Kali Linux is one of the most popular penetration testing platforms used by security professionals, hackers, and researchers around the world for security and vulnerability assessment, attack research, and risk testing. Kali Linux offers a wide variety of popular open source tools that can be used in all aspects of penetration testing. Kali Linux has evolved from BackTrack 5 R3 into a model of a complete desktop OS.
The Raspberry Pi is an extremely low-cost computer that plugs into a monitor using High Definition Multimedia Interface (HDMI) and uses your own USB keyboard and mouse. Many computer experts remember the days when computers would not just turn on and begin to operate; you had to actually do something with them. Raspberry Pi provides an environment to learn computing and programming at an extremely affordable price. People have used the portability and low cost of the device to build learning devices, remote cameras, security systems, earthquake detectors, and many other projects.
In this chapter, we will cover the following topics:
Purchasing and assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
In this book, we chose the Raspberry Pi Model B+. You won't find any major differences if you are using another model; however, you may need to tune some things to work with your particular configuration.
The following figure shows a Raspberry Pi Model B+ and highlights the differences between Model B and Model B+:
There are some available Raspberry Pi bundles such as the Raspberry Pi Ultimate Kit, which at the time of writing this book was available for $79.99 in US from
www.amazon.com. This kit provides a Raspberry Pi Model B+, case, power adapter, and Wi-Fi dongle. You can also find the basic B+ model that does not include the power adapter, SD card, and so on. This means that you can just get the chipboard for around $40 on
www.amazon.com. Some tasks, such as wire tapping, may require a second Ethernet port, but the Raspberry Pi by default only offers one Ethernet port.
You can purchase a USB to Ethernet adapter for around $11.00 to meet this purpose. Also, many kits do not include an SD adapter for most computer readers. For example, portable MacBook Pro computers offer an SD port; however, you will need to pick up a microSD adapter for under $10 to be able to format the Raspberry Pi microSD card. For wireless penetration testing, you will need a USB to wireless adapter that can be purchased for around $10. Overall, most Raspberry Pi components are inexpensive, keeping the total project cost for most systems between $50 – $100.
The following image shows an example of an unboxed Raspberry Pi chipboard:
The following image is an example of a USB to Ethernet adapter:
The following image is an example of a microSD to SD adapter:
The following image is an example of a USB to Wi-Fi adapter:
In this book, we will explore how to use Raspberry Pi as a remote penetration testing agent, and use its wireless features to connect back to central management systems. It is most likely that you will need the components mentioned previously at some point as you become more familiar and comfortable with the Raspberry Pi using Kali Linux or other penetration testing applications.
Here is a summary list of the cost to build a Raspberry Pi for a penetration test:
Raspberry Pi B+ Model ranges between $35 and $45
USB to wireless adapter ranges between $10 and $20
USB to Ethernet adapter ranges between $10 and $20
SD to microSD converter with microSD card ranges between $10 and $20
USB power supply for mobile penetration testing ranges between $10 and $20
Starter kit bundles can range from $60 to $90 depending on what is included in them.
A Raspberry Pi is typically just a chipboard with exposed circuits. Most people want to protect their investment as well as conceal their Raspberry Pi at a target location using a case. The majority of Raspberry Pi cases are designed to either pop in the circuit board or slip between wedges designed to hold the Pi in place. Once your Raspberry Pi is seated properly, most cases have a cover to seal the Pi while exposing the input ports.
The next step for assembly is to attach the input and output devices such as keyboard, wireless adapter, and mouse. The Raspberry Pi Model B+ offers four USB input ports for this purpose. There is also an HDMI output that is used to connect it to a monitor. For power, the Raspberry Pi uses 5 V micro USB power that can come from a USB hub, power adapter, or such other devices. The brain for the Raspberry Pi is the software installed on the microSD card; however, we need to first install the Kali Linux image on it before inserting it into the Raspberry Pi.
Some Raspberry Pi microSD cards come with preinstalled software. It is recommended to clone this software prior to formatting the microSD card for Kali Linux so that you have a backup copy of the factory-installed software. The process to clone your microSD card will be covered later in this chapter.
Now that your Raspberry Pi is assembled, we need to install Kali Linux. Most computers do not have microSD ports; however, many systems such as Apple MacBooks offer an SD input port. If your system does not have an SD port, external USB-based SD and microSD adapters are also available that are very cheap. For my example, I'll be using a MacBook that has an SD drive and a microSD adapter to allow me to format my Raspberry Pi microSD card.
Your Raspberry Pi microSD card should have a minimum size of 8 GB to run Kali Linux properly. You also need to make sure that the microSD card is a high performance card. We recommend a minimum of a class 10 card for most projects.
