P4wnP1 Install

Hello! Today we are going to set up the Swiss army knife of the pentester.

I’m talking about the P4wnP1 ALOA project from RoganDawes!

Initially, the P4wnP1 project comes from MaMe82.Here I will show you how to install the A.L.O.A (A Little Offensive Appliance) version on your RaspberryPi Zero!

The ALOA version is a bit easier to configure and has a graphical interface via a web server for payload configuration.

P4wnp1 ?

P4wnP1 works as a backdoor that can be accessed remotely via a WI-Fi access point.
Just plug it into your victim’s computer and you’re done.
Like a RubberDucky or a BashBunny, P4wnP1 is recognized as a keyboard by the computer which allows it to execute almost anything you can :)

  • Command execution like a keyboard
  • Execute motion like a mouse
  • Pretend to be a USB key to exfiltrate data
  • etc …

The list is long, you will find many more examples of attacks on the github !

Warning : You have to know that it is not a RubberDucky, the P4wnP1 is slower, if you plug it on a computer with a code execution script like a keyboard, you have to wait for the OS, which is kali linux, to finish loading before you can execute its commands. Or maybe you have planned it and plugged your P4wnP1 on an external battery with the power port ;) Now let’s go to the installation !

Prerequisite

  • An SD card (16GB)
  • A Raspberry Pi Zero W card
  • A USB SD card reader
  • SSH client (Terminal linux or Putty for windows)
  • BalenaEtcher or others to flash the SD card

Flash of the image

You can find the Image file in the releases section on the github.

For this installation, I use the v.0.1.1-beta version.

Install BalenaEtcher, the advantage is that the tool is multi platform (Windows, Linux and MaxOS).
Otherwise, you are free to use the tool you want.

Once the img file is copied on the SD card, we can go to the next step !

Plug the pi !

For the plugging, be careful, you have to use the USB port of the RaspberryPi Zero card in order to transfer data to the connected machine.

USB connection

Be careful with the cable you use, some do not allow data transfer. Unfortunately there is no way to distinguish them.

Wi-Fi

Once your raspberry is plugged in, you should see a fairly explicit wifi access point.

Wi-Fi connection

The password is on the github: MaMe82-P4wnP1.

Interface Web

Once connected, beware you will not have access to the Internet if you use the same Wi-Fi card that you use.

Go to http://172.24.0.1:8000

Web

You have access to a lot of menus, here the one that will interest us is the Wi-Fi Settings menu.
I will show you how the configuration works on P4wnP1 by taking the example of Wi-Fi.

Web

Here you can set some options like :

  • The broadcast channel of our Wi-Fi access point
  • The authentication mode
  • The SSID displayed
  • If the SSID should be hidden
  • Finally, the access point password.

If you change some parameters, you must then deploy your changes with the DEPLOY button

Web

  • DEPLOY : Allows you to deploy changes on your P4wnP1
  • DEPLOY STORED : Allows to deploy a configuration already saved
  • RESET : Apply the default configuration
  • STORE : Allows to store a configuration to use it later
  • LOAD STORED : Allows you to apply a saved configuration in the fields.

SSH

You can connect to your Raspberry via SSH by logging in with the account :

  • root
  • toor

Connexion SSH

This article was updated on 15 August 2023

AlrikRr

Formerly a firefighter in France 🇫🇷 🚒, I decided to pursue my passion for IT and especially offensive cybersecurity. Now a Pentester in Montreal 🇨🇦 for almost 3 years and an active member of HackersWithoutBorders North America, I am gradually specializing in internal and network intrusion testing.

Sharing our passion for this field, whether for awareness or education, is an important mission for me!

Feel free to contact me to discuss cyber or anything else over a beer :D 🍻