Pi 400 & Kali Linux – The Perfect $100 Hacking System

The Pi 400 makes creating a hacking system with Raspberry Pi extremely simple – it is literally burn, boot and done!

The Pi 400 is an “all in one” keyboard version of the Raspberry Pi 4. For all intents and purposes, it is a Raspberry Pi 4, though it has been flattened out a bit and the circuitry has been modified to reflect the changes. The Pi 400 is perfect as a hacking system, as you can easily install and use a fully function version of Kali Linux on it.

In this article, we will look at installing Kali, and running some quick WIFI attacks. All that is needed hardware-wise for this article is the Pi 400 (complete kit) and a Kali compatible USB WIFI adapter. I used an TL-WN722N (v1!) and an Alfa AWUS036NHA, both worked “Out of the Box”.

I know, you can’t get the TL-WN722N v1 adapter new anymore, but there are tons of them out there, and it is one of the best short range WiFi adapters available.

The Pi 400 Complete kit is nice – it comes with the Pi 400, power supply, a memory card, mouse, HDMI cable and a “Raspberry Pi Beginners Guide” book. All you need is a monitor!

The Pi 400 complete kit also comes with a 16GB memory card pre-loaded with RaspiOS. Literally all you need to do is unbox, attach the peripherals, insert the memory card into the Pi, apply power and in a few seconds, we have a Raspbian desktop.

**NOTE: Never insert or remove the memory card when power is applied!

If you have never used a Raspberry Pi before, take your time and play with it. RaspiOS is a very good operating system, and a great way to learn how to use the PI – If you bought the complete Pi-400 kit, the included beginners guide will walk you through using RaspiOS, and more advanced topics like using the GPIO board and sensors.

Though that is not the purpose of this article, we want to turn the Pi-400 into a hacking platform, so let’s get to it!

Installing Kali Linux

Installing Kali Linux on the Pi 400 is very simple. If you are finished using RaspiOS, you can use the memory card from the Pi 400 Kit or just use a new or blank one. All you need to do is download the official Kali Linux Pi 4 64-bit ARM image from Offensive Security, write it to the memory card using a program like BalenaEtcher, then insert the card into the Pi, apply power and boot.

  1. From the Offensive Security Website, under “Raspberry Pi Foundation”, Download Kali Linux 4 (64 bit) image – https://www.offensive-security.com/kali-linux-arm-images/
  • Insert the memory card into the Pi 400, apply power and boot.

You now have a Kali Linux Desktop system!

Okay, So What Doesn’t Work

It’s not a Pi 4, it’s a Pi 400, something must be different, you say. Honestly, the only real difference I have run into so far is that the internal WiFi doesn’t seem to be recognized by Kali. Though it does work in RaspiOS. I am assuming it is some sort of driver issue, I haven’t had a chance yet to troubleshoot. Though I am not heart broken, I rarely use it, and always use a USB WiFi adapter for much better range and reliability.

WiFi Attacks with the Pi 400

Run “ifconfig” and make sure your wireless card is detected, it should show up as wlan0 and/or wlan1, once the onboard wifi driver is fixed.

First, let’s get the lay of the land with Airodump-ng. For the Wi-Fi hacking purists out there, who love iwconfig, Airodump will automatically put the card in the correct monitoring mode for you. All you need to do is run the command.

  • sudo airodump-ng wlan0

Our target, “Death Star” is currently running on Channel 11.

We can go for a “quick kill” using Besside-NG

  • sudo besside-ng -W -c [Channel] -b [Target_BSSID]

If the attack works, we get the WPA handshake file. It only took about 15 seconds; I’ve seen it work as fast as 5 seconds.

The Besside log file and the captured WPA handshake file (wpa.cap) are stored in the user’s home directory.

The handshake file can include a lot of unnecessary packets, you can clean these up with the beside-ng-crawler tool. Though it is really not necessary if just targeting a single target.

  • besside-ng-crawler [search_directory] [output_file]

The handshake file then needs to be cracked.

Bettercap

Bettercap 2 is an awesome Wireless attack tool with a lot more options. It is not installed by default, but is included in the Kali repository.

  • sudo apt install bettercap

Now all we need to do is run bettercap and turn on WiFi recon

  • sudo bettercap -iface wlan0
  • wifi.recon on

Looks a bit confusing, but we can clean it up with the Bettercap “Ticker” Display

  • set wifi.show.sort clients desc
  • set ticker.commands ‘clear; wifi.show’
  • ticker on

We now have nice color-coded display that works great even through SSH.

Now, let’s grab some handshake files:

  • wifi.recon.channel X (enter channel #)
  • wifi.assoc [BSSID]
  • or wifi.assoc all (warning – attacks all detected WiFi networks!)

Notice, “Death Star’s” Encryption type has turned to red. Bettercap successfully grabbed and saved the handshake. When finished, type “exit” to exit bettercap.

Captured handshake files and the bettercap log are stored in the Kali root user directory:

Unless the WPA key is extremely simple, you really don’t want to try to crack them on a Pi4. I highly recommend copying it off to a desktop system.

Conclusion

In this article we saw how to quickly and easily install Kali Linux on the new Pi 400 all in one keyboard system. The Pi 400 is a great choice as a hacking system due to it’s portability and compactness. It also can run a full desktop install of Kali Linux, or any other Pi 4 compatible OS, so your options are many.

