Kali Raspberry Pi/Startup Services
From charlesreid1
Contents
Startup Services
There are many useful applications of having programs start automatically when the Pi is plugged in, as opposed to having to be started manually - RaspberryPi/Reverse SSH, for example.
It is also very useful to be able to modify startup services on the Pi by modifying the contents of the SD card, as opposed to having to modify the IP to connect to whatever network you're on, boot the Pi, SSH to it, then modify the startup script, then return the Pi to its original configuration and hope it still works.
This article will show you how to create startup services, and how to turn them on or off as needed.
That way you can have a collection of startup scripts to do things like:
- Search for and log in to known wireless networks
- Search for and utilize open wireless networks
- Attack and utilize foreign wireless networks
- Connect with an stunnel server or a command-and-control node
You can mount the SD card on another computer and modify the rc.d and init.d, and modify the services that start on boot, eventually chaining things together (such as tunneling out of a network and transferring a payload through the tunnel).
Two Techniques
There are two techniques to doing this: the easy way (using Python), and the hard way (creating a built-in system startup service).
The Easy Way
To create a boot service the easy way, you will use Python to handle all timing, logic, and system calls that may be required. This simplifies your startup service to a single system command, python /path/to/my/script.py, which can be run at boot by adding the command to /etc/rc.local.
$ cat /etc/rc.local #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. /usr/bin/python /path/to/my/script.py exit 0
Now, you can create logic for timing and system calls from Python. Using the subprocess library, you can call a system command and wait until it returns a result:
import subprocess
subprocess.call(['/bin/ls','~'])
print("Done!")
You can also fork tasks to the background, useful if you want to run more than one task at a time:
import suprocess
subprocess.Popen(['/usr/bin/python','some_long_complicated_task.py')]
subprocess.Popen(['/usr/bin/python','some_other_long_complicated_task.py')]
time.sleep(60)
print("Are we done yet?")
The Hard Way: /etc/init.d
On the raspberry pi, all startup services are contained in /etc/init.d, which is a folder containing executable scripts that are formatted in a particular way.
To make a new startup service, you can create a copy of an existing script and modify it to suit your needs (I typically start by creating a copy of the SSH daemon startup script, which is called ssh).
The script will look something like this:
/etc/init.d/capture-wifi-data
#! /bin/sh
### BEGIN INIT INFO
# Provides: capture-wifi-data
# Required-Start: $local_fs $remote_fs
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Capture wifi data.
### END INIT INFO
set -e
case "$1" in
start)
cd /root/wifi_data
/usr/bin/python capture_wifi_data.py
;;
stop)
pkill airodump-ng
;;
*)
exit 1
;;
esac
exit 0
This script goes in /etc/init.d, which is that folder full of executable scripts.
To make this script executable, you would run $ chmod +x capture-wireless-data
However, this is not enough! Simply having an executable script in /etc/init.d will not make it run on boot - init.d is just a folder full of scripts.
To add this script to the services that run when the Pi boots up, you can either run a command from the Pi, or modify the SD card.
Adding Startup Service from Pi
If I have created a startup service called capture-wireless-data and I want to make it run on boot, I run the command:
$ update-rc.d capture-wireless-data defaults
from the Pi itself.
Adding Startup Service by Modifying Memory Card
First, load up the SD card and mount it. You will need to mount the filesystem partition of the SD card, which is an ext4 filesystem.
If you are on a Mac, you will need to install MacFUSE to read an ext4 file system. If you are on Linux, you are good to go. (If you are on Windows... may God have mercy on your soul.)
Once you've mounted the Pi's filesystem, you will want to change what starts at different runtime levels. Debian Raspberry Pis start in runtime level 2 by default, so anything you want to start up should go into /etc/rc2.d.
But the way you do this is, you put the actual script file in /etc/init.d, then you create a symbolic link in the runtime folder, e.g., /etc/rc2.d for the Raspberry Pi. It should have a prefix like S02.
root@kali:/etc/rc2.d# /bin/ls -1 K01apache2 README S01bootlogs S01motd S01rsyslog S02cron S02dbus S02rsync S02ssh S02stunnel4 S03lightdm S03network-manager S03saned S04rc.local S04rmnologin
Create a symbolic link in /etc/rc2.d with the command ln -fs /etc/init.d/capture-wifi-data /etc/rc2.d/S02capture-wifi-data
