• LOGIN
  • No products in the cart.

Raspberry Pi for Hacking by Luis Borralho

Introduction

In this article, I will show how to install a penetration testing operating system, used for hacking, on a Raspberry Pi 2 and how to do some basic configurations, like hardening your ssh connection to your Raspberry Pi, to make it connectable via vnc server, in a way that if you’re not so comfortable with the command line, you can use graphic access to it from your network. This article is not intended to teach you how to hack, but to be able to create your own Raspberry box for hacking purposes, white hat ones I hope :). I hope you will enjoy.  

Preparing for Install

I’ll show you how to install a Kali Linux image on a Raspberry Pi 2 and then show you some basic configurations so you can use it as your personal box for penetration testing and white hat hacking. Throughout this article, you’ll learn how to create the image on the SD card, how to boot your Raspberry Pi box and how to make some basic configurations to use your Rpi as a hack in a box.

 The material I used for this article was the following:

  1. Raspberry Pi 2

image62

image38

Figure 1 – Raspberry Pi 2  Model B v1.1 board

2. Kingston SD HC 16GB

image01-2

Figure 2- Kingston 16GB Micro SDHC

 

  1. USB keyboard
  2. USB Mouse
  3. Ethernet cable
  4. Kali Linux RPi2 Image Armhf
  5. Microsoft DC 5V Power

 

First we need to download the Kali Linux image for the Raspberry version we have from the site below.

 Raspberry Pi 2 – https://images.offensive-security.com/arm-images/kali-2.1.2-rpi2.img.xz 

image43

Figure 3- Offensive Security site with Kali Linux for Armhf

For older versions of the Raspberry Pi, go to the link below

https://www.offensive-security.com/kali-linux-arm-images/

Installation of Kali Linux Arm

For the installation of the operating system on your SD Card, I will show you how to do it using the Linux command line and a Windows utility.

Please note that the use of the dd tool can overwrite any partition of your machine. If you specify the wrong device in the instructions below, you could delete your primary Linux partition. Please be careful.

  • Run df -h to see what devices are currently mounted.
  • If your computer has a slot for SD cards, insert the card. If not, insert the card into an SD card reader, then connect the reader to your computer.
  • Run df -h again. The new device that has appeared is your SD card. The left column gives the device name of your SD card; it will be listed as something like /dev/mmcblk0p1 or /dev/sdd1. The last part (p1 or 1 respectively) is the partition number but you want to write to the whole SD card, not just one partition. Therefore, you need to remove that part from the name, getting, for example, /dev/mmcblk0 or /dev/sdd as the device name for the whole SD card. Note that the SD card can show up more than once in the output of df; it will do this if you have previously written a Raspberry Pi image to this SD card, because the Raspberry Pi SD images have more than one partition.

After doing df –h, I know that on my computer the SD Card partition is /dev/sdb2; look at the image below:

image66

Figure 4- df –h output

  • Now that you’ve noted what the device name is, you need to unmount it so that files can’t be read or written to the SD card while you are copying over the SD image.
  • Run umount /dev/sdb1, replacing sdb1 with whatever your SD card’s device name is (including the partition number).

image61

        Figure 5- Unmounting the device output 

  • If your SD card shows up more than once in the output of df, due to having multiple partitions on the SD card, you should unmount all of these partitions.
  • Extract the Kali Linux downloaded earlier using the following command,  xz -d kali-2.1.2-rpi2.img.xz

image42

Figure 6- Extracting the Kali Linux image

  • Now that we have extracted the image, in the terminal, write the image to the card with the command below, making sure you replace the input file if= argument with the path to your .img file, and the /dev/sdb in the output file of= argument with the right device name. This is very important, as you will lose all data on the hard drive if you provide the wrong device name. Make sure the device name is the name of the whole SD card as described above, not just a partition of it; for example, sdb, not sdbs1 or sdbp1, and mmcblk0, not mmcblk0p1.

dd bs=4M if= kali-2.1.2-rpi2.img of=/dev/sdb 

  • Please note that block size set to 4M will work most of the time; if not, please try 1M, although this will take considerably longer.
  • Also note that if you are not logged in as root, you will need to prefix this with sudo.
  • The dd command does not give any information of its progress and so may appear to have frozen; it could take more than five minutes to finish writing to the card. If your card reader has a LED, it may blink during the write process.

image49

Figure 7- Writing image to sd card command

  • To see the progress of the copy operation, you can run pkill -USR1 -n -x dd in another terminal, prefixed with sudo if you are not logged in as root. The progress will be displayed in the original window and not the window with the pkill command; it may not display immediately, due to buffering.

image40

Figure 8- Command to output the statistics of dd

image60

image39

Figure 9- Statistics of dd command after running pkill –USR1 –n –x dd

  • Instead of dd you can use dcfldd; it will give a progress report about how much has been written.
  • You can check what’s written to the SD card by dd-ing from the card back to another image on your hard disk, truncating the new image to the same size as the original, and then running diff (or md5sum) on those two images.
  • The SD card might be bigger than the original image, and dd will make a copy of the whole card. We must therefore truncate the new image to the size of the original image. Make sure you replace the input file if= argument with the right device name. diff should report that the files are identical.
  • dd bs=4M if=/dev/sdb of=from-sd-card.img
  • truncate –reference  kali-2.1.2-rpi2.img from-sd-card.img
  • diff -s  from-sd-card.img kali-2.1.2-rpi2.img
  • Run sync; this will ensure the write cache is flushed and that it is safe to unmount your SD card.
  • Remove the SD card from the card reader.

For those of you who use Windows, follow the instructions; first you need to download the w32diskimager utility from sourceforge, https://sourceforge.net/projects/win32diskimager/

  • Extract the executable from the zip file and run the Win32DiskImager utility; you may need to run this as administrator. Right-click on the file, and select Run as administrator.

image47

Figure 10- Win32 Disk Imager run

  • Insert the SD card into your SD card reader and check which drive letter was assigned. You can easily see the drive letter, such as G:, by looking in the left column of Windows Explorer.
  • You can use the SD card slot if you have one, or a cheap SD adapter in a USB port.
  • Select the image file you extracted earlier.
  • Select the drive letter of the SD card in the device box. Be careful to select the correct drive; if you get the wrong one you can destroy the data on your computer’s hard disk! If you are using an SD card slot in your computer and can’t see the drive in the Win32DiskImager window, try using an external SD adapter.
  • Click Write and wait for the write to complete.
  • Exit the imager and eject the SD card.

After ejecting the card from your computer, now you have to connect the card into the Raspberry Pi, and do a slight press till you hear a click,  like in the image below:

image72

 Figure 11- Inserting the sd card into the Raspberry Pi 

Booting for the first time

To boot for the first time, we need to have a monitor with an HDMI connection interface, a keyboard, a mouse, power on adapter and connect an Ethernet cable…

Read more >> http://bit.ly/2cQ71BP

Article comes from Hakin9 Issue Vol. 11 No. 08 “The Power of Scapy”. If you would like to read the whole article, you can buy the whole Hakin9 Issue here >> http://bit.ly/2cQ71BPh9-378x533

 

 

October 31, 2016

Leave a Reply

avatar

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013