Penetration Testing with Raspberry Pi. E-Book

Table of Contents

Penetration Testing with Raspberry Pi - Second Edition

Copyright © 2016 Packt

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.

Packt has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt cannot guarantee the accuracy of this information.

First published: January 2015

Second edition: November 2016

Production reference: 1231116

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham 

B3 2PB, UK.

ISBN 978-1-78712-613-8

www.packtpub.com

Michael McPhee is a Systems Engineer working for Cisco, based in Upstate NY, where he has worked for 4 years. Prior to joining Cisco, Michael spent 6 years in the U.S. Navy and another 10 working on communications systems, and has obtained the following certifications along the way: CCIE R&S, CCIE Security, CCIP, CCDP, ITILv3, and the Cisco Security White Belt. He has a BS in Electrical Engineering Technology from Rochester Institute of Technology and a Masters of Business Administration from University of Massachusetts - Amherst.

Michael's current role sees him consulting on security and network infrastructures. Before joining Cisco, Michael was a Network Operations Team Lead at a major regional insurance company. Prior to entering IT, he spent 11 years as a systems engineer and architect for defense contractors, where he helped propose, design, and develop command and control and electronic warfare systems for the US DoD and NATO allies. Michael’s diverse experience helps customers keep things in perspective and achieve their goals securely.

I want to thank my family, especially my wife Cathy for all of her unwavering love and support, and for always letting me tackle new things, and for helping me raise our funny, witty, and wonderfully nutty children, Liam and Claire. Go to bed, kids! I would also like to thank my teammates and shipmates, past and present - you all have helped to make me who I am as an engineer and more, and you’ve all set some pretty high bars for me to aspire to. To my Cisco mentors, folks like Dave Nentarz, Chad Hintz, Jason Vierra, and so many others – your generosity with your time, encouragement, and wisdom has been invaluable. Joey and Aamir, thank you for trusting us with this awesome project – we’ve learned a ton! Finally folks, Jason Beltrame is about the best teammate and friend a guy could take this journey with, and I appreciate all of his patience, positivity, and comradery. 

Jason Beltrame is a Systems Engineer for Cisco, living in the Eastern Pennsylvania Area. He has worked in the Network and Security field for 18 years, with the last 2 years as a Systems Engineer, and the prior 16 years on the operational side as a Network Engineer. During that time, Jason has achieved the following certifications: CISSP, CCNP, CCNP Security, CCDP, CCSP, CISA, ITILv2, and VCP5. He is a graduate from DeSales University in BS in Computer Science. He has a passion for security and loves learning.

In his current role at Cisco, Jason focuses on Security and Enterprise Networks, but as a generalist SE, he covers all aspects of technology. Jason works with commercial territory customers, helping them achieve their technology goals based on their individual business requirements. His 16 years of real-world experience allows him to relate with his customers and understand both their challenges and desired outcomes.

I would like to thank my wife, Becky, for putting up with my late night writing sessions, as well as giving me the support needed to write this book. I would also like to thank both my children, Josh and Ryan, for keeping me active and giving me the strength to stay up late writing and researching.  Without this strong support system that I have, none of this would have been possible. Follow colleagues/mentors such as Michael McPhee, Joseph Muniz and Aamir Lakhani for pushing me to do my best and believing in me.

Joseph Muniz is an architect at Cisco Systems and a security researcher. He has extensive experience in designing security solutions and architectures for the top Fortune 500 corporations and the US Government. Joseph's current role gives him visibility into the latest trends in cyber security, both from leading vendors and customers. Examples of Joseph’s research is his RSA talk titled Social Media Deception quoted by many sources found by searching Emily Williams Social Engineering, as well as articles in PenTest Magazine regarding various security topics. 

Joseph runs The Security Blogger website, a popular resource for security and product implementation. He is the author and contributor of several publications, including a recent Cisco Press title focused on building a Security Operations Center (SOC). Follow Joseph at http://www.thesecurityblogger.com/ and @SecureBlogger.    

Outside of work, Joseph can be found behind turntables scratching classic vinyl or on the soccer pitch hacking away at the local club teams.   

