm-images/) for a custom Kali image. We should note that there are lots of different ARM options depending on the hardware platform we are using. Since we are using Raspberry Pi 3, we will choose the version that works with that platform. We'll make sure that we note where our image gets downloaded to, so we don't have to go searching later. The ARM image is specifically designed for the Raspberry Pi hardware versus the full-blown image. Again, let's verify that we download the correct image.
It's a best practice to compare the SHA1 sum of your downloaded file to the SHA1 sum posted on the website. This way you can make sure that your image hasn't tampered with prior to installation.
Now that we have the image downloaded and ready to install, we need to write it to the microSD card. How we do this will depend on the operating system that we are using. For Windows, we can use the
Win32DiskImager. This utility is available at the following URL:
Once the utility is downloaded and opened, we are ready to proceed with imaging the SD card. We will first need to unzip the Kali image. We can use a program such as 7-Zip to unzip the image. When we unzip the file, we will be left with a folder, where we will find the
.img file. We then need to select the image file in the
Win32DiskImager utility, as well as the correct drive letter for the microSD card we want the image to go on. Let's click on Write, and let it do its job. This process can take some time, so be patient. When it's complete, press the Exit button.
The following screenshot is of the
Win32DiskImager utility. It's a great little utility that is very easy to use:
If we are using a Mac or Linux machine, we can use the built-in
dd utility to do the writing of the image.
The process on the Mac is as follows:
We'll first open up a terminal window on the Mac.
We will need to unzip the image. We used a utility named
xz. We can also use popular tools such as Keka and The Unarchiver:
xz -d kali-2.1.2-rpi2.img.xz
We then need to unmount the microSD card. To determine which device to refer to, we can use the
diskutil listcommand. We can tell which disk is the correct one by either the size or by doing a preceding and following and seeing what disk has shown up:
Once we have the correct device, we can unmount the microSD card by typing the following command, where disk-specified matches our device mount:
diskutil unmountDisk /dev/disk2
Once we have unmounted the microSD drive, we can begin to copy the image over using
dd. Let's type the following
ddcommand to write the Kali Linux image to the microSD card. We need to make sure that we select the correct input file, as well as the correct output disk. This process can take some time, so we shouldn't feel as though it is not doing anything. On our computer, it took just over 10 minutes, but that time may vary. If we get impatient, we can press Ctrl + T to see the how much of the copy has completed:
sudo dd if=kali-2.1.2-rpi2.img of=/dev/disk2 bs=1m
Make sure that your current working directory contains the Kali Linux image. It will make it easier in your
ddcommand if you can just specify the file.
The following screenshot shows our machine performing those commands. We can see that we pressed Ctrl + T a couple times along the way to make sure that
ddwas still working:
Finally, we'll cleanly unmount the microSD card. We can use the following command:
diskutil eject /dev/disk2
Our image should be all set, and we are ready to install the microSD card into our Raspberry Pi:
Once we remove the USB-based microSD adapter from our computer, we'll take out the newly setup microSD card and place into Pi. We can then hook up the power and watch it boot.
The microSD slot on Raspberry Pi 3 is not spring loaded like Raspberry Pi 2. Because of this, be careful when plugging the microSD card in. It may feel strange when you don't get that locked-in feeling - just don't overdo it when pushing it into the slot. We were actually contacted by CanaKit confirming this change, so we didn't break our Raspberry Pi trying to get the microSD card to click into place.
Booting time on Raspberry Pi 3 is pretty quick due to the nice bump in hardware compared with previous versions. Once Kali Linux boots up, it should be at a login prompt within the GUI. Here, we can log in the first time with the following credentials:
We'll click on Log In, enter our default credentials, and we should be logged into Kali Linux now, ready to get started. This is where the fun begins!
We know that it's tempting to just dive on into the Kali Linux interface and start running some great security tools. But first, there are some important housekeeping items to take care of. These items are as follows:
Changing our password.
Updating Kali Linux.
Resizing the partition to use all the available space on that large microSD (32 GB in our case). This will dramatically reduce the chance of running into common issues found with using Kali Linux on Raspberry Pi.
First on our list is to change our password. Kali Linux ships with the same default credentials, so we'll want to make sure that no one can log into our box except us. How embarrassing would be it if we had our penetration testing box penetrated by another party. Think of the irony there! To start this process, we need to open up a terminal and enter the
passwd command. We'll be asked to type the password in twice to make sure that it is correct:
The other very important thing to do is to update Kali as soon as we can. This will ensure that we have the latest and greatest versions of code and applications. The process for updating Kali is pretty straightforward. We'll simply type the following commands into the CLI.
The upgrade will install all the newest version of the packages installed. The
dist-upgrade command will install this plus intelligently updates all the dependencies with the new versions of packages. The
dist-upgrade command is certainly not required, but we definitely recommend it:
apt-get update apt-get upgrade apt-get dist-upgrade
After this, we reboot our Raspberry Pi 3, and when it comes back, we should have a fully updated operating system, ready for playing around with some pen-testing tools.
Next, we want to resize the partition to use all the available space on our 32GB microSD card. We will show two different ways of doing this. The first way will be via the CLI. The second will take advantage of gparted in GUI.
