Attacking Pixels - Adam Robinson

Hi, I’m Adam Robinson, a software engineer and maker based in London

Take a look at my projects and experiments.

Home

Search 20 Posts

Getting Started with Ethical Hacking

Posted 2 years ago - 10 min read

Tags : Cyber SecurityEthical HackingGetting Started

If you’ve decided to learn ethical hacking you may be wondering what to learn first and how to get set up. I’m going to attempt to outline the cheapest and most flexible set-up to begin learning the core skills of ethical hacking using a Raspberry Pi running Kali Linux.

Kali Linux the Operating System for Network Hacking

When you’re beginning to learn ethical hacking the operating system I’d recommend you start playing around with is Kali Linux. Kali has a great community of beginners, who have already encountered most of the issues you’ll probably experience and as a result, there’s a lot of help out there which you can find from a simple Google search. The Kali Linux distro also comes preloaded with a bunch of useful tools such as Wireshark and Aircrack which you’ll probably want to experiment with.

Kali Linux Logo

Now you’ve landed on Kali Linux you’ll probably be thinking whether you should you run this as a virtual machine or whether you should just install it on your computers hard drive? But, in general, it’s not a great idea to run a hacking distribution or something you’re going to be downloading new unknown modules on and experimenting with on the system that you use for your everyday life!

Why choose a Raspberry Pi?

A much better idea is to separate this and install it on a different computer. Most people out there however don’t want to buy a new laptop to start learning about something new. We’re going to explore something a little different that’s kind of a compromise and that’s the Raspberry Pi. This is great for anybody learning about ethical hacking because it can run Kali Linux and allows you to visualise all your tools as modular Lego bricks, you can build a whole host of configurations of the Pi through just plugging a couple of things into it, thus making something work for your use case.

Rabsberry Pi Network Sniffer

With a Raspberry Pi, you can segment away all the experimental stuff you’re doing from the things that you want to keep safe. In the unlikely worst-case scenario, if your Raspberry Pi was to get fried or if it’s an operating system were to become corrupted you could just replace an SD card, reformat the old SD card or even just get a new Raspberry Pi as they’re relatively cheap. It doesn’t matter in the same way it would if you were to mess a nice MacBook Pro or high-end gaming PC.

What extra hardware do I need?

Raspberry Pi’s run their operating system off MicroSD cards. When you get your Pi to make sure you have a MicroSD card which is at least 16Gb capacity, any smaller and you may run into issues depending on which version or image of Kali Linux you choose to install.

To directly interface with your Pi I’d recommend a Bluetooth keyboard with a trackpad. If you’re planning on taking your Pi rig out and about with you this is a little more portable than a wired setup. Word of advice, go for a keyboard with a standalone USB Bluetooth receiver. Raspberry Pi’s do have onboard Bluetooth but it can sometimes be a bit of a nightmare trying to set up one of these keyboards with it.

Raspberry Pi also have onboard Wi-Fi, however, it’s more like command-and-control Wi-Fi where you can log into the PI and tell it to do things. You should not be using the internal wifi hardware for hacking as it’s just not suited for it. it doesn’t have the right chipset or the range.

For wifi hacking, you’ll one of the following external wifi adapters

  • ALFA AWUS036NEH Long Range (This is my personal favourite)
  • TP-LINK TL-WN722N 2.4GHz (Version 1 only!)
  • PANDA PAUO5
  • PANDA PAUO6
  • PANDA PAUO7
  • PANDA PAUO9
  • ALFA AWUSO36NH 2.4GHz
  • ALFA AWUSO36NHA 2.4GHz
  • ALFA AWUSO36ACH 802.11ac AC120
  • ALFA AWUSO36H

These adapters all can be set into monitor mode and do things like packet injection. They’re great because you can just plug them into the Raspberry Pi running Kali Linux and get started on most of the modules that you would use to hack Wi-Fi or do stuff over a network due to their Kali compatible chipsets.

All these add ons combined are a great setup. You can start mixing and matching these things like a Lego set almost depending on what kind of prototype you want to create. You can just plug in a GPS receiver like the (GlobalSat BU-353) and a wireless network adapter and suddenly you have everything you need for a wardriving rig which allows you to walk around town detecting all of the wireless networks nearby, their location and their security.

Kali for The Rabsberry Pi with the Re4son Kernal

To get Kali playing nicely with the specific hardware on the Raspberry Pi / Pi 0 models, such as the built-in Bluetooth and the GPIO pins I’d suggest installing the Re4son-Kernel for Raspberry Pi (Sticky Fingers). This is a fork of Kali for Pis which was developed for custom drone projects. It has the added benefit of having generic touch screen drivers out of the box. This allows you to mount a little 3.5” touchscreen to the GPIO pins on your Pi if you see fit.

