Raspberry PI 2 - Kali Linux



This is my first Raspberry PI yes the Raspberry PI 2 , the pi has a lot of use cases and hobbies people work on but however for me it's more relevant to use it as a 'throw-away hackboxes' (a phrase I picked from Offensive Security) I do it for educational purposes.

Below I shall let you know what you need to do in an orderly fashion to setup kali in the new Raspberry pi and ssh through an OSX machine. Please note the credit goes to the original authors and their articles here, again my intention is to summarise all the various steps together at one place.

https://www.offensive-security.com/kali-linux/raspberry-pi-luks-disk-encryption/
here
http://www.thesecurityblogger.com/installing-and-troubleshooting-kali-linux-on-raspberry-pi/
here
http://docs.kali.org/kali-on-arm/install-kali-linux-arm-raspberry-pi
here
https://www.kali.org/news/kali-linux-metapackages/


1. download the latest Kali RPi image (1.1.xx), extract it, and dd it to the SD card (incase you don't know the device it's loaded to, do a diskutil list

2. Next you need to unmount your SD card by issuing diskutil unmountDisk /dev/disk1 assuming our microSD is on disk1 (make sure you have the right disk number from the previous step)

3. Format the SD card by using the command sudo newfs_msdos -F 16 / dev/disk1 command (again make sure you use the right disk number)

4.Use the command sudo dd if=~/Downloads/kali-1.xx.xx-rpi.img of=/dev/disk1 (take care of the disk number again)

Wait... 

5. Insert the MicroSD card into the PI, allow the system to boot

6. Use standard login and password for Kali, type startx command at the shell prompt to start up the XFCE desktop environment.

7. Update & Upgrade apt-get update & apt-get upgrade respectively

8. change your SSH host keys as soon as possible as all ARM images are pre-configured the same keys and also change your root password

root@kali:~ rm /etc/ssh/ssh_host_*
root@kali:~ dpkg-reconfigure openssh-serverroot@kali:~ service ssh restart

9. Setup tightvncserver

apt-get install tightvncserver

10. tightvncserver 

11. Paste the content. Change resolution if necessary.
#!/bin/sh
### BEGIN INIT INFO
# Provides: tightvncserver
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start vnc server
# Description:
### END INIT INFO

case "$1" in
start)
su root -c 'vncserver :1 -geometry 1024x768 -depth 16 -pixelformat rgb565:'
echo "VNC Started"
;;
stop)
pkill Xtightvnc
echo "VNC Terminated"
;;
*)
echo "Usage: /etc/init.d/tightvnc {start|stop}"
exit 1
;;
esac

12. Let the file to be executable

chmod 755 /etc/init.d/tightvnc

13.Refresh global service configuration

update-rc.d tightvnc defaults

14. Restart system
reboot

15. By default Kali version will not have the metapackages install them 

apt-get update && apt-cache search KALI-LINUX-TOP10 

I went for Kali linux top10 as I have a space restriction. 

Note: Gui doesn't start automatically but I SSH and then issue startx command to start the xfce desktop. I'm in OSX and currently using Chicken of the VNC, I need to move to native OSX.



Popular posts from this blog

The correct way to install Jython (for Burpsuite)

You need to install Jython the correct way in order to ensure some of the Burp plugins work correctly. Some of these Burp plugins depend on Python libraries for e.g. requests, so installing Jython and then using  $ wget https://repo1.maven.org/maven2/org/python/jython-installer/2.7.2/jython-installer-2.7.2.jar $ java -jar jython-installer-2.7.2.jar -s -d /path/to/install/jython -t standard Further for e.g. if you need requests install it like this: Download requests-2.25.1.tar.gz from the official repo ( https://pypi.org/project/requests/#files ), then go to that directory in terminal, and type the following command, java -jar /Users/brutus/Downloads/jython-standalone-2.7.2.jar setup.py install
Read more

RFID cloning with Proxmark3 Easy

Image
In this post, I would like to explain how in a recent Red Team engagement, I successfully managed to clone an RFID Access Control card and gained entry into the premise. #TheKit The client was using HiD 125khz cards. I used "Proxmark 3 Easy" which is a low cost RFID cloning kit, is a stripped down version of the real “ Proxmark 3 RDV 2 ”. The "Proxmark3 easy" does not support several things like battery, relaying and doesn't have an amplifier, also it has a smaller memory. But the device is quite sufficient during a Red Team Physical engagement. It looks something like this when you order on Amazon. I wanted to build a mobile RFID cloning kit and use it for my Red Team engagements, but note with this setup the scanning distance of 6cm is useless in real engagements, I'm not that brave enough and you really have to get up close to clone a card so the setup initially didn't work, however I got lucky and me and my partner found a lost targe...
Read more

Extracting an IPA; App distributed through Testflight

So in one of my iOS app pentest the app was distributed on TestFlight, I needed a clean IPA to makesure, I review the app after unpacking it. The option was for me to use a Jailbroken device and use Ext3nder, which allows the app to be re-packaged. Once you do that you could use SCP to download the IPA and use it to analyse or side load through xCode.
Read more