Book Image

Penetration Testing with Raspberry PI

Book Image

Penetration Testing with Raspberry PI

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Penetration Testing with Raspberry PI
Jan, 2015 | 208 pages
No titles found
Table of Contents (14 chapters)
Penetration Testing with Raspberry Pi
Penetration Testing with Raspberry Pi
Credits
Credits
About the Authors
About the Authors
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Disclaimer
Disclaimer
Preface
Preface
Free Chapter
1
Raspberry Pi and Kali Linux Basics
Raspberry Pi and Kali Linux Basics
Purchasing a Raspberry Pi
Assembling a Raspberry Pi
Installing Kali Linux
Combining Kali Linux and Raspberry Pi
Cloning the Raspberry Pi SD card
Avoiding common problems
Summary
2
Preparing the Raspberry Pi
Preparing the Raspberry Pi
Raspberry Pi use cases
The Command and Control server
Preparing for a penetration test
Overclocking
Setting up wireless cards
Setting up a 3G USB modem with Kali Linux
Setting up the SSH service
SSH default keys and management
Reverse shell through SSH
Stunnel
Installing a Stunnel client
Wrapping it up with an example
Summary
3
Penetration Testing
Penetration Testing
Network scanning
Cracking WPA/WPA2
Getting data to the Pi
Driftnet
Tuning your network capture
Scripting tcpdump for future access
Beating HTTPS with SSLstrip
Summary
4
Raspberry Pi Attacks
Raspberry Pi Attacks
Exploiting a target
Metasploit
Social engineering
Phishing with BeEF
Rogue access honeypots
Summary
5
Ending the Penetration Test
Ending the Penetration Test
Covering your tracks
Masking your network footprint
Developing reports
Summary
6
Other Raspberry Pi Projects
Other Raspberry Pi Projects
PwnPi
Raspberry Pwn
PwnBerry Pi
Defending your network
Running Raspberry Pi on your PC with QEMU emulator
Other Raspberry Pi uses
More uses
Summary
Index
Index

Installing Kali Linux

You are now ready to download Kali Linux on your Raspberry Pi. By default, the Kali Linux installation for the Raspberry Pi is optimized for the memory and ARM processor of the Pi device. We have found that this works fine for specific penetration objectives. If you attempt to add too many tools or functions, you will find that the performance of the device leaves a lot to be desired, and it may become unusable for anything outside a lab environment. A full installation of Kali Linux is possible on Raspberry Pi using the Kali Linux metapackages, which are beyond the scope of this book. For use cases that require a full installation of Kali Linux, we recommend you use a more powerful system.

To install Kali Linux on Raspberry Pi, you will need to download the custom Raspberry Pi image from Offensive Security. You can do this from http://www.offensive-security.com/kali-linux-vmware-arm-image-download/.

The following image shows the Kali Linux Custom ARM Images available for download:

Tip

The best practice is to compute and compare the SHA1SUM hash of the image to verify it has not been tampered with prior to installation.

Once the image is downloaded, you will need to write it to the microSD card. If you are using a Linux or Mac platform, you can use the dd built-in utility from the command line. If you are using a Windows system, you can use the Win32 Disk Imager utility.

The Win32 Disk Imager utility is a free tool that is used to write raw images onto SD/microSD cards.If you are using a USB adapter for your microSD card, you might face difficulty in getting the tool to work properly since some people have reported this problem.

You can download the Win32 Disk Imager utility from http://sourceforge.net/projects/win32diskimager/.

Once the tool is downloaded, you simply need to select the image file and your removable media to start the image writing process. This process can take a while to complete. On our systems, it took almost 30 minutes to complete.

You are now ready to install the Kali Linux image that you downloaded earlier. Uncompress the archive onto your desktop. You can use a utility such as 7-Zip to uncompress the archive.

The following screenshot shows the Win32 Disk Imager utility:

If you are using a Mac platform, the first step is to determine from where the operating system is reading your SD card. You can do this from the terminal by issuing the diskutil list command as shown in the following screenshot:

You can see from the screenshot that my SD card is listed as disk1. You can also see that I have existing partitions on the microSD card. This indicates that I did not format my media. You should go back to the beginning of this chapter and ensure that you have formatted your media before you continue further.

Although I prefer to use the SD Card Formatter application described earlier, you can also format the SD card directly from the command line on your Mac using the following steps:

  1. First, you will need to unmount your SD card by issuing the diskutil unmountDisk /dev/disk1 command.

  2. You can now format the SD card by issuing the sudo newfs_msdos -F 16 /dev/disk1 command. (Make sure you select the correct disk. Failure to do so could result in catastrophic consequences.)

    Tip

    It is highly recommended that you use a partition tool and clear out any partition before formatting.

  3. You will be asked to enter your Mac OS System/Administrator password.

Tip

I have used disk1 in the commands that require an SD card number, as my SD card was assigned as disk1 automatically by my operating system. Your operating system might assign a different disk number to your SD card. Make sure to include your disk number when you issue the commands.

Formatting your SD card before copying the image is considered to be the best practice. One thing to note is that we will be using the dd command, meaning it is not required to format your SD card since the dd command performs a bit-by-bit copy from the image to the SD card. Formatting is recommended to prevent other errors and anomalies.

You are now ready to install the Kali Linux image that you downloaded earlier. Now, uncompress the archive onto your desktop. You can use a utility such as The Unarchiver or Keka for Mac to uncompress the archive.

Then, determine the name of your uncompressed image. In my example, the name of my uncompressed image is kali-1.0.9-rpi.img. You will once again need to identify how the system sees your SD card. You can do this again by issuing the diskutil list command.

You can create and install the image by issuing the following command (you may be asked for your Mac OS System/Administrator password again):

sudo dd if=~/Desktop/kali-1.0.9-rpi.img of=/dev/disk1

The following image shows the launch of the previous command:

The command prompt will freeze while the image is written to the microSD card. Sit back and relax as the process can take some time. On my system, it took over 30 minutes to complete.

Tip

You can see how far the dd process has progressed by pressing Ctrl + T and sending the SIGINFO command to the running process.

The following image shows the frozen command prompt when the image is being written to the microSD card:

Note

You may experience a permission denied error when you write the image to the microSD card on OS X systems if you do not include the sudo command. If you use a variation of this command, make sure the sudo command applies to the entire command by using brackets or you may still get this error.

Once you have completed the installation of the image, simply insert the microSD card into your Raspberry Pi and boot the system by plugging in its power source. Booting the system can take up to 5 minutes. You will be able to log in to the system using root as the username and toor as the password. If you wish to start the graphical environment, simply type startx in the terminal. Congratulations! You now have a working Kali system on your Raspberry Pi.

Note

The system can take some time to boot. The Raspberry Pi supports the Graphical User Interface (GUI) and you can invoke it using the startx command. However, we recommend that you only use the command line on the Raspberry Pi. If you issue the startx command, the GUI can take up to 20 minutes to load and possibly act very slow or unresponsive.

Previous Section
End of Section 4
Next Section