15 steps to start with Kali Linux on Raspberry Pi

I recently installed Kali Linux on my Raspberry Pi and I will give you some tips to start on this distribution

How to install Kali Linux on Raspberry Pi and what to do with it?
Kali Linux images are available on the official website, so you can easily install it by copying them to your SD card using a software like Etcher.
You can then configure it your way and test the security tools included in this distribution

In this article, I will explain in 15 steps how to get started with this hacking distribution on Raspberry Pi :

  1. Presentation of Kali Linux
  2. Download Kali Linux images for Raspberry Pi
  3. Create a new SD Card with Etcher
  4. Install Kali Linux
  5. First login
  6. Connect to your Network
  7. Set a static IP address
  8. Expand SD card partition
  9. Enable SSH and VNC
  10. Changing MAC Address
  11. Hack WiFi password
  12. Brute force
  13. Packet Analyzer
  14. SQL Injection
  15. Vulnerabilities exploit

Feel free to use the table of contents below to go directly to what interests you the most

1 – Presentation of Kali Linux

Kali Linux is a Debian-based Linux distribution, which includes security and penetration testing tools
Formerly known as Backtrack, it is used by many security companies and also by hackers
Associated with Raspberry Pi, it turns it into a perfect hacking kit

Kali Linux is available for the ARM architecture, so its installation is relatively simple. We will now see how to install it on your Raspberry Pi

2 – Download Kali Linux images for Raspberry Pi

Images for the ARM architecture are available on this page of the official website
The download can be done only by Torrent protocol

Expand the “Raspberry Pi Foundation” menu and download the corresponding .torrent file for your machine (the first link I think)
Open the .torrent file in your favorite software and wait a few minutes for the download to complete

If you don’t know Torrent, download and install a software (Transmission, Vuze, Deluge, BitTorrent, …).
On Ubuntu, for example, Transmission is part of the basic packages already installed

3 – Create a new SD Card with Etcher

Now that we have recovered the image of Kali Linux, we will have to create an SD card to install and use it later.
If possible, I advise you to install it on another SD card than your Raspbian, so you do not have to redo everything if you come back on Raspbian (8Gb minimum)

As usual, we will use Etcher to create our SD card
If you don’t have it yet you can download it from the official website, it is available for Linux, Windows and Mac OS and will make your life easier

Once Etcher is installed and launched, select your image and your SD card then start the copy
It’s pretty long to copy; it took about 30min for me

4 – Install Kali Linux

There is nothing to do 🙂

Just insert the SD card into your Raspberry Pi and start
Kali Linux will start directly to the login screen
No questions or other, insert, start, wait

5 – First login

Once Kali started, you need to login

The default identifiers are:
– login: root
– pass: toor

It is mandatory to change them quickly
You can change it by launching the terminal and typing the command:

passwd

Keyboard layout

If you do not have a US keyboard, you can change the layout in the Settings, Keyboard options
But be careful, on the login screen you will keep the US layout for the moment, so choose your password knowing this if you want to use it with desktop

6 – Connect to your Network

We are talking here only about networks in DHCP, if you must necessarily define a fixed IP address, look at the following step

Warning, the network connection is not possible until the root password has been changed

Ethernet:

Just connect the RJ45 cable to your Raspberry Pi and wait a few seconds for an IP address to be assigned to it, there is nothing else to do

WiFi:

On the Kali desktop, click on the network icon at the top right, and choose the SSID of your wifi network
Type the password of your access point, and wait a few moments

Get your current IP address:

Whatever your connection mode, you can retrieve the IP address obtained with the ifconfig command
The addresses are indicated on the second line of each interface, after the keyword “inet”

eth0 = ethernet, wlan0 = WiFi

 

I advise you not to activate both at the same time, even if it works I had problems of response time by moments, probably a problem of routing (I didn’t look any longer, but by disabling the wifi I had no problem)

7 – Set a static IP address

A static IP address will allow you to choose the IP address associated with your Raspberry PI, and therefore find it more easily later

To set a static IP open the /etc/network/interfaces file

nano /etc/network/interfaces

You will see something like this

auto eth0
iface eth0 inet dhcp

Replace it with these lines

auto eth0
iface eth0 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.1
nameserver 8.8.8.8

Replace the IPs indicated by what fits your network

Reboot your Raspberry Pi or unplug/plug the network cable to update your IP

You can do the same thing for your WiFi connection by replacing eth0 with wlan0

8 – Expand SD Card size

By default, Kali Linux will launch on a partition of about 8GB, whatever the size of your SD card, using 95% of it

Therefore, most of the time, it’s necessary to extend the partition to take into account the total capacity of the SD card
In my case, the disc / was full when I used a 64GB card …

To expand the capacity, you have two methods

Raspi-config

As Kali is based on Debian, you can add raspi-config to extend the size of the partition
For this follow the following steps:

  1. Download raspi config package
    wget https://archive.raspberrypi.org/debian/pool/main/r/raspi-config/raspi-config_20180406+1_all.deb

    Feel free to browse the folder to get the last version

  2. Install it
    dpkg -i raspi-config_20180406+1_all.deb

    You could have some dependencies warning.
    The next step will fix this

  3. Fix dependencies if needed
    apt-get -f install

Raspi-config is now available so that you can expand the filesystem with :

raspi-config

Take the first choice and reboot

Classic Linux tools

As we are on a Linux, a Debian to be precise, it is possible to use the classic tools of partitioning (fdisk, parted, gparted, …)

I will not go into detail here because I found that Raspi-Config did the job very well, but if you have to do otherwise you have to look for tutorials for Linux, which will perfectly fit the Raspberry Pi

Update Kali

Now that you have more space on your disk don’t forget to update your system

apt-get update && apt-get upgrade

 

9 – Enable SSH and VNC

Now that we have a fixed IP address, it’s time to make our Raspberry Pi accessible from another network computer

Enable SSH

Usually SSH is installed by default.
If you don’t have access, it’s probably because you need to start the service:

service ssh start

Install VNC

VNC will allow you to have access to a remote desktop on your Raspberry Pi

To install it follow the following steps:

  1. Update your repository
    apt-get update
  2. Install TightVNC Server
    apt-get install tightvncserver
  3. Start the service and set the password
    vncserver

You can now connect to your Raspberry Pi on Kali Linux with any VNC Viewer
For example, on Ubuntu :

sudo apt-get install xtightvncviewer
xtightvncviewer 192.168.1.200:1

Remember that VNC is not a secure protocol, and if you use it at home it’s ok, but in a more extensive network it is better to use it through an SSH tunnel for example

10 – Changing MAC Address

Overview

A MAC address is a unique identifier for each network adapter. It depends on each manufacturer and it’s often used to give access to a specific part of the network to restricted computers. A DHCP server can also assign always the same IP to a MAC Address
For example, you can configure your WiFi network to whitelist your MAC address, and prevent anyone else from connecting to it

MacChanger is a tool which allows you to do MAC address spoofing, i.e. to pretend to be someone else

Usage

Install it if needed

apt-get install macchanger

See your current MAC Address

ifconfig eth0

Disable your network card

ifdown eth0

Get a random MAC address

macchanger -r eth0

Set a specific MAC address

macchanger -m XX:XX:XX:XX:XX:XX eth0

Reboot to reset and get the standard MAC Address

11 – Hack wifi password

Overview

AirCrack-NG is one of the most known tools in Kali Linux.
It’s a complete suite of tools to test the wireless security of a network
It provides tools for monitoring, attacking, testing and cracking WiFi networks

Usage

You must disconnect WiFi on your Raspberry Pi before starting

Then check that your network card is compatible (it is):

airmon-ng

Start monitoring:

airmon-ng start wlan0

Show wireless network available:

airodump-ng mon0

And you are ready to go
I’ll let you watch a dedicated tutorial on this topic for the future if you’re interested

12 – Brute force

THC Hydra

Overview

Brute force is a password cracking method, that try passwords from a dictionary or other, and try all the possibilities until it works

Hydra is a tool to make very fast brute force from a Kali Linux software and which supports a lot of protocols

Usage

First, you will need a list of passwords and put it in a file, like /root/passwords.txt (one per line)

Then you can try it, for example, I have decided to brute force SSH on my computer from the Raspberry Pi:

# hydra -l root -P /root/passwords.txt -t 6 ssh://192.168.1.51

If I check in my /var/log/auth.log, I can see tries from the Raspberry :

Aug 12 15:55:37 PingusPC sshd[2481]: Failed password for root from 192.168.1.22 port 37226 ssh2
Aug 12 15:55:37 PingusPC sshd[2487]: Failed password for root from 192.168.1.22 port 37234 ssh2
Aug 12 15:55:39 PingusPC sshd[2482]: Failed password for root from 192.168.1.22 port 37228 ssh2
Aug 12 15:55:39 PingusPC sshd[2484]: Failed password for root from 192.168.1.22 port 37232 ssh2

13 – Packet Analyzer

Overview

A packet analyzer (or sniffer) is a tool that can intercept traffic from the network and capture it to analyze it

On Kali Linux, you can use Wireshark, which is the most used tool to analyze network traffic
It’s a graphical tool, but you can capture packets with tcpdump or something else, and then open it with Wireshark

Usage

You can find the app in the Applications menu, under Sniffing and spoofing

Start it and then go to Capture > Start
You will now see all packets from the network
Click Stop when you want

Then there is a lot of features that you can use to filter or analyze what you have captured

wireshark

14 – SQL Injection

Overview

SQL injection is a technique for attacking insecure applications, including injecting code into user fields that are not protected

This technique is mainly used to attack websites
For example, if you replace a parameter of the URL, say ?user=yourname by something like ?user=yourname ‘ OR 1
If the field is poorly protected, the SQL query will be modified and will return all the data, not just those of your user

On Kali Linux, the sqlmap tool allows testing SQL injection vulnerabilities

Usage

Sqlmap is a straightforward tool to use

You only need to indicate the URL of the page to be tested, something like this:

sqlmap -u https://www.domain.com/?p=123

Once you have found a security hole, it is possible to dig deeper with this tool to see what you can get. But the best thing to do is to fix it 🙂

15 – Vulnerabilities exploit

Overview

Metasploit is a tool that will allow you to validate vulnerabilities and use them
Metasploit enables you to automate the process of discovery and exploitation and provides you with the tools required to perform the manual testing phase of a penetration test

Usage

Install Metasploit with apt :

apt-get install metasploit-framework

Then you can start it in Applications > Exploitation Tools > Metasploit framework

This tool will initialize and start a terminal that will allow you to use this software

For example, you can use nmap in the framework:

db_nmap -v -sV 192.168.1.51

You can also retrieve information about a known vulnerability, and try to use it

db_rebuild_cache
search CVE-2018-9864
use exploit/folder/folder/name

Replace the search parameter with your vulnerability ID and use the exploit path displayed in the search results

Conclusion

We learned how to install Kali Linux on Raspberry Pi, the first steps of the system configuration, and some exciting tools to use on this distribution

As I said at the beginning, this article is not exhaustive. There are hundreds of apps and most are quite complicated to take in hand which would require an article each, but it was not the goal here

I still hope you understand the basics and that this article made you want to try 🙂

Leave a Comment