The following image shows a class 10 Kingston 8 GB microSD card:
Once you have found a way to use your microSD card in your computer, you will need to format the card. A free utility is available from the SD Association at www.sdcard.org, as shown in the following screenshot:
Go to https://www.sdcard.org/home/ through your web browser.
On the left-hand side menu bar, select Downloads.
Then, select SD Card Formatter 4.0.
Then, select your platform. A Mac and a Windows version is available.
Finally, accept the End User License Agreement, download the software, and install it.
Once you have downloaded and inserted your SD card, launch the SD Card Formatter application. Make sure that you select the correct media, and when it is ready, click on the Format button. This will erase all the information on the SD card and prepare it for your Kali Linux installation.
Make sure that you format the right drive or you could erase data from another source.
Make sure to make a backup copy of the existing image before formatting your microSD card to avoid the loss of default software or other data. Cloning a microSD card is covered later in this chapter.
If you are an Apple user, you can use the Disk Utility by clicking on Finder and typing
Disk Utility. If your microSD card is seated properly, you should see it as a Drive option. Click on the microSD card and select the second tab in the center called Erase. We recommend that you use MS-DOS (FAT) for the Format. You won't need to name your microSD card, so leave Name blank. Next, click on the Erase... button to format it.
You are now ready to download Kali Linux on your Raspberry Pi. By default, the Kali Linux installation for the Raspberry Pi is optimized for the memory and ARM processor of the Pi device. We have found that this works fine for specific penetration objectives. If you attempt to add too many tools or functions, you will find that the performance of the device leaves a lot to be desired, and it may become unusable for anything outside a lab environment. A full installation of Kali Linux is possible on Raspberry Pi using the Kali Linux metapackages, which are beyond the scope of this book. For use cases that require a full installation of Kali Linux, we recommend you use a more powerful system.
To install Kali Linux on Raspberry Pi, you will need to download the custom Raspberry Pi image from Offensive Security. You can do this from http://www.offensive-security.com/kali-linux-vmware-arm-image-download/.
Once the image is downloaded, you will need to write it to the microSD card. If you are using a Linux or Mac platform, you can use the
dd built-in utility from the command line. If you are using a Windows system, you can use the Win32 Disk Imager utility.
The Win32 Disk Imager utility is a free tool that is used to write raw images onto SD/microSD cards.If you are using a USB adapter for your microSD card, you might face difficulty in getting the tool to work properly since some people have reported this problem.
You can download the Win32 Disk Imager utility from http://sourceforge.net/projects/win32diskimager/.
Once the tool is downloaded, you simply need to select the image file and your removable media to start the image writing process. This process can take a while to complete. On our systems, it took almost 30 minutes to complete.
You are now ready to install the Kali Linux image that you downloaded earlier. Uncompress the archive onto your desktop. You can use a utility such as 7-Zip to uncompress the archive.
If you are using a Mac platform, the first step is to determine from where the operating system is reading your SD card. You can do this from the terminal by issuing the
diskutil list command as shown in the following screenshot:
You can see from the screenshot that my SD card is listed as
disk1. You can also see that I have existing partitions on the microSD card. This indicates that I did not format my media. You should go back to the beginning of this chapter and ensure that you have formatted your media before you continue further.
First, you will need to unmount your SD card by issuing the
diskutil unmountDisk /dev/disk1command.
You can now format the SD card by issuing the
sudo newfs_msdos -F 16 /dev/disk1command. (Make sure you select the correct disk. Failure to do so could result in catastrophic consequences.)
You will be asked to enter your Mac OS System/Administrator password.
I have used
disk1 in the commands that require an SD card number, as my SD card was assigned as
disk1 automatically by my operating system. Your operating system might assign a different disk number to your SD card. Make sure to include your disk number when you issue the commands.
Formatting your SD card before copying the image is considered to be the best practice. One thing to note is that we will be using the
dd command, meaning it is not required to format your SD card since the
dd command performs a bit-by-bit copy from the image to the SD card. Formatting is recommended to prevent other errors and anomalies.
You are now ready to install the Kali Linux image that you downloaded earlier. Now, uncompress the archive onto your desktop. You can use a utility such as The Unarchiver or Keka for Mac to uncompress the archive.
Then, determine the name of your uncompressed image. In my example, the name of my uncompressed image is
kali-1.0.9-rpi.img. You will once again need to identify how the system sees your SD card. You can do this again by issuing the
diskutil list command.