Installing Kali Linux on your Pi

Once you’ve downloaded the sticky-fingers Pi image you’ll want to use a program such as Etcher (Mac) or Rufus (Windows) to flash the image to your SD card producing a bootable image which the Raspberry Pi relies on to start. Once this has been completed safely eject your microSD card, bung it in your Raspberry Pi and power it up. You’ll need a keyboard and mouse to interact with your pi so don’t forget to plug these in too!

The first thing you’ll be confronted by is a when initially booting Kali is a login prompt asking you for your username and password. These are the same on virtually every Kali Linux distribution when it’s first installed so it’s really important to make sure to change these, otherwise, anybody will be able to log into your Kali Linux instance or execute commands as root which is exactly not what you want as most malicious scripts will attempt to automate attacks like this for people who do not change their default username and password.

Be sure that anything you set up you always check out and change the default password. On the Sticky Fingers Kali image, the default username is roots and the default password is toor which is root backwards. On newer versions of Kali Linux, the default are now username : kali & password : kali. Once logged in you will be taken the graphical user interface of Kali Linux.

This is the most straight forward way of interacting with your Pi, however, you may opt to use VNC. VCN can share the Pi’s GUI to a phone screen or even your laptop screen. You may also decide to SSH into your Pi which will provide you with remote command-line functionality.

Configuring Kali Linux

There are a few core things that we need to do to have your Pi set up ready for hacking, the first as already mentioned is to change the default password, secondly, you’ll need to replace the default SSH keys and update the permissions so you can use SSH to connect your PI wherever you are. Setting up SSH is always good to have as a backup, even if you’re using VNC. Finally, to use SSH you need to have the Pi boot up without getting stuck behind the login portal which asks you for the username and password.

Change Kali Default Password

To change the default password type the following into the terminal and go ahead and change it to something more secure.

# sudo passwd

Generate new SSH Keys for Kali Linux

Next is setting up SSH login. First, we’re going to want to change the default keys supplied with Kali as it’s not secure to be SSH’ing into your Pi using the defaults as anybody could potentially listen in on your communications with the device, see what you’re doing or even man-in-the-middle or perform some other form of attack on you.

To generate new SSH keys is pretty simple. You can achieve this through the following terminal command.

# sudo dpkg-reconfigure openssh-server

It takes a few seconds to generate the new SSH keys. Once finished we can remove the old ones and switch to using the new ones with the following terminal commands.

# update-rc.d -f ssh remove
# update-rc.d -f ssh defaults
# sudo service ssh restart
# update-rc.d -f ssh enable 2 3 4 5

update-rc.d is used for adding and removing services from startup. The last command ensures these changes persist after a reboot.

Deactivating login screen

Finally, we need to take care of the problem with the authentication portal asking for the username and password before loading the desktop. To do this with the re4son-kernal use the following terminal commands:

# cd /usr/local/src/re4son-kernel_4\*

The asterisk at end of this command will automatically grab the re4son kernel v.4 directory which you have installed. With the directory selected use the following terminal command

# sudo ./re4son-pi-tft-setup -a root

this will cause a reboot so that’s why we’re doing it last. Once rebooted the device will boot directly into desktop and as you will not encounter any sort of login portal! If you’ve followed this successfully you’ll have a Pi that automatically logs in starts SSH by default and then is ready to be logged into and controlled remotely as soon as it starts up.

A further step for you might be setting up VNC so you can see your graphic desktop from your phone or laptop, but I won’t cover that here. You’re ready to start exploring the many different hacking tools Kali has to offer!

What projects could you explore with your Pi?

  • A Wi-Fi grenade is a relatively simple setup where you add a wireless network adapter with a reasonable range to the Pi. With this, you could control network access within the area of a small house or a building. This method consists of building a list of every network device that’s broadcasting within range and then selectively de-authenticating them so that they can’t connect to their respective networks. For an even larger area or for a limitation test you could add a 2.4 / 5 GHz antenna. For monster range, you could add a giant 9 dbi network adapter which could cover an entire street or office.

  • A Wardriving Pi. Collect GPS data with a receiver and append it to network packets, allowing you to scan and geolocate every misconfigured or poorly secured wireless network within a large geographic area while you’re driving around. You could put this set up in your backpack and simply walk around an area you’re doing a penetration test in. Very quickly you’ll have a list of every network-connected device even down to printers. Check out the python script I’ve written which can be deployed for network sniffing on a Wardriving Raspberry Pi in the same configuration outlined in this Quickstart guide.

Adam G Robinson
Crafter. Explorer. Coder. 🇬🇧