Set Up an Ethical Hacking Kali Linux Kit on the Raspberry Pi 3 B+ [Tutorial]

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you've decided to learn ethical hacking you may be confused with what to learn first it can also be expensive to get started so we want to show you the cheapest and most flexible way to begin learning the core skills of ethical hacking using a Raspberry Pi 3 running Kali Linux [Music] [Applause] [Music] when you're beginning to learn ethical hacking the most likely operating system you'll be using is Kali Linux now this is because there's a great community of beginners and other people who have already encountered most of the issues you'll probably experience and as a result there's a lot of help out there both from different forms and from just a simple Google search so to run Kali Linux you'll need to decide if you want it want to run it as a virtual machine or if you'll want to install it on your hard drive but in general it's not a great idea to run a hacking distribution or something you're going to be downloading new unknown modules on and kind of experimenting on the system that you use for your kind of everyday life now a much better idea is kind of segmenting that and installing it on a different computer but not many people want to actually install like a new operating system in order to start learning about something new I actually buy a new computer in order to start learning about something new so we're going to explore something a little bit that's kind of a compromise and that's the Raspberry Pi 3 now this is great for anybody learning about ethical hacking because it runs Kali Linux and allows you to kind of see this as like a Lego piece where you can build other things off of it and create what's kind of like a prototype or an idea that relies on just plugging a couple of things into this and making it work so that's really cool because it allows you to segment away all the experimental stuff you're doing from the things that you really want to keep safe and if this were to get fried or if it were to become corrupted you could just replace the SD card reform out the SD card or even just get a new pie they're cheap so it doesn't really matter the same way it would matter if you were to mess up like a nice MacBook Pro or a nice gaming PC so when you have one of these you're going to need to pay attention to the SD card now the SD card is actually a micro SD card this is just an adapter and this is how small it really is so this little SD card does matter and you need to pick one that's at least 16 gigabytes because if it's smaller you can run into issues depending on what version or image of Kali Linux you're trying to install now this is a SanDisk Extreme plus and we recommend these because they're super super fast and they work well with Callie so if you're having an issue with your card and you suspect that it might be related to the speed of the of the card maybe your operating system is too slow this would be something you could try to maybe see if that was the issue now if you want to directly interface with your PI you're going to need to have some sort of interface device and we recommend a keyboard like this which is a little re keyboard we got off Amazon in particular the one with a little laser on it is really useful there's some other brands out there and this one also gives the ability to connect via this little little USB dongle rather than the advertised Bluetooth model which we find did not work very well even though the Raspberry Pi does have bluetooth it is a nightmare trying to set up one of these keyboards with them so we really recommend you just get the one that plugs in and doesn't advertise itself as bluetooth just from experience now the Raspberry Pi does have Wi-Fi but it's more like command-and-control Wi-Fi where you can log into the PI and tell it to do things you should not be using the internal card to do hacking stuff because it's just not suited for it it doesn't have the right chipset and you'll need something like one of these cards either something like an alpha card or a panda wireless card these cards all have the ability to go into monitor mode do things like packet injection and they're really good because you can just plug them into the Raspberry Pi running Kali Linux and get started on most of the modules that you would use to hack Wi-Fi or do stuff over a network so that's a really important thing to do if you want to get into a wireless networking or that sort of stuff with the Raspberry Pi you cannot use the internal card to do a lot of the stuff you'll want to do on Kali so make sure that you know you know how you're going to continue your learning experience with kind of what things you'll want to install finally the last thing you'll want to check out is the USB rubber ducky because paired with the Raspberry Pi when you add the twin duck firmware you're able to plug this in have a mount as a USB device and you can actually SSH into your PI from your phone or some other available device right a new ducky script convert it drop it into the into the duck and on site be able to create your own payload within potentially a matter of minutes so it's really cool because you can access the device swap the payload or even choose one of the pre-existing payloads simply by plugging it into the PI and then connecting via your phone over Wi-Fi so it's a really cool way for anybody who's getting into beginning hacking to learn about HID attacks which is human interface attacks like this USB rubber ducky that pretends