You can create and install the image by issuing the following command (you may be asked for your Mac OS System/Administrator password again):
sudo dd if=~/Desktop/kali-1.0.9-rpi.img of=/dev/disk1
The following image shows the launch of the previous command:
You can see how far the
dd process has progressed by pressing Ctrl + T and sending the
SIGINFO command to the running process.
The following image shows the frozen command prompt when the image is being written to the microSD card:
You may experience a permission denied error when you write the image to the microSD card on OS X systems if you do not include the
sudo command. If you use a variation of this command, make sure the
sudo command applies to the entire command by using brackets or you may still get this error.
Once you have completed the installation of the image, simply insert the microSD card into your Raspberry Pi and boot the system by plugging in its power source. Booting the system can take up to 5 minutes. You will be able to log in to the system using
root as the username and
toor as the password. If you wish to start the graphical environment, simply type
startx in the terminal. Congratulations! You now have a working Kali system on your Raspberry Pi.
The system can take some time to boot. The Raspberry Pi supports the Graphical User Interface (GUI) and you can invoke it using the
startx command. However, we recommend that you only use the command line on the Raspberry Pi. If you issue the
startx command, the GUI can take up to 20 minutes to load and possibly act very slow or unresponsive.
The Kali Linux Raspberry Pi image is optimized for the Raspberry Pi. When you boot up your Raspberry Pi with your Kali Linux image, you will need to use
root as the username and
toor as the password to log in. We recommend you immediately issue the
passwd command once you log in to change the default password. Most attackers know the Kali Linux default login, so it is wise to protect your Raspberry Pi from unwanted outside access.
The following screenshot shows the launch of the
passwd command to reset the default password:
When you issue the
startx command, your screen might go blank for a few minutes. This is normal. When your X Windows (GUI) desktop loads, it will ask you whether you would like to use the default workspace or a blank one. Select the default workspace. After you make your selection, the desktop might attempt to reload or redraw. It may be a few minutes before it is fully loaded.
The following screenshot shows the launch of the
The first thing that you need to do is upgrade the OS and packages. The upgrade process can take some time and will show its status during the process. Next, you need to make sure you upgrade the system within the X Windows (GUI) environment. Many users have reported that components are not fully upgraded unless they are in the X Windows environment. Access the X Windows environment using the
startx command prior to launching the
apt-get upgrade command.
The following screenshot shows the launch of the
apt-get update command:
The following screenshot shows the launch of the
apt-get upgrade command:
Here are the steps you need to follow to open the Kali Linux GUI:
Ensure you are in the X Windows desktop (using
Open a terminal command.
After you have upgraded your system, issue the
sync command (as a personal preference, we issue this command twice). Reboot the system by issuing the
reboot command. In a few minutes, your system should reboot and allow you to log back into the system. Issue the
startx command to open the Kali Linux GUI.
You will need to upgrade your systems using the
apt-get update and
apt-get upgrade commands within the X Windows (GUI) environment. Failure to do so may cause your X Windows environment to become unstable.
At this point, you are ready to start your penetration exercise with your Raspberry Pi running Kali Linux.
As stated in various parts of this book, the Raspberry Pi is designed to be an inexpensive computing option designed for various purposes. Inexpensive systems offer limited computing power, so one major drawback when using a Raspberry Pi for any type of penetration testing is its lack of power to run resource-intensive tasks. For this reason, it's highly recommended that use a Raspberry Pi for specific tasks rather than a go-to attack arsenal, as a full-blown Kali Linux installation offers many more tools over the limited Kali Linux ARM architecture.
The following two screenshots show the difference between the options available for one toolset category in the Kali Linux ARM architecture and a full-blown Kali Linux installation. We also found that some of the tools in the Kali Linux ARM do not function properly when they are run from the GUI, or they just failed in general. You will find more reliable tools in a full-blown installation of Kali Linux on a more powerful system than a Raspberry Pi. Here is the Kali Linux ARM screenshot showing Live Host Identification tools, which are ncat and nmap:
Here are the tool options for the same Live Host Identification category found in a full-blown installation of Kali Linux. As you can see in the following screenshot, a lot more options are offered:
There are use cases for leveraging a Raspberry Pi outside of its "cool" factor. The first use case is delivering low-cost, remote penetration testing nodes to hard-to-reach locations. An example of this is when you offer penetration testing services to branch offices in China, UK, and Australia with limited bandwidth across sites. Rather than flying to each location, you can charge your customer the cost to build a Raspberry Pi and ship out each box to a location. You can have a local person plug in the Raspberry Pi as a network tap and perform the penetration test remotely, thereby dramatically saving in travel and hardware costs. In most cases, you can probably let the customer remove and keep the Raspberry Pi after the penetration test due to its low cost. You would have saved a customer thousands of dollars using this method as an alterative to enterprise cloud scanning tools that on a average have a much higher cost associated per location.
