If you are a learner and want to get more into the world of cybersecurity and hacking, the starting point would be Kali Linux in Raspberry Pi. Kali Linux contains industry-specific modifications as well as several hundred tools targeted toward various Information Security tasks, such as Penetration Testing, Security Research, Computer Forensics, Reverse Engineering, Vulnerability Management, and Red Team Testing. With the help of Raspberry Pi, it enables the portability of the machine.
First, Let’s See How To Setup up the machine:
Hardware Requirements:
- Raspberry Pi.
- Monitor(Small LCD screen).
- Keyboard and Mouse.
- Micro SD Card.
- Power Supply(Power Bank).
- Wifi or Ethernet.
- Respective Cables.
Step 1: Download Kali Linux OS
According to the Raspberry Pi you should download the OS, there are various OS listed for different specifications. Therefore, you need to identify what model you are using.
Download the software in your system and open the software, you need to select “Select Image” and browse the Kali Linux image file and select it. Next, select the drive where you need to write the image file onto and then click lash for the image file to be uploaded to Micro SD Card.
Step 3: Boot your Raspberry Pi
The process will be in GUI therefore it will be easy to interact, the default password and username will be “kali”.
Congratulations!!!
The setup process is finally over, and now you can explore the interface.
Now let us see some of the inbuilt applications of Kali Linux and how it helps us:
Now let us see some of the inbuilt applications of Kali Linux and how it helps us:
THC Hydra:
Hydra is a parallelized password cracker that supports numerous protocols to attack. It is swift and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.
type ./hydra -h to see all available command line options
Burp Suite:
Burp Suite contains various tools for performing different testing tasks. The tools operate effectively together, and you can pass interesting requests between tools as your work progresses, to carry out different actions.
Metasploit Framework:
The Metasploit framework is a very powerful tool which can be used by cybercriminals as well as ethical hackers to probe systematic vulnerabilities on networks and servers. Because it’s an open-source framework, it can be easily customized and used with most operating systems.
resource link: https://docs.rapid7.com/metasploit/
Aircrack-ng:
Aircrack-ng is one of the penetration tester “tools of choice” available for cracking WEP and WPA-PSK in Windows. Aircrack-ng breaks WEP through the use of statistical mathematical analysis. Aircrack-ng breaks WPA PSK and WPA2 using brute-force attack techniques against known passwords. Aircrack-ng was initially released in 2006, and it was developed by a hacker known as Mister X. Aircrack-ng was based on an earlier utility called Aircrack. As typical for many products, the “ng” in the name stands for the next generation.
Resource link: https://www.aircrack-ng.org/documentation.html
Resource link: https://www.aircrack-ng.org/documentation.html
John the Ripper:
John the Ripper is often used in the enterprise to detect weak passwords that could put network security at risk, as well as other administrative purposes. The software can run a wide variety of password-cracking techniques against the various user accounts on each operating system and can be scripted to run locally or remotely.
Simple WIFI hacking tutorial:
We will be using Aircrack-ng, as mentioned before it is a set of tools used to assess wireless network security. It can be used to crack the password of a wireless network by capturing and analyzing network packets to determine the password. The process involves capturing a large number of packets from the target network, analyzing the packets to identify the password, and then attempting to crack the password using brute-force or dictionary-based attacks. Aircrack-ng can also be used to test the security of a network by attempting to crack the password, and can help network administrators identify and address security vulnerabilities.
It's important to note that cracking Wi-Fi passwords without permission is illegal and unethical, and can result in severe consequences. The use of Aircrack-ng or any other hacking tools should only be for testing the security of your own network or for educational purposes in a controlled environment.
Step 1: airmon-ng
To display the wireless cards we use this to identify the interface.
Step 2: airmon-ng start wlan0
Now you will start airmon-ng with the interface you found in my case it is wlan0.
Step 3: airmon-ng check kill
You may get an error for interfering with monitor mode after step 2, so if you face the problem run this step and run step 2 again.
Step 4: airmong-ng start wlan0
Step 5: airmon-ng
You use airmon-ng again to see the new interfaces.
Now the next step is to scan for WI-FI,
Step 6: airodump-ng wlan0mon
This is for viewing nearby WIFI networks available, and also used for collecting data about the WIF networks around you. Now, next step is to choose the target.
Step 7: airodump-ng wlan0mon --bssid XX:XX:XX:XX:XX --channel X --write airodump
Now according to the target you picked you fill the BSSID and Channel(CH) and run the above code.
Here you will get the filtered result like the systems connected to the network.
Now open another new terminal and run,
Step 8: aireplay-ng wlan0mon --deauth 10 -a XX:XX:XX:XX:XX
This for sending packet and making a device to reconnect. Now you will see a "WPA Handshake message" in scan page if everything went correct. This handshake sample is the encrypted password file which is now saved as a file in system.
Now you may create a dictionary for the brute-force attack,
Step 9: aircrack-ng file_name.cap -w password
Here the file_name is the file created in the above step we use the password dictionary we created and try to crack it with the help of aircrack-ng.
Congrats you followed the steps till the end. Remember that this is for awareness and education purpose.
Learning cybersecurity on a Raspberry Pi with Kali Linux is a wonderful method to obtain hands-on experience, practical skills, and familiarity with critical tools and approaches while keeping prices low. Raspberry Pi is extremely adaptable, allowing you to tailor the device to your exact needs and requirements.
Start Your Journey Today.
0 Comments