Starting with CLI, if we run the
df -h command, the following figure shows we don't have a partition that is close to the size of our microSD card. It is currently only at 6.7G:
The process to expand this partition involves a couple of steps. The following steps will help us unlock the full usable size of our microSD card. It is important to have that extra space for log files, command outputs, or tcpdumps.
We need to make sure that we follow the steps very carefully, as we wouldn't want to erase our root partition. This process uses the
resize2fs commands. Here is the process that we used:
Let's check enter the disk utility, where we can view where the partitions currently stand. Here, we will want to run the
fdiskcommand to check our current partitions:
This will get us into the
fdiskutility so that we can plan our changes to the partition table.
Now we'll obtain partition information. Once at the Command (m for help) prompt, we'll enter
p. This will dump out the partition information for our microSD card:
Now let's delete current partition. We'll exit from the
fdiskutility by typing
q. We now want to get into the parted utility and specify the microSD card we wish to modify. The device information was gleaned from the previous step. We can accomplish this by typing the following command:
This will take us into the partition table utility. Once at the
(parted)prompt, we will want to change the unit to
chs, which is for cylinders, head, and sectors. This will allow us to get the correct numbers for the resize. To do this, let's type
(parted) unit chs
Once we set the correct unit, we want to print out the partition information in the correct unit within parted. This will give us the correct sizes that will allow us to resize your partition. To do this, we'll just type
Now, in this output, we are going to want to write down or remember the total size of the microSD card. This is found in the line that starts with
Disk. In our example, it was the following:
Disk /dev/mmcblk0: 3822,237,62
Once we have the total size of the microSD in the
chsunit, we can delete the second partition. Let's pay particular attention here, as we don't want to delete the root partition. At the prompt, we will want to type
rm 2, where 2 is the partition number:
(parted) rm 2
We will be prompted with an error and asked to either
Cancel. Let's type
We have now removed the unneeded partition. We can confirm this by printing out the partition information again, and it will show that only one exists:
At this point, we can see that we only have that one partition and are ready to create the extended partition that uses all of the available space. The following figure is a screenshot of all that we talked about in steps 3-9:
Now let's create the new partition. We will use
partedagain, but this time to create the partition. First, let's start the tool by entering the
partedcommand. Once in
parted, we can make the new larger partition. This is where those numbers we saw and recorded in the
parted printcommand in the previous section come into play. At the prompt, we will want to use
mkpartto make the partition, with the first number being one number higher than the End sector number on the first partition. The second number is the disk number size we saw in that same output. For our microSD card partition, we ran the following command:
(parted) mkpart primary 7,199,9 3822,237,62
Once that command has been entered, we will get a warning; we can hit
ito ignore it. After that, we want to verify that our partition has been created. We can use the
partedto accomplish this. We should see the second entry, which shows the correct usable space for our microSD card. We can now quit out of
parted. The following screenshot shows steps 11 and 12 of our example:
Let's expand the filesystem. Now that we have all this space, we want to make sure that the filesystem can take advantage of it. We can accomplish this by using the
resize2fscommand. We will run this against that newly formed partition. The following command results in the following screenshot:
Finally, we'll need to perform some verification. We can now verify that everything worked as planned if you run that same
df -hcommand we did initially. We should see that the size closely matches our microSD card's advertised usable space:
Now that we've seen the CLI commands to increase that partition size, let's look at another way of using the GUI interface within Kali Linux. These steps will walk through the process:
The tool we use is
gparted, which is installed using the following command:
apt-get install gparted
Once we have installed it, we can launch it via command line (via X over SSH) using
gparted. Once the GUI has started, we can click on the Resize/Move button:
From here, we will click on the edge of the fat16 partition and drag it over to include all of the unallocated space:
Now we will click on Apply and verify that we indeed want this operation:
It will take some time, but it will show us the progress of our repartitioning:
Once it's completed, we can now see that the fat16 partition that Kali Linux resides in now has direct access to the entire SD card:
While it is useful to consume the entire physical drive with this partition, we may have situations that require multiple partitions to be used. We can certainly adjust our approach with
gpartedto accomplish this.
We recommend backing up the original system software that came with our Raspberry Pi before formatting it for a Kali Linux installation. Most Raspberry Pi microSD cards come with a form of NOOBS that contains various operating system options from which you can select our primary operating system. Hopefully, we took our own advice earlier and copied the default files that came on our microSD card to another location. If so, we can just copy them back to the SD card. But, if we didn't copy those files off, we can download the NOOBS software again from the following URL if needed:
One of the best use cases for cloning is to create a gold image of Kali Linux for our Raspberry Pi. Once we have that image all set, we can clone that image to use on other microSD cards. In our example, we will copy our gold image to a file named
The cloning process for our SD card is very simple. Many Windows utilities, such as Win32 Disk Imager, which was covered earlier in the chapter, will make an exact copy of the SD card. On a Mac, we can open a command prompt to identify our SD card and type the
diskutil list command:
In the preceding screenshot, our microSD card is
/dev/disk2. On another system, our microSD card might be different than in this example, so we'll need to make sure to verify naming for each setup. We can clone our card by creating a disk image and saving it to the desktop. We will issue the following command to accomplish this task:
sudo dd if=/dev/disk2 of=raspberrypi.img
The following screenshot shows how we had to enter our password before the command would execute:
It can take 30 minutes or more to clone an SD card. The speed of creating the image will depend on the size and speed of the microSD card, the amount of data on it, the speed of the copying computer, and the block size we specify. In other words, we will need to be patient and let it copy.