Another use case is abusing the average user's trust by physically accessing a target's location by claiming to be an IT or phone support representative doing maintenance. The Raspberry Pi chipboard can be hidden in any official looking hardware such as gutting a Cisco switch, hub, and so on, and placing the Raspberry Pi in one port. The average user wouldn't question a network box that looks like it belongs there.
In both these use cases, the major selling point is the Raspberry Pi's low cost, which means that losing a system won't break the bank. Also, both the use cases showcase the Raspberry Pi's value of being very mobile due to its small form. So, the Raspberry Pi makes a great alternative to more expensive remote penetration toolsets such as the ones offered by PWNIE Express (we are not saying that the PWNIE Express tools are not cool or desirable, but they will cost you a lot more than the Raspberry Pi approach). Speaking of which, you can run a light version of the PWNIE Express software on a Raspberry Pi as well, which is touched upon at the end of this book.
A common reason to consider a Raspberry Pi is its flexibility of design, its software, and its online community. There are thousands of websites dedicated to using the Raspberry Pi for various types of use cases. So, if you run into a snag, you are most likely to find a solution on Google. There are many options for operating systems and pretty much everything seems to be open source. This makes requirements for many design requests possible, such as the need to develop a large amount of affordable systems for mobile classrooms.
With a Raspberry Pi, the possibilities are endless. Regarding penetration testing, Kali Linux offers pretty much everything you would need for a basic exercise. The Kali Linux ARM is limited; however, you can always use
apt-get to download any missing tools to meet your requirements for a penetration testing exercise as long as the tool doesn't require massive computing power. We will be covering how to download missing tools later in the book. So, go shell out $50 – $100 on a Raspberry Pi and check out the online communities for more information on how you can take your Raspberry Pi to the next level.
It is recommended that you back up the original system software that came with your Raspberry Pi prior to formatting it for a Kali Linux installation. Most Raspberry Pi microSD cards come with a form of New Out of the Box Software (NOOBS) that contains various operating system options from which you can select your primary operating system. If you already erased your microSD card, you can download the NOOBS software from http://www.raspberrypi.org/downloads/.
The cloning process for your SD card is very simple. Many Windows utilities such as Win32 Disk Imager, which was covered earlier in the chapter, will make an exact copy of the SD card. On a Mac, open a command prompt to identify your SD card and type the
diskutil list command:
In the preceding screenshot, my microSD card is /dev/disk1. On your system, your microSD card might be different; so, make sure to verify it. I can clone my card by creating a disk image and saving it to the desktop. I will issue the following command:
sudo dd if=/dev/disk1 of=~/Desktop/raspberrypi.dmg
The following screenshot shows how I had to enter my password before the command would execute:
The process can take up to 30 minutes to clone an SD card. The speed of creating the image will depend on the size and speed of the microSD card, the amount of data on it, and the speed of your computer. In other words, be patient and let it copy.
One of the worst things is following the directions from a book and running into an error during the process. We have imaged multiple Raspberry Pi systems and at times experienced interesting and sometimes unpleasant behaviors. Here are some problems that we ran into with their suggested workarounds: hopefully, this saves you the time we spent banging our heads against the wall.
Power issues: We attempted to use small USB keychain power adapters that had 5 V micro USB power to make our system very portable. Sometimes these worked and sometimes they just showed that the Raspberry Pi was powered but the system didn't boot. Make sure to test this because sometimes you might find certain power adapters that don't work. Most Raspberry Pi systems have lights on the side, showing red for power and yellow for when it is operating properly. Check the manufacture website of your model for more details.
MicroSD card reading issues: We heard that some people's microSD card readers didn't identify the SD card once it was inserted into their systems. Some Mac users claimed that they had to "blow into the SD reader hole", while others found that they had to use an external reader to get the microSD card to be recognized by the system. We recommend that you try another system. If you are purchasing a microSD converter, make sure that the seller has listed it as being Raspberry Pi microSD compatible. An external microSD reader shouldn't cost more than $10. You can also follow the troubleshooting steps that are available at http://elinux.org/R-Pi_Troubleshooting.
