P4wnP1 Install
Hello! Today we are going to set up the Swiss army knife of the pentester.
I’m talking about the P4wnP1 ALOA project from RoganDawes!
Initially, the P4wnP1 project comes from MaMe82.Here I will show you how to install the A.L.O.A (A Little Offensive Appliance) version on your RaspberryPi Zero!
The ALOA version is a bit easier to configure and has a graphical interface via a web server for payload configuration.
P4wnp1 ?
P4wnP1 works as a backdoor that can be accessed remotely via a WI-Fi access point.
Just plug it into your victim’s computer and you’re done.
Like a RubberDucky or a BashBunny, P4wnP1 is recognized as a keyboard by the computer which allows it to execute almost anything you can :)
- Command execution like a keyboard
- Execute motion like a mouse
- Pretend to be a USB key to exfiltrate data
- etc …
The list is long, you will find many more examples of attacks on the github !
Warning : You have to know that it is not a RubberDucky, the P4wnP1 is slower, if you plug it on a computer with a code execution script like a keyboard, you have to wait for the OS, which is kali linux, to finish loading before you can execute its commands. Or maybe you have planned it and plugged your P4wnP1 on an external battery with the power port ;) Now let’s go to the installation !
Prerequisite
- An SD card (16GB)
- A Raspberry Pi Zero W card
- A USB SD card reader
- SSH client (Terminal linux or Putty for windows)
- BalenaEtcher or others to flash the SD card
Flash of the image
You can find the Image file in the releases section on the github.
For this installation, I use the v.0.1.1-beta version.
Install BalenaEtcher, the advantage is that the tool is multi platform (Windows, Linux and MaxOS).
Otherwise, you are free to use the tool you want.
Once the img file is copied on the SD card, we can go to the next step !
Plug the pi !
For the plugging, be careful, you have to use the USB port of the RaspberryPi Zero card in order to transfer data to the connected machine.
Be careful with the cable you use, some do not allow data transfer. Unfortunately there is no way to distinguish them.
Wi-Fi
Once your raspberry is plugged in, you should see a fairly explicit wifi access point.
The password is on the github: MaMe82-P4wnP1
.
Interface Web
Once connected, beware you will not have access to the Internet if you use the same Wi-Fi card that you use.
Go to http://172.24.0.1:8000
You have access to a lot of menus, here the one that will interest us is the Wi-Fi Settings menu.
I will show you how the configuration works on P4wnP1 by taking the example of Wi-Fi.
Here you can set some options like :
- The broadcast channel of our Wi-Fi access point
- The authentication mode
- The SSID displayed
- If the SSID should be hidden
- Finally, the access point password.
If you change some parameters, you must then deploy your changes with the DEPLOY button
- DEPLOY : Allows you to deploy changes on your P4wnP1
- DEPLOY STORED : Allows to deploy a configuration already saved
- RESET : Apply the default configuration
- STORE : Allows to store a configuration to use it later
- LOAD STORED : Allows you to apply a saved configuration in the fields.
SSH
You can connect to your Raspberry via SSH by logging in with the account :
root
toor