We only covered using the Pi 400 in some quick WiFi tests, but as you have the full power of Kali Linux at your fingertips you could perform any level of pentesting with it that you could do with a normal desktop. Okay, it doesn’t have the same power as a high end desktop, so cracking passwords or some enterprise level tests may be out of the questions, but for $100 you can’t go wrong having the Pi 400 in your security testing toolkit.

If you want to learn a lot about security testing with the Raspberry Pi, check out my book, “Security Testing with Raspberry Pi“, available on Amazon.com.

Kali 2020.4 is here – and with a slightly new look!

The latest version of Kali Linux 2020.4 dropped this week. Let’s take a quick look!

At first glance it seems like mostly visual changes – Love it or hate it, they switched to the ZSH shell by default. If you are not used to it, it is a little disorientating at first, but you get used to it quick.

Kali is now using Metasploit Framework 6 which has some nice updates that I really like. I did a demo of the MSF 6 Docker to Host bypass demo a while back for my Instagram followers. It is called the “Docker_Priveleged_Container_escape” and works great!

Escaping a privileged Ubuntu Docker container back to the Kali Linux Host

As mentioned, the default shell is now ZSH. I was not a fan of ZSH, but it is growing on me. It also kind of makes Kali look more like Parrot OS, but I won’t say that in public, lol.

chsh -s /bin/bash or chsh -s /bin/zsh and a reboot allows you to change between the two shells, but bash has also been modified to look the same, though it does act differently.

You can check which shell is active by using echo $0

If you haven’t noticed in the previous versions, some tools that you may have normally used have been removed (like BeEF) from the default VMWare image and are now part of the “Large” install package. You can still apt install any of the missing tools that you need.

Oh and apt update works again in this version! There was a typo in several of the Kali 2020.3 version sources file that caused an error on update.

Always happy to get a new Kali version, and looking forward to Kali 2021! For more information on all the new Kali 2020.4 features, check out the official release post!

Cheap Security Lab Training with Raspberry Pi 4, Docker & Kali Linux

The Raspberry Pi is a small yet power platform that is perfect for building a cost effective cybersecurity training lab. In this article we will look at installing Docker on a Raspberry Pi 4 (4GB) running Kali Linux (64 bit).

The case pictured is the Official Raspberry Pi 7″ touchscreen in a modified touchscreen case. It was made for the Pi 3, only slight modifications were made so the Pi 4 could fit in it. Modify cases at your own risk, you could cut yourself or destroy your case.

Installing Kali Linux on a Pi 4

This article assumes that you have already installed and updated Kali Linux on your Pi 4. If you have not, simply download the 64 bit Kali Linux 4 ARM image from Offensive Security.

Extract the image, write it to an MicroSD Card, insert it into your Pi4, attach peripherals, and power last of all. Allow the system to boot up completely.

Login with “kali/ kali” – Since Kali 2020, you no longer use “root/ toor” to log in. Reboot, Update and Upgrade, and reboot one last time. You are now ready to install Docker.

Installing Docker on Raspberry Pi

Full docs for installing Docker on the Pi are available on the Official Kali Website: https://www.kali.org/docs/containers/installing-docker-on-kali/

  • sudo apt update
  • sudo apt install -y docker.io
  • sudo systemctl enable docker –now
  • docker

You can add a user to the Docker group if you wish:

  • sudo usermod -aG docker username

You may need to start the Docker service manually

  • sudo service docker start

That’s it! You can now run Docker and install any Docker images that you want.

OWASP Juice Shop on the Raspberry Pi

Some Docker containers will not run on ARM, but you can find ports for some of the more popular ones. Just realize that some times these aren’t “Official” images, so proceed with due caution.

Also, the purposefully vulnerable Docker Images are just that, so follow all precautions necessary to protecting your systems while running them. The most preferred method is a stand alone local address only test LAN, disconnected or firewalled from both the internet and any production systems.

We will install the Docker “OWASP Juice Shop” image from the Docker library. This is an ARM port of the official OWASP Juice Shop program.

Tool website: https://hub.docker.com/r/santosomar/juice-shop-arm64

To install, and run, simply open a terminal and type:

  • docker run -d –name juice-shop -p 3000:3000 santosomar/juice-shop-arm64

Docker will pull down the image, and run it.

Once it is installed:

  • Open a browser and navigate to localhost:3000 or IP_Address:3000

You are now good to go! You can begin testing your skills locally on the Pi or you can use a LAN system to practice your skills. A full write up on “Pwning OWASP Juice Shop” can be found here:

https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/

and a list of Solutions can be found here:

https://bkimminich.gitbooks.io/pwning-owasp-juice-shop/content/appendix/solutions.html

A list of challenges for Juice Shop is available. As you complete each challenge, the website keeps track of your pwning progress. Here is one of my favorites, the “Melee Kitty”!

Enjoy and most importantly, have fun!

If you would like to learn a lot more about using Raspberry Pis in the security field, check out my latest book, “Security Testing with Raspberry Pi“!

Basic Security Testing with Kali Linux Giveaway Contest

Want a chance to get a signed copy of my latest Kali Linux book? I am giving away a total of 10 signed copies of “Basic Security Testing with Kali Linux, 3rd Edition”!

Simply follow, like and share this article, or my official Twitter or Instagram announcement, for a chance to win a signed copy of my new book!

10 lucky winners will be randomly selected on October 31st.

The Contest is for those living in the United States only. I may do another one for international readers in the future.

Liking this article & sharing the Official Contest announcements on Twitter and Instagram will increase your chances of winning.  Winners will be notified on October 31st. If a winner cannot be notified or does not respond by the end of the first week of November, another winner will be picked.

Good luck!