to be a keyboard in order to execute code and it also teaches you a bit about programming because you have to visualize the steps of what you want to do on another computer and as a result you'll end up learning a little bit about how to abstract those steps write them down into ducky script and then watch them run on another machine so all these things together are a great kind of setup because you can start to mix and match these things like a Lego set almost and depending on what kind of prototype you want to create you can just plug in a GPS unit and a wireless network adapter and suddenly have something like a wardriving kit that allows you to drive around the neighborhood and detect all the wireless networks nearby as well as their location and security if there's an issue there when you first get your PI and may already come with raspbian the official OS of the Raspberry Pi foundation well this is a great Debian based distro we need to install a lot of things before it'd be suitable for hacking now it's worth noting that if you do have a project you're developing on the PI switching - raspbian from Kali can get hardware like bluetooth working more quickly now Kali on the PI has a few quirks and one of those is setting at the Bluetooth the best way we found to do this is just on the Raspberry Pi 3 and the PI 0 W is the reason colonel now this is provided for download on the white dome website at white dome comm au now once you're on the website you can navigate to the reason kernels section so the kernel provides a number of streamlined set of tools that allow you to enable bluetooth on the Raspberry Pi that normally takes a lot of configuration and headache and sometimes just fledged straight up doesn't work this allows nearly kind of on/off functionality to be able to pair any Bluetooth devices you might want to add so to get started you'll need to download the official image from the white dome website so you'll navigate to the reason kernels section and scroll down until you see the link to the image that you are looking for in this case the PI 2 & 3 is what we are going to download but you can also see above here the PI 0 and the PI 0 W is listed as well so by clicking on this image you'll be redirected to the download page and see it has a two point eight gigabyte image for us to download and we've already downloaded that here but if we wanted to proceed we would just click on this and it would download our sticky-fingers Kali PI image there so we'll proceed to our download folder since we already have it and you can see this is the image that we will be loading onto our Raspberry Pi now the way we'll be doing that is by using a program called echar now etcher is a program that burns bootable images to micro SD cards and that's what the Raspberry Pi relies on in order to start so we will open HR which is free and cross-platform and we'll need to identify the image that we want to burn so we'll click on select image and in our download folder we'll have our sticky fingers Kali PI build and next we'll select the SD card that we want to write it to in this case a 32 gigabyte SD card now you'll need to make sure that this is at least 8 gigabytes because anything less will not be able to handle an image of this size so after confirming that you're not over writing something you'll be upset if you erase make sure to click the mass storage device of your choice and finally click flash in order to begin the flashing process and it will ask you to authenticate here now as this flashing process proceeds it will go ahead and burn the image tooth card and then validate it and then eject it so that you can put it into the Raspberry Pi and boot it into Kali Linux when your pi is connected you'll need to plug in a keyboard and mouse to interact with it a USB keyboard mouse combo off Amazon is often a good way to just plug in a little USB dongle and immediately get started controlling your Raspberry Pi now you'll need this because the first thing you'll have to deal with is a little login prompt asking you for your username and password which will be the same on virtually every cable no literally every Kali Linux distribution when it first starts up so it's gonna be really important to make sure to change this because later on anybody will be able to log into your Kali Linux instance or execute commands as root which is super super not what you want and in fact most scripts will attempt to automate attacks like this for people who do not change their default username so make sure that anything that you set up you always check out and change the default password so in Kali Linux the default username is roots and the default password is tor t oor which is root backwards and you can use this to go ahead and log into the the graphic user interface of Kali Linux now this is how we're going to access it now but in the future you can choose to access it via VNC which will share the screen over your phone screen or your computer screen or SSH which will just provide you a command line ability to control the tools and Kali Linux which is actually usually enough so go ahead and click on use default configuration and down at the bottom you'll be able to click on the little terminal icon to open a terminal window now I'm going to enlarge this a little bit so you guys can see a little better and it's important to know that there are four core things that we need to do in order to setup Kali Linux for general use the first as we already mentioned is change the default password the second is going to be