Here is a list of some of the common problems that we either ran into or have heard others having:
Power issues: We (again, as in the first edition) attempted to use small USB keychain power adapters that had 5V micro-USB power to make our system very portable. Sometimes, these worked, and sometimes, they just showed that Raspberry Pi was powered, but the system didn't boot. It can be difficult to determine without first testing this because sometimes certain power adapters won't work with a particular configuration. Most Raspberry Pi boards have lights on the side, showing red for power and yellow for when it is operating properly. We can check the manufacturer's website of each model for more details. USB power can be a very important feature if using these for stealth, so we'll need to make sure that they are tested before implementation in a penetration test.
MicroSD card reading issues: We've heard that some people's microSD card readers didn't identify the SD card once it was inserted into their systems. Some Mac users claimed that they had to blow into the SD reader hole, whereas others found that they had to use an external reader to get the microSD card to be recognized by the system. We recommend trying another system. If we are purchasing a microSD converter, we should ensure that the seller has listed it as being Raspberry Pi microSD compatible. An external microSD reader shouldn't cost more than $10. If we find that your Raspberry Pi isn't working once we install an image to the microSD card, we can check that the microSD card is inserted properly. We need to make sure that the card is fully inserted since there is no spring-loaded mechanism on Pi 3. If it doesn't seem like it's sliding in properly, the microSD card is probably upside down or it is the wrong type of card. If we insert the microSD card properly and nothing happens once the system is powered up, we can verify that we are using the correct power. Another problem could be that the image wasn't installed properly. We found that some people had their computers go to sleep mode during the
ddprocess, causing only part of the Kali Linux image to copy over. Before installing, we should always verify that the image is copied over properly. We should also check whether the image that we downloaded is authentic. Offensive Security includes SHA1SUM, which we can use to verify whether our image has been tampered with. Another issue we encountered was in the way we uncompressed the
tarfile. We need to ensure that we use a valid method or the image file could become corrupted. If we notice that the image is booting, we can watch the boot sequence for error messages before the command prompt becomes available.
Permission denied: Many Mac users found that they didn't have the proper permissions to run the
ddcommand. This permission issue could be caused by a few different things. First, let's make sure that our microSD card or SD adapter doesn't have a protection mode that is physically set. Next, we should verify that the reader and the adapter are working properly. There have been reports that MAC users have had to blow into the SD reader to clear the dust and get it to function properly. We should also use the
sudocommand for the entire statement as stated in the previous warnings. If the error continues, we can try an external microSD reader as our current one may permit formatting but have problems with the dd command.
Kali Linux programs not found in GUI: We found that some versions of the Kali Linux ARM image for Raspberry Pi would boot up properly, launch GUI once booted, but would not display the Kali Linux tools in the applications drop-down menu once GUI was done loading. This is a similar problem to the display issue explained earlier, which means that it can be fixed by performing the
apt-get upgradesteps explained in this book that tell us what to do once we log into GUI for the first time. The update and upgrade process should install and upgrade any missing file or older drivers that are causing this problem. We once found that after going through the update and upgrade process and rebooting the system, the Kali Linux software appeared under the applications menu.
Unable to extract the .xz file: To extract this type of file, we need to have an extract or unzip program that understands
.xyfiles. OS X is supposed to be able to do this natively, but we were unsuccessful, and had to download a program to do that.
Unable to boot to Kali: When we use
Win32DiskImager, we should select the image that we extracted from the file we downloaded and NOT the
Using dd to copy the image over takes a long time: We should specify a block size using the
bs=XXcommand, where XX is the size, to avoid these longer waits. Finding the right block size can be tricky, but we used
bs=1minitially, and had no issue. The time difference of using that specified block size was 10 minutes, compared to 193 minutes without not specifying the block size.
In this chapter, we covered the various hardware options available as well as why we chose the Raspberry Pi 3. We discussed the various kits that are available, the benefits of buying kits, and their differences. We also talked about the various software platforms out there and why we chose Kali Linux as our software platform of choice.
Next, we covered our approach to getting started with Kali Linux and the Raspberry Pi 3. This included getting the hardware prepped, installing software on the microSD card, and the basics of setting up Kali Linux to ensure its security. At this point, we should have a fully functioning and up-to-date Kali Linux installation running on our Raspberry Pi 3, and be ready to start diving into the tools that will turn this computer into a powerful pen-testing platform.
In the next chapter, we will start diving into some of the essential tools that will allow us to access and use the Raspberry Pi 3 as the pen-testing box. This will include several methods we can use to remotely and securely access the Raspberry Pi 3, configuring various types of interfaces, and setting up a command and control server.