The Raspberry Pi is a microcomputer; it measures approximately 8.5 cm x 5.5 cm in size, but manages to pack in 2 GB RAM, two USB ports, and an Ethernet port supported by a Broadcom chip using an ARM processor, running at 700 MHz (which can be overclocked to 1 GHz). It doesn't include a hard drive, but uses an SD card for data storage. As shown in the following photograph, the Raspberry Pi is approximately pocked sized; it is easy to hide on a network (behind workstations or servers, placed inside server cabinets, or hidden beneath floor panels in the data center):

To configure a Raspberry Pi as an attack vector, the following items are required:

• A Raspberry Pi Model B, or newer versions
• An HDMI cable
• A micro USB cable and charging block
• An Ethernet cable or mini-wireless adapter
• An SD card, Class 10, at least 8 GB in size

Together, all these supplies are typically available online for a total of less than $70.

1. To configure the Raspberry Pi, download the latest version of the Kali Linux ARM edition from https://www.offensive-security.com/kali-linux-arm-images/ and extract it from the source archive. If you are configuring from a Windows-based desktop, then we would utilize the same Win32 Disk Imager that we utilized in Chapter 1, Goal-based Penetration Testing, to make a bootable Kali USB stick.
2. Using a card reader, connect the SD card to the Windows-based computer and open the Win32 Disk Imager. Select the ARM version of Kali, kali-custom-rpi.img, which was downloaded and extracted previously, and write it to the SD card. Separate instructions for flashing the SD card from Mac or Linux systems are available on the Kali website.
3. Insert the newly flashed SD card into the Raspberry Pi and connect the Ethernet cable or wireless adapter to the Windows workstation, the HDMI cable to a monitor, and the Micro USB power cable to a power supply. Once supplied with power, it will boot directly into Kali Linux. The Raspberry Pi relies on external power, and there is no separate on/off switch; however, Kali can still be shut down from the command line. Once Kali is installed, ensure that it is up to date using the apt-get command.
4. Make sure the SSH host keys are changed as soon as possible, as all Raspberry Pi images have the same keys. Use the following command:

root@kali:~ rm /etc/ssh/ssh_host_*
root@kali:~ dpkg-reconfigure openssh-server
root@kali:~ service ssh restart

At the same time, make sure the default username and password are changed.

5. The next step is to configure the Raspberry Pi to connect back to the attacker's computer (using a static IP address or using a dynDNS) at regular intervals using a cron job. An attacker must then physically access the target's premises and connect the Raspberry Pi to the network. The majority of networks automatically assign devices a DHCP address and have limited controls against this type of attack.
6. Once the Raspberry Pi connects back to the attacker's IP address, the attacker can run reconnaissance and exploit applications against the victim's internal network from a remote location using SSH to issue commands.

If a wireless adapter is connected, such as EW-7811Un, the 150 Mbps wireless 802.11b/g/n Nano USB adapter, the attacker can connect wirelessly or use the Pi to launch wireless attacks.