to turn on the Bluetooth controller in order to scan Bluetooth or find a device to pair like maybe another keyboard or a mouse or a let's say a speaker if you want to be able to project sound so then you'll need to replace the SSH keys and update the permissions so you can use SSH to connect your PI wherever you are this is super important because it's always a good backup option if you're using VNC and something gets messed up or if you need to login to the PI and see what is going on finally if you're going to use SSH unfortunately you need to have the PI boot up all the way and getting stuck behind the login portal which asks you for the username and password is unacceptable if you're out in the field so fortunately there's a kernel that we're using comes with a really handy setup script that will allow you to set this up with only a couple little options in one quick reboot so after we do that we should have a PI that's ready for hacking so the first thing we'll do is type in password PA SS WD to change the default password and we'll go ahead and change that now to something more secure so it'll make sure that those passwords match and then when it's done it'll say password updated successfully so next up we'll need to setup the Bluetooth which is pretty easily done so in order to do that I'll open a desktop and we'll type in Bluetooth CTL this should start the default agent on Kali Linux or sorry the default agent for the Raspberry Pi that controls the Bluetooth card now the next command we'll type is agent on to make sure that the Bluetooth is turned on and then default agents to load the default profile and once that's successful we can go ahead and start scanning for Bluetooth devices around us with just the commands scan on great so now as Bluetooth devices are discovered around us they will start to appear here and if we find the address of the Bluetooth device we can just copy it and simply type pair and then the MAC address of the Bluetooth device and it will automatically add that in attempt to pair it now we don't have any Bluetooth devices around us right now which is fine because even if we did they wouldn't be the kind that we could add but in the future if you wanted to pair something here I'll just give you a random example you could copy this pair that and you will watch it yeah it failed anyway so that is how you can control the Bluetooth interface if you try to do this manually by installing Blues or other packages it can be a little hairy getting started but this will get you started in just a couple of commands which is very very handy if you want to do some Bluetooth hacking or if you need to figure out how it works so the next thing up is the SSH login so in order to do that you'll need to first change the default keys because it is super not secure to be SS aging into your PI using the default keys because anybody can listen in on your conversation of what you're doing or even man-in-the-middle or do some other sort of attack so to do that is pretty simple type dpkg - reconfigure and then OpenSSH - server now this will take a second as it generates new SSH keys and when it does we will be ready to remove the old keys and start changing the permissions so the next step is going to be to set this up so that we can use SSH whenever we log into Kali Linux and the way we'll do that is by first removing the old keys by typing update - or C dot d tak F SSH removal once that command is run we'll run a very similar command but instead of remove we'll type defaults so you can gently hit up which will bring up the previous command and save time so once we do that then SSH will be added to the defaults run level and we'll be able to enable things like logging in via root so that's important to run certain tools via Kali Linux and it's not usually enabled by default but we'll check it out and make sure that it is enabled because if it's not it can be the root cause of a lot of problems so go ahead and type Nano and then slash etc' / SS h / ssh d underscore config now once we're in here we'll need to scroll down and look for the authentication portion and we'll need to make sure that here we go the permit root login is untapped so it's that mean a tab makes it so that it's not red this is untapped so it is being read and permit root log and says yes as it does here if everything looks good you can hit control X and it'll exit you out and if you made any changes that will ask you to confirm first so finally in order to apply all these changes you'll need to type sudo service SSH restart that will restart the SSH service and make sure that it has applied all the changes we've set now the final command is going to be going to be to make sure that the SSH persistence survives reboot so it'll restart with all the same settings that we put so we'll type again update our C dot d tack F SSH and then enable two three four five now with that command we've set up SSH so that as soon as we boot into Kali Linux it should immediately start running and allow us to connect via a root account and start doing all kinds of cool hacking stuff in Kali now finally we need to take care of that problem with the authentication portal where as soon as we try to log in to Kali Linux it stops us and asked us for our username and password before ludecke low loading the desktop and doing things like connecting to Wi-Fi now there's a handy utility that helps us take care of this where before I had to do a whole bunch of running around to different directories and changing different settings so we'll use that