" Metasploit & Postgres on Kali Raspberry PI | TGHC

Metasploit & Postgres on Kali Raspberry PI



I work as a Penetration tester (giggerdy) and I think these little devices are fantastic for what we do, consider you have to send your client a system that is positioned on their network for you to perform your testing, send them a RPi ? or your engagement permits you to place one of these devices on site .. there are lots of reasons why this is cool.

What you need (or what I’m using)

  • Raspberry Pi B Model
  • 32gig SD Card
  • Keyboard & Mouse (I’m using an apple USB  keyboard it comes with 2 x USB 1.0 ports so it’s  a hub too
  • USB Power cable / power source


I’m using windows at the moment (my apple display is hooked up to the RPi, so because I’m not too precious about what OS I use,  We are prepping with windows.)


First Boot

Once you have imaged your image on to the SDCard and booted your Raspberry PI you will be greeted with a Kali Login prompt, for those Backtrack users and experienced testers you’ll know how to log in here – the Default password is ‘toor’ and the username is always root – log in and issue this command ‘passwd’ hit return and enter a new password – don’t forget it.

Change your Password from 'toor' to something complex and unforgettable ?

Change your Password from ‘toor’ to something complex and unforgettable ?


Sweet, There will be less chance of something very embarrassing. Next we need to expand the pesky filesystem out – if you issue the command ‘df -k’ you will see that there is some dead space we need to distribute.  Let’s get rpi-wiggle on the box – using this command ‘curl https://raw.github.com/dweeber/rpiwiggle/master/rpi-wiggle –insecure > rpi-wiggle’ this downloadsrpi-wiggle to the current directory and ignores ssl issues. Once we have it we need to make it executable so now issue this command ‘chmod +x rpi-wiggle

Magic's the rootfs

Magic’s the rootfs


You can see from the ‘ls –al’ command that we have executable rights on the rpi-wiggle file (and yes we need to sort the time/date out). Let’s run it ! issue this command ‘./rpi-wiggle’when it’s complete it will ask you to reboot.

Reboot!  you’ll  want to reconnect your SSH session (with your updated password)*.

Once you have reconnected, reissue the ‘df –k’ command and note the filesystem changes, you should have no worries now if you have a SDCard 8Gig or higher.

Configuration //updated

Issue the following commands to make sure we are using the latest list of current packages and then checking we are actually using those packages.

apt-get update && apt-get upgrade
apt-get install ruby1.9.1 ruby1.9.1-dev rubygems1.9.1 irb1.9.1 ri1.9.1 rdoc1.9.1 build-essential libopenssl-ruby1.9.1 libssl-dev zlib1g-dev libpq-dev fake-hwclock


cd /usr/share/metasploit-framework/


check the year on your RPi if it says it’s in the 70′s msfconsole is gonna have a bad time, use the ‘date‘ command for the time and date.

issue this command “date –set=”2013-07-06 22:22:22″

then date again to see if the time is more current … like that time ^

once the time is set fake-hwclock should take note of the time and add to it every now and then (RPi doesn’t ‘do’ the time and that has an impact on softwares.

once you have the right time and all the dependencies installed you want to get postgres and metasploit talking!

Metasploit & Postgres

If your having trouble with the service postgresql start you can ‘cd /etc/init.d/./postgresql start‘ to add it to load on boot you can use this command too ‘update-rc.d postgresql enable

Next create a user and database for metasploit  issue this command  ‘createuser msf -P‘ and give it a password (dont forget) answer No to the questions asked until it’s finnished Next we create a database for the user to use issue the following ‘createdb -O msf msf’ then type exit to return to your root user, cool we have a database and a user – (thanks to Carlos Perez – I totally pinched that part from his great install guides for Ubuntu,osx and Centos/RH – Darkoperator.com)

Because metasploit isn’t installed in the same places as the x86 versions or the non-RPi versions ? we have to do a few adjustments to get metasploit and postgres to play nice, but it’s nothing you wouldn’t have seen before, just some slightly old school tricks, issue the following command ‘echo “db_connect msf:PostgresPassword@” > ~/.msf4/db.rc’ then when you load metasploit you will need to load it like this ‘msfconsole –r ~/.msf4/db.rc’ and if that’s too much to remember you can always create an alias like this ‘alias msfdb=’msfconsole -r ~/.msf4/db.rc’ then all you have to do is launch ‘msfdb’ from the console. when you do execute either of those you will see the first time it runs it will do a bunch of database stuff and you can always check your db_status from msfconsole.

Now, Loading msfconsole takes just over eight minutes, go grab a cuppa, remember how cool ‘screen‘ is? yeah throw the ‘top‘ command into a screen session too, with the RPi your always thinking … ‘is this loading’ and at least with top running you can have a look

I didn’t have any luck with armitage – for me it took to long to load the msfrpcd and when i manually initialised the msfrpcd it didn’t see it (using msgpack and SSL) – if anyone works this out i’ll update this post.

Pretty cool little box, low powered, slower than something that’s 70 x the cost? sure, small enough to go undetected? yes, and also a nice customer friendly pen-testing appliance ? – for sure.

ps: to install firefox it’s called iceweasel now ? wtf. so – ‘apt-get install iceweasel‘ and away you go.