The 2021 Guide to Making your Raspberry Pi 4 a Headless Ethical Hacking Computer
--
Note: if you just want to know how to make your Raspberry Pi 4 + Kali linux machine run headless (without a monitor), skip to steps 5 and 6
So I came across this Null Byte Video about using the Raspberry Pi 4 for wifi hacking on the go. Unlike its predecessors, the Pi 4 comes with a wifi network adapter capable of using monitor mode, which makes it an ideal mini hacking computer at around $45. Besides a few small issues that come with an aging tutorial, the null byte video misses a critical step: setting up your Raspberry Pi 4 to run headless (without a monitor). After all, how “mobile” is your mobile hacking machine if you have to lug around a monitor? Let’s get started.
Disclaimer:
This is a complete step by step tutorial, pulling a lot from the original Null Byte Video but updating where necessary, and at the end, adding instructions for making your Raspberry Pi 4 headless. The quoted sections are directly from the original Null-Byte tutorial.
Before you start:
This tutorial assumes you have a Raspberry Pi 4, as well as a computer capable of reading a Micro SD card (necessary for getting Kali Linux into your Raspberry Pi 4). A complete parts list can be found in the description of the original null-byte video
Step 1: Download the Kali Disk Image
The first step will be to determine which disk image you want to use for the Pi 4 Model B and download it so that you can burn it to the microSD card. There are two places we can get this disk image: the official Kali website or from the Whitedome website for the “Sticky Fingers” Kali build that includes some useful modifications.
I went with the Sticky Fingers build, but quickly discovered errors during setup and had to start over. To save yourself some frustration, I’d recommend the official Kali Linux image as it is maintained frequently.
Step 2: Load the MicroSD Card Using Etcher
To flash the Kali Linux image to the Pi 4 Model B’s microSD card, plug the microSD card into your computer, either directly or via a card reader, and download Etcher from its official website. Follow the on-screen prompts to install it, then open Etcher when it’s done installing. In the window that appears, click the blue button that says “Select image,” then load the Kali image.
Next, click the blue button that says “Select drive,” and make sure you’ve selected the microSD card and not your hard drive. I know, how could you do that? Well, I’ve seen people try.
Finally, click the blue “Flash!” button to flash the Kali image to your microSD card.
This should take around 15 minutes or so. Once it’s done, eject the microSD card and insert it into your unpowered Raspberry Pi 4 Model B.
Step 3: Connect & Update the Raspberry Pi 4
With the newly flashed microSD card in the Raspberry Pi 4 Model B, plug it into power, and plug the Micro-HDMI cable into a monitor. Plug in a keyboard and mouse to the Pi 4 Model B’s USB ports, and wait for it to boot to the loading screen.
Once at the Kali loading screen, enter the default login and password, r̶o̶o̶t̶ and t̶o̶o̶r̶, to log in. After logging in, we’ll need to update and upgrade Kali Linux for the installation to work. Packages have likely been moved, updated, or otherwise changed since our download was created, so this step ensures that we’ve downloaded the most recent version of all installed packages.
At the time of writing, the default login and password are kali and kali, NOT root and toor. Don’t let this trip you up.
First, connect to the internet via Wi-Fi or Ethernet, and then open a terminal window and run the following command. Keep in mind that it can take up to an hour to upgrade on a slow connection.
~# apt update && apt upgrade
Once you’ve updated and upgraded your system, you’ll be ready to take the first steps in changing default credentials and SSH keys.
Step 4: Change the Root Password & SSH Keys
Using default SSH keys is terrible and can lead to being the victim of a man-in-the-middle attack. Because of this, we’ll need to change our default SSH keys and enable SSH to run at boot to safely communicate with our Raspberry Pi 4 Model B over SSH.
In your terminal window, enter the following commands to change directory into the folder containing the SSH keys and reconfigure the server.
At this point in the tutorial, you must switch to the root user and navigate to the root directory. To switch to the root user, from the command line, enter sudo su root:
sudo su root
When prompted for your password, enter kali
Now, navigate to the root directory with cd ~/../.. and confirm your in the right spot with ls:
cd ~/../..
ls
you should see the etc directory listed.
Finally, run the following commands:
~# cd /etc/ssh/
~# dpkg-reconfigure openssh-server
That should create new SSH keys. Next, we’ll run a few commands to enable runlevels for SSH and allow us to start the service at boot so we can log in remotely.
~# update-rc.d -f ssh remove
~# update-rc.d -f ssh defaults
~# nano /etc/ssh/sshd_config
In the nano window that opens, make sure that “PermitRootLogin” is un-tabbed to allow root login. After this is done, you can hit Control-x to exit the nano window after applying the changes.
Next, type sudo service ssh restart to apply these changes. Finally, type update-rc.d -f ssh enable 2 3 4 5 to enable SSH at boot with the settings we’ve applied.
~# sudo service ssh restart
~# update-rc.d -f ssh enable 2 3 4 5
Finally, we’ll need to change the root password from toor. To do this, type passwd root and select a new password.
~# passwd rootEnter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Now, our Pi should be updated, upgraded, and have a unique password and SSH keys. This will prevent it from being targeted by tools like Rpi-hunter.
Step 5: edit the lightdm.conf file to allow autologin
To use your Raspberry Pi 4 without a monitor, you need to get rid of the login screen that usually pops up when you turn it on. You can do this by editing the configuration file of your display manager. If you are using the official Kali Linux image, then your display manager is LightDM. Here’s what you need to do:
Open the lightdm.conf file, you must run this command from the root directory.
nano /etc/lightdm/lightdm.conf
Once the file is open, find the following 2 lines, uncomment them, and change their values:
before
#autologin-user=
#autologin-user-timeout=0
after
autologin-user=kali
autologin-user-timeout=0
Then, exit and save your work using ctrl + x
Step 6: edit /boot/config.txt
This Raspberry Pi 4, by default, will not startup if nothing is plugged in to the Mini-HDMI port. That is bad for us, because we want to run our pi without a monitor, meaning we need the Mini-HDMI port. No worries though, a one line change in the /boot/config.txt file will fix that for us.
To open this file, navigate to the root directory, and switch to the root user (like in step 4).
Then, run the following command to open /boot/config.txt:
nano /boot/config.txt
find the following line and uncomment it:
before
#hdmi_force_hotplug=1
after
hdmi_force_hotplug=1
Then, exit and save your work using ctrl + x
You can probably tell by now that, “uncommenting” a line just means removing the # so that the line is interpreted as code by the computer, not a comment.
Checking that it worked
So in order to communicate with our Raspberry Pi 4 without a monitor, we must use SSH. If your on mac or a linux distro this requires no setup. If your on windows, follow this recently updated tutorial.
To connect to our Raspberry Pi 4 using SSH, first we need to find out our Pi’s IP address. This can be done by simply going to whatsmyip.com from your Pi. Then, from your normal computer, run the following command, replacing <IP_ADDRESS> with your ip address, and <USER> with the user you want to login as. At this point, the only user on your machine besides root is probably kali, the default user. Do this after booting up your pi (without a monitor) and waiting about 1 minute:
ssh <USER>@<IP_ADDRESS>
ex: ssh kali@144.63.109.52
After this, you should be prompted to enter your password, and then you are in!
If it didn’t work
Well, thats a bummer. After wrestling with the issue a bit leave a comment below and I’ll see if I can help. Comments on this article trigger an email notification on my part so I’ll be sure to see it and respond soon :)