Kali Raspberry Pi/Headless
This is a guide to connecting to a headless installation of Kali Linux on a Raspberry Pi. General info about running Kali on the Pi here: Kali Raspberry Pi
More info about all-things Kali Linux: Kali
- 1 A Note on Headless
- 2 Connecting to Kali Pi
A Note on Headless
Why did I write this article? Two reasons:
|Reason Number One||Reason Number Two|
I simply didn't have the luxury (or the hardware and adapters) to get this thing working. I had to get this headless Kali Linux Raspberry Pi working, without a screen, without a keyboard: literally, a black box.
The perfect puzzle.
Connecting to Kali Pi
Once you've got Kali on the Raspberry Pi, now what? Well, it's pretty easy: once you boot up the Raspberry Pi, it will have a static IP address. The one we picked will let us SSH into the Pi if we have a network cable plugged into our laptop.
That's right: one end of the network cable into the laptop, the other end into the Pi:
Download Correct Image Version
Check to make sure your Kali Pi image matches your Raspberry Pi version. Version B+ has two USB ports, and Version 2 has four USB ports. You can download your Raspberry Pi Kali image from the Offensive Security webpage: https://www.offensive-security.com/kali-linux-arm-images/
There are 3 Raspberry Pi images listed on that page. I downloaded the "Raspberry Pi" image kali-2.0.1-rpi.img and this worked on the Raspberry Pi B (older design, 2 USB ports). If you have a B+ (newer design, 4 USB ports), get the "Raspberry Pi 2" image.
Once you've downloaded the image. it will be named something like kali-2.0.1-rpi.img.xz. The xz extension means it is a compressed file, so decompress it with `tar xf kali-2.0.1-rpi.img.xf`.
You can use the resulting image file to flash the SD card that your Raspberry Pi will use.
Setting a Static IP
You'll want to set a static IP address for the Raspbery Pi before you boot. Assuming we're connecting the Pi directly to the laptop with a crossover cable, we'll use an IP address in the range
169.254.X.Y. The IP prefix 169.254, like the IP prefixes 192.168 or 10.X, is a special IP address for special networks. In this case, 169.254 is the "link-local address" - an IP address range for devices connected directly to the computer with a crossover cable. (Original source of this IP address was here, but a search for 169.254 will point you toward the "link-local address" Wikipedia page here).
My favorite IP address in this space happens to be
You will add
ip=169.254.113.200 to the end of the boot line, which is on the SD card's boot partition in
cmdline.txt. When you're done, it should look something like this:
dwc_otg.lpm_enable=0 console=ttyAMA0,115200 kgdboc=ttyAMA0,115200 console=tty1 elevator=deadline root=/dev/mmcblk0p2 rootfstype=ext4 rootwait ip=169.254.113.200
For more details on this procedure, see RaspberryPi/Headless
For more details on how the SD card works, see Kali Raspberry Pi/Installing#How the Kali Linux Startup SD Card Works
I detailed a problem connecting to the Pi via SSH, which took me a long time to resolve. The issue was that I was powering the Pi through a mini USB hooked up to a computer, which was not providing the Pi with enough power to run the ethernet port 100% of the time (or most of the time). Plugging it into the wall socket resolved the issue with SSH connectivity.
The details are here: Kali Raspberry Pi/Headless SSH Problem
In the process, I discovered a few things.
By The Way: Modifying Headless Raspberry Pi Boot Sequence
Part of my struggles in debugging the issue above led me to the
init.d on the SD card, and modifying the services that start on boot on the headless Raspberry Pi.
Here's how to add and modify startup services and configurations on the Pi:
First load up the SD card and mount it (as described at Kali_Raspberry_Pi/Installing#How_the_Kali_Linux_Startup_SD_Card_Works).
Now you can modify files in the Linux partition, to change what starts up at different runtime levels. Debian Raspberry Pis start in runtime level 2, so anything you want to start up should go in
Actually, what you should do is, put a service script in
etc/init.d/myservice, make it executable, then create a symbolic link in
More details here: http://raspberrywebserver.com/serveradmin/run-a-script-on-start-up.html
By The Way: Modifying Configuration Files on the Raspberry Pi
Note that the above handy trick, editing the Linux partition on the SD card, can also be used to modify configuration files for programs. Want SSH to listen on port 8080? You can edit the
etc/ssh/ssh_config file to change the SSH configuration. Want to edit the crontab file? Go for it.
YOU CAN DO... ANYTHING... YOU... WANT!!!
Debugging Headless Raspberry Pi Problems with Logs
I had to waste a lot of time and bang my head in figuring out this SSH problem. But in the process I discovered that (duh!) the headless Raspberry Pi logs everything that's happening. You can modify the startup services or configuration files of the Raspberry Pi, set various logging levels for various programs, boot the headless Raspberry Pi, try and do whatever you're trying to do, and if it doesn't work, you can mount the SD card on your laptop and inspect the log files.
NOTE: This requires you to be able to mount the Raspberry Pi's ext4 filesystem in Mac.
$ cd /Volumes/NO\ NAME/ $ tail var/log/syslog Jan 1 01:03:07 kali dhclient: No DHCPOFFERS received. Jan 1 01:03:07 kali dhclient: No working leases in persistent database - sleeping. Jan 1 01:06:58 kali dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8 Jan 1 01:07:06 kali dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 14 Jan 1 01:07:20 kali dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 20 Jan 1 01:07:40 kali dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10 Jan 1 01:07:50 kali dhclient: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 9
Good To Go
With these and the many other hints, tricks, and tips available online, I'm sure you'll be able to find your way
$HOME on the headless Kali Linux Raspberry Pi.
Kali Linux"The quieter you become, the more you are able to hear."
Penetration testing Linux distribution.
1 Physical Attacks: Kali/Layer 1 Attacks
2 Data/MAC Attacks: Kali/Layer 2 Attacks
3 Network Attacks: Kali/Layer 3 Attacks
4 Transport Attacks: Kali/Layer 4 Attacks
5 Session Attacks: Kali/Layer 5 Attacks
6 Presentation Attacks: Kali/Layer 6 Attacks
7 Application Attacks: Kali/Layer 7 Attacks
Red Team Blue Team
Kali on Raspberry Pi:
Flags · Template:KaliFlag · e
Raspberry Pia tiny tool for performing extraordinary acts beyond good and evil - with an ARM processor.
Basic Pi Information and Operations:
Organization/Layout of SD Card: Kali Raspberry Pi/SD Card ·
Disable IPV6 on the Raspberry Pi: Disable_IPv6_Pi
Kali Linux on Raspberry Pi:
Debian Raspberry Pi:
Raspberry Pi Circuits:
Raspberry Pi Timelapse Photos:
Flags · Template:PiFlag · e