Due to the impact of the pandemic, I have spent more time at home, and finally have the opportunity to tinker with the Raspberry Pi 4B that I purchased last year. During a large-scale offensive and defensive exercise last year, I heard about the incredible operation of using a drone + Raspberry Pi for wireless WiFi attacks, which amazed me. I have always wanted to try it myself, so today I will first install the penetration testing tool Kali Linux on the Raspberry Pi.
0x01 About Raspberry Pi
The Raspberry Pi is a small computer the size of a credit card, using an ARM architecture processor produced by Broadcom. It has memory ranging from 256MB to 4GB and mainly uses SD or TF cards as storage media. It is equipped with USB interfaces, HDMI video output (which supports audio output), and RCA output, and has built-in Ethernet/WLAN/Bluetooth network connections. Despite its small size, the Raspberry Pi has all the components of a regular computer, and most tasks that can be done on a regular computer can also be done on the Raspberry Pi. Its low power consumption, portability, and GPIO features make it suitable for many tasks that are difficult to accomplish on a regular computer, such as the recently popular “Close Source Penetration”.
0x02 Installing Raspberry Pi Accessories
When purchasing a Raspberry Pi, having just the mainboard is not enough. To be able to burn the system on the Raspberry Pi and extend its lifespan, beginners generally need the following accessories:
Power Supply*1 (Power parameters are 5V, 3A) SD Card*1 (16-32G) + Card Reader*1 Heatsinks*1 Set Case*1 Cooling Fan*1 Monitor*1 HDMI Cable*1 Keyboard*1We need to install the heatsinks, cooling fan, and case. First, stick the three heatsinks onto the corresponding positions and use a screwdriver and screws to fix the board and case. Then, insert the cooling fan’s connector into the Raspberry Pi’s mainboard. It is especially important to plug the red and black wires of the fan into pins 4 and 6 respectively (as shown in the picture); if plugged incorrectly, the fan will not turn on.
Then, use a screwdriver and screws to fix the cooling fan to the case, being careful not to tighten the screws too much, as this may affect the fan’s cooling. After installation, it should look something like this:
0x03 Burning Kali Linux System
After installing the accessories, the next step is to burn the system for the Raspberry Pi. First, go to the official website (https://www.offensive-security.com/kali-linux-arm-images/) to download the Kali Raspberry Pi system image:
Select an image to download based on your situation. However, the official download speed is very slow, so you can use another download link:
https://linuxtracker.org/index.php?page=downloadcheck&id=4a72f1c79fae44db6a398f932c30de9bf61b8cd6 Then, you need to burn the image into the prepared SD card, which can be done using Win32DiskImager:
In Win32DiskImager, select the Kali image file we downloaded as the image file, select the SD card we are reading as the device, click write, and wait for the progress bar to reach 100%. The Kali Linux system will then be successfully written. After that, remove the SD card from the card reader, insert it into the Raspberry Pi, connect it to the monitor with an HDMI cable, plug in the power supply and keyboard, and if all goes well, Kali will be installed on the Raspberry Pi:
0x04 Autostart Configuration
After installing the Kali system on the Raspberry Pi, to take advantage of the portability of the Raspberry Pi, we cannot connect to a monitor every time, so we need to configure two settings: automatic WiFi connection and automatic SSH startup, so that we can control the Raspberry Pi via SSH.
1. Automatic WiFi Connection Settings Here I encountered some issues, but the final successful method is as follows: Enter the /etc/wpa_supplicant directory and use the system’s built-in wpa_passphrase command to create a configuration file:
# cd /etc/wpa_supplicant/# wpa_passphrase "ssid" "12345678" > wpa_supplicant.confThe first parameter is the SSID network name, and the second is the key, which will be written to the wpa_supplicant.conf configuration file. Then, we edit the /etc/network/interfaces file and add the following configuration at the end, which means to start the wlan0 network interface and load the just added configuration file to connect.
auto wlan0 allow-hotplug wlan0 iface wlan0 inet manual wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf iface default inet dhcp2. Autostart SSH Kali SSH has security controls, and by default, the SSH service is not enabled, nor does it allow the root user to log in remotely, so the following configurations are required: (1) Modify the /etc/ssh/sshd_config file, uncomment #PasswordAuthentication no, and change PermitRootLogin no to PermitRootLogin yes. (2) Execute update-rc.d ssh enable to set it to autostart.
In this way, after the Raspberry Pi starts, it will automatically connect to the WiFi hotspot we set and start the SSH service. Our computer can SSH into the Raspberry Pi as long as it is connected to the same WiFi, which is very convenient.
0x05 The Pitfall of Emergency Mode
In actual use, it is often found that the Kali system on the Raspberry Pi starts, but the SSH service does not autostart. Analyzing with a monitor, I found that the Kali on the Raspberry Pi enters emergency mode every time it starts, instead of starting normally, and emergency mode does not automatically start SSH. After checking some information online, it may be due to directly cutting off the power when shutting down the Raspberry Pi, causing file corruption on the SD card. The repair method is as follows:
sudo umount /dev/sdb1 sudo umount /dev/sdb2 sudo fsck /dev/sdb1 sudo fsck /dev/sdb2This will repair the issue of entering emergency mode every time. Note that when shutting down the Raspberry Pi, do not cut off the power directly; use the poweroff command to shut it down.
At this point, we have successfully installed Kali on the Raspberry Pi, and all the penetration tools in Kali can be used just like on a computer. If you want to perform wireless WiFi attacks, you can use the built-in aircrack-ng tool in Kali.
So, next time during the exercise, let’s see if there is a drone hovering outside the office building, and whether it is carrying a Raspberry Pi~