Publications:

CCNA Cyber Ops SECOPS #210-255 Official Cert Guide (Certification Guide) – Cisco Press CCNA

Cyber Ops SECFND #210-250 Official Cert Guide (Certification Guide) – Cisco Press Security

Operations Center: Building, Operating, and Maintaining your SOC – Cisco Press

Penetration Testing with Raspberry Pi - Packt Publishing                                                    

Web Penetration Testing with Kali Linux - Packt Publishing

I will start by thanking Michael and Jason for taking on the daunting task of revising our book. We were extremely picky about who would work on this and it was great having our friends step up and take on this project. We feel really lucky to work with them and love what they came up with.   

Next I want to thank the Packt team for their work on this book. They are professional and really fun to work with.

Finally I would like to give a huge thank you to my friends and family. I feel lucky to know and hang out with such great people. 

Aamir Lakhani  is a leading senior security strategist. He is responsible for providing IT security solutions to major enterprises and government organizations.

Mr. Lakhani creates technical security strategies and leads security implementation projects for Fortune 500 companies. Industries of focus include healthcare providers, educational institutions, financial institutions, and government organizations. Aamir has designed offensive counter-defense measures for the Department of Defense and national intelligence agencies. He has also assisted organizations with safeguarding IT and physical environments from attacks perpetrated by underground cybercriminal groups. Mr. Lakhani is considered an industry leader for creating detailed security architectures within complex computing environments. His areas of expertise include cyber defense, mobile application threats, malware management, Advanced Persistent Threat (APT) research, and investigations relating to the Internet’s dark security movement. He is the author of, or contributor to several books, and has appeared on FOX Business News, National Public Radio, and other media outlets as an expert on cybersecurity.

Writing under the pseudonym Dr.Chaos, Mr. Lakhani also operates the popular security social media blog which is hosted at http://www.drchaos.com/. In its recent list of 46 Federal Technology Experts to Follow on Twitter, Forbes magazine described Aamir Lakhani as a blogger, InfoSec specialist, super hero…and all around good guy.

I would like thank my dad, Mahmood Lakhani, for always believing in me.

For support files and downloads related to your book, please visit www.PacktPub.com.

Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details.

At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.

https://www.packtpub.com/mapt

Get the most in-demand software skills with Mapt. Mapt gives you full access to all Packt books and video courses, as well as industry-leading tools to help you plan your personal development and advance your career.

Our focus for this book is to learn how to build and use a low-cost, portable hacking arsenal using the Raspberry Pi 3 and Kali Linux. By the end of the book, we’ll have an extremely flexible penetration testing platform, suitable for penetration testing projects that don’t require applications with high processing power needs. This combination leverages the portability of the Raspberry Pi and the capabilities of the most popular open source penetration toolset, Kali Linux. Throughout the book, we will focus on using the combined platform to perform covert security assessments at remote locations. We will be setting them up for remote management with a minimal footprint to help remain undetected. We will see that combining Kali Linux on a Raspberry Pi 3 can provide us with a flexible, adaptable, low-profile and cost-effective penetration testing platform that can accomplish many test objectives larger platforms cannot.

We definitely recommend having a Raspberry Pi 3 to be able to practice and implement the concepts and examples we are going to show in this book. We do discuss in Chapter 1, Choosing a Pen Test Platform, how to purchase a Raspberry Pi as well as how to configure the other system components that are required for topics in other chapters. Additional Bluetooth and Wireless network adapters may be needed as well, and are discussed in the relevant sections.

Kali Linux and the other software applications referenced in this book are open source, meaning they are free to download.  The hardware and software is not required if you are looking to just follow the concepts covered within this book.

This book is designed to take a Raspberry Pi and turn it into a hacking arsenal by leveraging the most popular open source penetration toolset – Kali Linux. If you are a computer enthusiast who wants to learn advanced hacking techniques using the low-cost Raspberry Pi 3 as your penetration testing toolbox, or even a seasoned penetration tester just trying to save costs on travel and hardware, then this book is for you. You do not need to be a skilled hacker or programmer to use this book. Prior knowledge of networking and Linux would be an advantage; however, it is not required to follow the concepts covered in this book.

