Updated 10/30/2018 1:50pm

One of the hardest task as a Professor is teaching theory. Students read their books, listen to your lectures, review the PowerPoints, and the light bulb does not come on until practical meets theory. To bring the textbook to life, we have to think outside the box and apply what we have learned. In this project, we will be building a portable penetration testing device using a Raspberry Pi. This project will involve hardware, software, linux, and networking skills.

Materials Needed

  • 1x Raspberry Pi3
  • 1x 8gb or 16gb Class 10 MicroSDHC card
  • 1x MicroSDHC Reader/Writer
  • 1x USB Raspberry Pi 3 Power Supply 5V 2.5
  • Etcher
  • Keyboard, Mouse, Monitor, and Internet Access

High Level Overview

  1. Download kali linux for the Raspberry Pi
  2. Download Etcher
  3. Write the image to the MicroSDHC card
  4. Boot the Raspberry Pi and Login as root/toor
  5. Change the password
  6. Change the hostname
  7. Update and Upgrade
  8. Reboot
  9. Test Kali

All programs and files can be downloaded on campus by browsing to the student FTP server and entering the username and password for the account. The purpose of this FTP Server is to ensure that the files are secure, tested, and have not been modified. 

Future Use: If you wish to do the complete install of kali on your own for practice, please follow all of the steps and download your image from Offensive Security.

Step-by-step Instructions

Disclaimer: Please type all commands below when directed. Copy and paste the code at your own risk. The copied code may contain spaces, hidden characters, and/or other HTML code not suitable for python or bash scripting. 

Step 1 – Download Kali Image

First, you will have to download the KSU Kali 2018_10_v1 image from the FTP server.

Step 2 – Download Etcher 

Next, you have to write the image on the SD card. Connect the SD card to your computer using a micro SD card adapter. Open Etcher and follow the three steps on the screen. When Etcher is done flashing,  eject your SD card. I decided to go with Etcher as it reduced the number of steps required. I am leaving the other tools as an alternative.

  • Etcher Download – This software is used to flash an image on top an sdcard without the risk of wiping your computers hard drive. Very simple to use.

Step 3 – Power Up and Login 

Carefully insert the sdcard into the sdcard slot on the Raspberry Pi. Connect a keyboard, mouse, monitor to the Pi. Once everything is connected, power up the Pi. If everything the steps you have completed so far are correct, the lights will flash and the Pi will start to boot. Once it has finished booting, you will be asked for a username and password.

  • The default username is ‘root ‘
  • The default password is ‘toor ‘
  • Click on “use default config “

Now connect to the internet. If your computer is near your router I switch, it is best to connect directly with an Ethernet cable for the purpose of speed. You may also connect via wifi the same as you would any other computer.

Step 4 – Connect via SSH (ADVANCED: Optional, however, this is my preferred method.)

Although not required; my preference is to complete the remaining steps from another computer using Putty to ssh into the Raspberry Pi. I have personally had the monitor attached to the Raspberry Pi go black and the mouse unresponsive during this process. If you have to power off the Raspberry Pi due to unresponsiveness, you will have to start over from Step 2. In order to connect to your Pi via Putty, you must download and install Putty, enter the IP or Hostname of your Pi and port 22 is the correct port. To obtain your ip address open terminal on the Pi and type “ifconfig”. There are 5-7 pop-up screens throughout the beginning of the install. These must be answered for Kali to install. Accept the defaults. All other steps may be completed as documented.

Putty

SSH

Step 5 – Change Password

root@kali:~#sudo passwd

Follow prompts on the screen

Step 6 – Change Hostname and Reboot (Optional, but wise!)

root@kali:~#sudo hostname

root@kali:~#sudo shutdown -r

*** If you are using the KSU_Kali_2018_10_v1 image, you can proceed to set up KSU Raspwn!

Step 7 – Run an Update and Upgrade (learn more)

root@kali:~#sudo apt-get update&&sudo apt-get upgrade -y

Depending on your internet speed, this could take about 25-45 minutes. When complete run the next command.

root@kali:~#sudo shutdown -r

Step X – The “Raspi3-Firmware” Fix

Edit fstab

sudo nano /etc/fstab

Add the code below to the bottom of the file and save

tmpfs /boot/firmware tmpfs rw 0 0

Save and Exit by Pressing Ctrl+O then Ctrl+X

Mount Folder

sudo mount /boot/firmware

If the folder does not mount, simply reboot and compete the last step

Copy Firmware to Boot Folder

sudo cp /usr/lib/raspi3-firmware/* /boot/

Reboot

sudo reboot

At this point you have setup your Raspberry Pi, downloaded an ARM image of Kali Linux, flashed it to an sdcard, booted your Raspberry Pi, logged in and changed the password. Now it’s time to setup a vulnerable Raspberry Pi to pentest and learn a few pentesting tools.

Related articles

Leave a Reply