There are a variety of USB-based devices available on the market as we covered in our series of articles USB Pentesting devices & attack tools (part 1) & (part 2).
For this project you will need the following items:
- Raspberry Pi Zero W
- USB Dongle Expansion Kit
- Micro SD card (4 Gb or larger)*
* A SD card adapter may be needed to flash the Micro SD card. These often come bundled together.
The above items can be bought for around $35.
Step 1: Assemble the Raspberry Pi
Mount the Raspberry Pi Zero W onto the USB Dongle Module and attach the Acrylic Board Kit with the screws provided. The Acrylic Board Kit will help protect the motherboard from snagging in your pocket and static electricity when handling it.
To ensure the motherboard of the Raspberry Pi makes proper connections with the USB Dongle, plug the device into a USB-A port on any computer and check that the light next to the port flashes.
If the light does not flash then slacken off the screws holding the motherboard and USB Dongle together and move the boards slightly then re-tighten the screws and test again.
Note: This test cannot be done until the Micro SD card has been flashed with the Kali Linux image (see step 2).
Step 2: Flash the Micro SD card
Now that you have an assembled Raspberry Pi with USB Dongle and protective case, it is time to load the operating system. Follow these directions to download and install Kali Linux with the P4wnP1 A.L.O.A. software pre-loaded:
- Go to this link in a web browser:
https://github.com/RoganDawes/P4wnP1_aloa/releases - Click on the ‘Assets’ section of the latest release and download the compressed image from the first link e.g. kali-linux-v0.1.1-beta-rpi0w-nexmon-p4wnp1-aloa.img.xz (approx 1.1 Gb).
- Extract the image (approx 6.2 Gb decompressed) using your operating system’s built-in Archive Manager. If your operating system does not recognize this file type then try an app such as Easy 7-Zip.
- Place the Micro SD card in the SD Card adapter and plug it into the reader slot on your computer. If your computer does not have an SD Card slot then a USB Card Reader can be purchased such as this one which can access the Micro SD card directly.
- Burn the Kali Linux image to the Micro SD card using the relevant app for your operating system. Visit the ‘Writing the image’ section on https://www.raspberrypi.org/documentation/installation/installing-images/ for suggestions on how to do this or alternatively install a GUI app such as balenaEtcher which supports Windows, macOS and Linux.
Step 3: Configure & test P4wnP1 A.L.O.A.
Now is a good time to test the connections of the Raspberry Pi per the end of Step 1.
Next it is time to configure the software that turns this small computer into a portable Pentesting device and run a sample Penetration Test against a Windows 10 target:
- Once it has booted up connect to the following WiFi network:
- SSID = P4WNP1
- PSK =
MaMe82-P4wnP1
- The P4wnP1 A.L.O.A. web interface can be accessed using a browser:
- URL = http://172.24.0.1:8000
- Update the basic settings as follows to enable a covert attack over a WiFi connection:
- USB SETTINGS -> LOAD STORED -> wifi_covert_channel
- DEPLOY the updated settings.
- HIDSCRIPT -> LOAD & REPLACE -> wifi_covert_channel.js
- Change “hide=false;” to “hide=true;” via the HIDScript Editor to make the script fully covert.
- RUN the script.
- Now a connection to the target machine can be established via a command line terminal window and login to the device using:
- command = ssh root@172.24.0.1
- pwd = toor
- Run the following script via the SSH connection:
- cd P4wnP1/dist/scripts/
- ./wifi_covert_channel.sh
- Return to the web interface and RUN the script.
- In another terminal window connect to a new session via SSH using the same credential as specified in step #4 above and run the following command to open a ‘MaMe82 WiFi covert channel’:
- screen -d -r wifi_c2
- What ‘should’ happen next is the previous command would have a session# that could be invoked using the ‘interact’ command and result in opening a PowerShell onto the Windows target machine. Unfortunately this does not happen due to an error encountered by a number of people including myself.
For more information on the problem encountered please see this link and the screenshot below:
https://github.com/RoganDawes/P4wnP1_aloa/issues/152
Summary
Whilst this is clearly a very powerful device and is able to run many different types of scripts, support does appear to have ended in February 2020. If the above problem gets resolved then I will update this article. Hopefully the original developer will pick up this project once again or a fork will begin and continue the good work.
If you have had any success with the above project, or have a solution to the problem encountered at the end of this article, then please comment below.