In this book, you will find a number of text styles that distinguish between different kinds of information. Here are some examples of these styles and an explanation of their meaning.

Code words in text, database table names, folder names, filenames, file extensions, path names, dummy URLs, user input, and Twitter handles are shown as follows: "For Windows, we can use  Win32DiskImager."

Any command-line input or output is written as follows:

New terms and important words are shown in bold. Words that you see on the screen, for example, in menus or dialog boxes, appear in the text like this: "Click on Write, and let it do its job."

Feedback from our readers is always welcome. Let us know what you think about this book-what you liked or disliked. Reader feedback is important for us as it helps us develop titles that you will really get the most out of. To send us general feedback, simply e-mail [email protected], and mention the book's title in the subject of your message. If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide at www.packtpub.com/authors.

Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.

In this chapter, we'll take a look at the hardware and software options available to us to build a low cost, small footprint, yet powerful penetration testing platform. We will go into some of the considerations we weighed, as well as why we chose the Raspberry Pi 3 as our hardware platform and the Kali Linux as the software distribution to build our penetration testing platform.

We will go through the steps of getting the hardware setup and the software installed so that we'll have a fully functional Raspberry Pi 3 with Kali Linux 2.0 running on it.

Most people get the operating system installed and immediately start playing around with the tools; however, we recommend not doing that. Many of the problems people experience can easily be corrected by following the setup and best practices covered in this chapter. These best practices include both pre-installation and post-installation modifications. We will go into some of the best practice tasks to be completed before we jump into the swing of things.

This chapter covers the following topics:

One of the first things we notice about the operating systems we can run on Raspberry Pi is that the list is pretty extensive. There is a lot of support for the hardware. That is yet another reason why we chose the Raspberry Pi hardware versus the other platforms that are available. For the penetration testing software, we chose to use Kali Linux (https://www.kali.org) for our Pi pen-testing box. Kali Linux comes with a ton of security tools already installed, and it is the successor to BackTrack, a well-respected, security-oriented Linux distribution we've used in the past. The Raspberry Pi custom images for Kali Linux are maintained by Offensive Security (https://www.offensive-security.com/).

Kali Linux is not the only great distro (or distribution) the specific blend of Linux operating system and applications) out there. Other great pen-testing distros are available for penetration testing. These other distros include PwnPi, Raspberry Pwn, and PwnBerry Pi. We will talk about these distros a little later in the book, specifically in Chapter 6, Finishing the Attack - Report and Withdraw. But for now, we are going to focus on Kali Linux as our distro of choice because of its huge community and support for most projects we targeted to include in this book.

Purchasing a Raspberry Pi can be a daunting task. There are lots of kits on the Internet to choose from, as well as a ton of accessories available. We went to the CanaKit website (http://www.canakit.com) to look over some of the options. For beginners to the Raspberry Pi, we definitely suggest getting one of many available kits rather than piecing together the platform. Most, such as the CanaKit we selected, come with a lot of the things we will need right away, and will save us some money by buying the bundle versus purchasing the individual components a la carte.

The two main CanaKit offerings for Raspberry Pi 3 are the Ultimate Starter Kit and the Complete Starter Kit. The Ultimate Starter Kit comes with quite a few more accessories than the Complete Starter Kit. These additions include breadboards, a ribbon cable, a General-purpose input/output (GPIO) to Breadboard interface card, just to name a few. The price is only $15.00 more for all the additional stuff, so we went with the Ultimate Starter Kit because we not only found it to be the best deal overall, but also were not sure what future projects we may need the additional hardware for. We ordered ours through Amazon for about $89. Shop around, there are other sites out there as well to order from, and if we were in education, there are sites that provide these kits at significant discounts.