setup tool here instead of going the more confusing route so go to CD slash USR slash local slash s or C / re for som - Colonel PRN al underscore for and then an asterisk and that'll grab any whatever the latest version is and search for whatever is in there here we go so we see twenty eighteen zero one three one is the most current version and that's what it finds so finally in order to set this option and be aware that this will cause a reboot so that's why we're doing it last you will type sudo dot slash re for s o n - pi - TFT - setup tak a and then root so this will allow auto log-in for the root account so the next step will be to press Enter it'll ask if we want to enable auto log-in for user roots and if we press yes you will immediately reboot to apply the changes and if we're successful we should have a PI that automatically logs in starts SSH by default and then is ready to be logged into and controlled remotely as soon as it starts up so we're going to go ahead and press Y and will reboot and see how it works now if this works we should have Kali Linux booting directly into desktop and as you see we did not encounter any sort of login portal so we are directly in our desktop our SSH is ready to go and the next step for you might be setting up VNC so you can see your graphic desktop from your phone or computer which might be necessary for a script like or get in or some other thing that's a multi bash script that has to have several other windows open or you can offer a similar functionality through SSH and just stick to exploring the many different hacking tools Kali has to offer so what can you make with the Raspberry Pi well one of my favorite examples is the example of the Wi-Fi grenade so this is a relatively simple configuration where you just add a wireless network adapter with a reasonable range and you're able to control the wireless network area of maybe a small house or a building so what this does is builds a list of every single network device that's broadcasting and then selectively D offs every single one so that they can't connect to the network now something like this is a little bit smaller but if someone made us really angry or if we needed to go over a larger area for a limitation test much more likely then we can add a 2.4 and 5 gigahertz antenna and then if they've made us really angry we can create the trident and add a giant 9 d bi network adapter like this so this would have a monstrous range and be able to affect something over maybe even like a city block so as you can see by adding a couple things to the PI you can really scale at the power and create something just ludicrous which sometimes is fun so if we want to add something new we can add GPS data to create a wardriving pi that allows us to drive around and find every misconfigured or quarterly secured wireless network in an area very very quickly automatically so wardriving is just having something like this in your car driving around so that it can scan the area and the end result is an interactive where you can find anything that you're looking for in terms of week security or open networks or anything like that so having this in your backpack is a great way to simply walk around an area you're doing a penetration test in once and have a list very quickly of everything that's connected even down to printers and things like that now you might think that this is a little bulky and you're right but if you're doing something that requires a little bit more I guess lightweight applications then you can rely on something like the Raspberry Pi 0w now my favorite payload for the pi 0 w is acting as a mod like an electronic weapons payload I guess for a drone by adding a wireless network adapter so that when you mount this underneath kind of a cheaper drone like this you can fly up to a drone that's much more expensive and uses Wi-Fi to communicate with its base station and actually hijack it by sending a signal that D off sit and then pretends to be the wireless network that it was originally connected to in order to control it so that creates a zombie drone that flies around this kind of cheap drone and you can force the drone that you're targeting to follow you back away wherever you want and basically steal it if you wanted to but it's a great proof-of-concept to show off that even a tiny drone like this can be outfitted with a little package that makes it so powerful it can take out even bigger more expensive drums so as you can see the Raspberry Pi 3 and especially the PI 0w are very versatile hardware and with the right configuration you can really get creative and let your imagination come up with some really cool prototypes the Raspberry Pi can help you learn all about a lot of different ethical hacking skills and anyone can get started without needing to risk their own system with the Raspberry Pi running Kali Linux you can learn about hid attacks hacking Wi-Fi and even tools like Metasploit in a matter of minutes thanks for watching this episode of cyber weapons lab make sure to like comment and subscribe and we'll see you next time you

Info

Channel: Null Byte

Views: 1,605,715

Rating: undefined out of 5

Keywords: hacking, wonderhowto, wonder how to, nullbyte, null byte, hack, kali, kali linux, re4son, kernel, linux, headless, raspberry pi, raspberry, pi, pi3, pi3b, pi3b+, pi 3, 3 b+, sd card, rubber ducky, usb rubber ducky, network adapter, wi-fi, wifi, ethernet, white hat, kody kinzie

Id: 5ExWmpFnAnE

Channel Id: undefined

Length: 23min 46sec (1426 seconds)

Published: Wed Apr 18 2018