If you find that your Raspberry Pi isn't working once you install an image to the microSD card, verify whether the microSD card is inserted properly. You should hear a slight click sound and it should pop in and out with the help of a spring-like support. If it doesn't seem like it's sliding in properly, the microSD card is probably upside down or it is the wrong type of card. If you insert the microSD card properly and nothing happens once the system is powered up, make sure you are using the correct power. The next problem could be that the image wasn't installed properly. We found that some people had their computers go to sleep mode during the
ddprocess causing only part of the Kali Linux image to copy over. Make sure that you verify whether the image is copied over properly. Also, verify whether the image that you downloaded is authentic. Offensive Security includes SHA1SUM, which is used to verify whether your image has been tampered with. Another issue could be the way you uncompressed the tar file. Make sure that you use a valid method or the image file could become corrupted. If you notice that the image is booting, watch the boot sequence for error messages before the command prompt becomes available.
Permission denied: Many Mac users found they didn't have the proper permissions to run the
ddcommand. This could be caused by a few things. First, make sure that your microSD card or SD adapter doesn't have a protection mode that is physically set. Next, make sure the reader and the adapter are working properly. There have been reports that MAC users have had to "blow into the SD reader" to clear the dust and get it to function properly. Make sure that you use the
sudocommand for the entire statement as stated in the previous warnings. If the error continues, try an external microSD reader as your current one may permit formatting but have problems with the
Blank screen after startx: If you access the command line and type
startx, you should see the Raspberry Pi start the Kali Linux GUI. This may take a few minutes to start depending on the size and speed of your Raspberry Pi as well as what you have installed. If you have too many applications installed that boggle your system, you may find that they overwhelm your Raspberry Pi and freeze the GUI. As stated earlier, we highly recommend using a Raspberry Pi for targeted penetration goals with limited functions rather than loading it with more tools than necessary. There are many other systems that are more powerful and should be considered over a Raspberry Pi if your mission requires heavy processing power or a full-blown version of Kali Linux. Also, we find that many applications run better using the command line rather than launching them from the GUI. It is recommended to use Kali Linux from the command line whenever possible.
Blank screen with working mouse after startx: We ran into this problem after we accessed the Kali Linux GUI, ran
apt-get updatefrom a terminal window, and rebooted the system. On the second boot, we ran
startxand found that the system seemed to boot properly; however, we were stuck with a blank screen and a working mouse. If we had an open web browser prior to shutting the system down, that browser would also appear; however, if we had closed it, then we would have nothing but a mouse scrolling over a blank screen. Sometimes our Raspberry Pi did this after the second
startxboot even if we didn't perform the update.
This problem is caused by some files that don't update properly while running
apt-get update, and this causes problems with the display adapter or just a general issue with the version of Kali Linux that you have installed. There are two possible workarounds for this.
You most likely ran the
apt-get upgradecommands outside the X Windows environment. Therefore, you will need to reimage and run your microSD card with a fresh version of Kali Linux, run
apt-get updateand then
apt-get upgradewithin the X Windows environment, and then sync and reboot your system. Follow these exact steps to avoid the problem.
The second workaround is to reimage your microSD card with a fresh version of Kali Linux and not run the
apt-get updatecommand. I know this, but some people will spend two weeks troubleshooting when they could have spent 30 minutes reimaging and moving on. Keep in mind that you may run into the blank screen with operating mouse problem regardless, so it is recommended to follow the update and upgrade procedure provided in this book prior to using Kali Linux on your Raspberry Pi.
Kali Linux programs not found in GUI: We found that some versions of the Kali Linux ARM image for Raspberry Pi would boot up properly, launch the GUI once we entered
startx, but would not display the Kali Linux tools under the applications drop-down menu once the GUI was done loading. This is a similar problem to the display issue explained earlier, which means that it can be fixed by performing the
apt-get upgradesteps explained in this book that tell you what to do once you log into the GUI for the first time. The update and upgrade process should install and upgrade any corrupt files that are causing this problem. We once found that after going through the recommended update and upgrade process, the Kali Linux software appeared under the applications menu upon successfully upgrading and rebooting the system.
A great resource for troubleshooting problems is http://elinux.org/R-Pi_Troubleshooting.
In this chapter, we covered options for purchasing hardware and how to assemble a Raspberry Pi. We discussed recommended hardware accessories such as microSD cards and Wi-Fi adapters so that you are able to complete the steps given in this book.
Once we covered purchasing the proper hardware, we walked you through our best practice procedure for installing Kali Linux on a Raspberry Pi. This included the detailed procedure to format and upgrade Kali Linux as well as the common problems that we ran into with possible remediation tips. At the end of this chapter, you should have a fully working Kali Linux installation, updated software, and everything running on your Raspberry Pi for a basic setup.
In the next chapter, we will discuss the advantage of using a Raspberry Pi as a penetration testing platform. We will cover how to optimize Kali Linux applications for the Raspberry Pi as well as how to remotely control and manage your Raspberry Pi as a Kali Linux attack platform.