The following image is from CanaKits of the Complete Starter Kit, which is a good option if we were looking for all the major components needed in this book at the lowest price:

As for the Ultimate Starter Kit, the following image from CanaKits shows just how much more is included. This is one of the kits we purchased, just so we had more project options in the future:

Putting together Raspberry Pi 3 for basic operation is a pretty straightforward process. There are a few items that need to be assembled before the initial use. Depending on package we get, we may have some additional parts that can be put together. The first thing we did was installed the heat sinks onto both the Broadcom chip, as well as the LAN chip:

Next, we put the board in the case for protection, since we don't want anything to happen to our Raspberry Pi. There are different case options, and depending on the kit we get, we may get a different color or type. For example, there may be a need to hide our Pi from others. So stealth is sometimes a need or requirement, and the Pi can be hidden in objects or placed in a plain white case to look like it belongs to something else, such as a power adapter. In situations such as this, we may want to consider using a USB power supply to power our Raspberry Pi so as not to draw attention to the power cable running from the hidden Pi to the wall. This is ideal for a true plant scenario. Based on our tests, powering our Pi with the USB power stick gives us about 1 week or so, but our mileage will vary depending on the size of the power stick, as well as how heavily we consume the resources of the Pi over that time period.

After that, the Raspberry Pi 3 was fully assembled, we merely hooked up our monitor via the High-Definition Multimedia Interface (HDMI) interface using the cable provided,which is plugged in our USB mouse and keyboard, and start preparing for the SD card for the operating system.

The first step in installing Kali Linux onto our Raspberry Pi 3 is to prep the microSD card. For Kali Linux, we need to have at least 8 GB of capacity. For best performance, we'll try to make sure that the microSD card is a class 10. We want to make sure that with all of that new power and speed from the Quad core CPU, we won't get slowed down by a slow microSD card. It also helps to ensure that any separately purchased SD cards we may be considering are compatible or suitable, as some SD card brands and product lines work better than others. A great resource for checking this is the eLinux website (http://elinux.org/RPi_SD_cards).

The SD card that comes with our Raspberry Pi may have software on it already. Ours came with NOOBS on it, which is handy if we are not sure what distro we are looking for, as we can choose from several options in the menu within NOOBS. Because we knew we wanted Kali Linux on our Raspberry Pi, we formatted the microSD card to start fresh and installed our own operating system on it. It is always a good idea to copy the existing content of the microSD card to another place before blowing it away. This way, we have the initial version of NOOBS in case we need to use that in the future. With the Ultimate Starter Kit, we received a USB-based microSD adapter. This is a very handy adapter, as most computers do not have a microSD card slot on them, including Apple devices. We plugged in our 32 GB microSD card into the adapter and then into our computer; then, we were ready to rock.

The following image shows the USB-based microSD adapter that we used in our lab:

Getting the right image of Kali is important for proper operation. When we browse https://www.kali.org/, we can find all the options available for Kali Linux. Since we are using an ARM processor on the Raspberry Pi, we will need to install the Raspberry Pi-specific image. The link will redirect us to the Offensive Security site (https://www.offensive-security.com/kali-linux-arm-images/) for a custom Kali image. We should note that there are lots of different ARM options depending on the hardware platform we are using. Since we are using Raspberry Pi 3, we will choose the version that works with that platform. We'll make sure that we note where our image gets downloaded to, so we don't have to go searching later. The ARM image is specifically designed for the Raspberry Pi hardware versus the full-blown image. Again, let's verify that we download the correct image.

Now that we have the image downloaded and ready to install, we need to write it to the microSD card. How we do this will depend on the operating system that we are using. For Windows, we can use the Win32DiskImager. This utility is available at the following URL:

https://sourceforge.net/projects/win32diskimager/

Once the utility is downloaded and opened, we are ready to proceed with imaging the SD card. We will first need to unzip the Kali image. We can use a program such as 7-Zip to unzip the image. When we unzip the file, we will be left with a folder, where we will find the .img file. We then need to select the image file in the Win32DiskImager utility, as well as the correct drive letter for the microSD card we want the image to go on. Let's click on Write, and let it do its job. This process can take some time, so be patient. When it's complete, press the Exit button.

The following screenshot is of the Win32DiskImager utility. It's a great little utility that is very easy to use:

If we are using a Mac or Linux machine, we can use the built-in dd utility to do the writing of the image.

The process on the Mac is as follows: