Pwnagotchi on a Pi 4 using any Display

I love Pwnagotchis, I mean, who doesn’t, have you seen these things?? My problem, is that I could not get great reception using the Pi0W built in WiFi. Also, I did not have a compatible E-Ink display for it. My first goal was to see if I could get Pwnagotchi running on a Pi 4 with an Alfa AWUS036NHA Long Range WiFi adapter. My second was to get it to display on an unsupported touchscreen or a full-size monitor.

TLDR version – You can!

But first – a Disclaimer:

These are just some personal notes of mine on getting the wickedly cool “Pwnagotchi” to work on a Pi 4 with a long range WiFi adapter. Also, how to access the Web User Interface so you don’t need an “E-Ink” display. This is mostly my work notes that I am sharing – It is a “try at your own risk” project. Due to configuration and network differences, it may or may not work for you and could leave your Pi software in an unstable state.

That being said, I will not be offering any technical support on it. These are just steps that worked for me, that I found through much trial and error. Lastly, never try to gain access to a network that you do not have permission to access – doing so is illegal and you could go to jail.

Pwnagotchis are the ridiculously cute (and intelligent) Pi0w based WiFi attack tool made by the author of Bettercap. I recently wrote a magazine article for Hakin9 on using the Bettercap Web UI and Pwnagotchis. The Web UI is an HTML interface to Bettercap, it allows you to control it through a browser.

Raspberry Pi 4s’ are the latest and greatest flag ship of the Raspberry Pi family. They have increased power and speed. They also come with different memory options; I love the 4GB model! The only catch is they draw more power than the model 3, and changed the power plug type, so you will most likely need a new power supply, or a very strong battery.

Again, this is just some notes that helped me get this working, use at your own risk. Enough intro, let’s get to this! First up, running Pwnagotchi on a Pi4.

Installing Pwnagotchi on a Pi4

Tool website: https://pwnagotchi.ai/
Tool Github: https://github.com/evilsocket/pwnagotchi
Tool Authors: Evilsocket and the Pwnagotchi team

The Pwnagothi wiki covers everything you need to know about installing, configuring and using the tool in a normal atmosphere. You should read the entire Wiki.

  1. Download and install the Pwnagotchi Raspberry Pi lite image: https://github.com/evilsocket/pwnagotchi/releases
  2. Write the image to an SD card.
  3. Insert the SD card into your Pi4, attach peripheral devices and lastly power.
  4. Connect a LAN cable – when the ethernet cable is plugged in, it starts the Pwnagotchi in manual mode, and you can SSH into the Pi if you want to.

With the current version of Pwnagotchi (1.4.1) it seems to boot up fine on a Pi4, but doesn’t run. It doesn’t seem to like the default waveshare display type -if you don’t have one, that is – changing this to “inkyphat” seems to do the trick.

  • Change the default e-ink device in config.yaml:
  • sudo nano /etc/pwnagotchi/config.yml
  • add the following:

ui:
display:
     type: ‘inkyphat’
     color: ‘black’

Next, I wanted to use an external USB WiFi adapter instead of the built in one. Instead of modifying a bunch of config files in Pwnagotchi, the simplest way seemed to be to just turn off the onboard wireless, so the USB WiFi becomes “wlan0”

6. In /boot/config.txt, add the following line to turn off the onboard WiFi:

dtoverlay=disable-wifi

7. Reboot

In a web browser, navigate to the IP address of your device and port 8080 to view the Web UI.

So, in my case, it would be 172.24.1.157:8080

The webpage should show the iconic Pwnagotchi face with control options. You now have a Pi4 Pwnagotchi that uses the Web UI!

Full Screen Display on any Screen

That is all well and good, but how can you run Pwnagotchi on a display that isn’t directly supported? I spent several days trying to get my Raspberry Pi 7” touchscreen to work with Pwnagotchi and did find a way to make it work. It’s more of a trick than anything, it is just running the Web UI in a full screen browser!

Again, proceed at your own risk, and I am not offering any technical support on how to do this – it took a lot of futzing to get this to work on mine, and it may not work on yours, or it may leave your Pi in an unstable software state. But I found if you install the Pwnagotchi Raspbian Lite image on a Pi 4, get it working with the modifications mentioned above, all you need to do next is install the Raspbian Graphical User interface and Chromium, and you can view Pwnagotchi locally on any display!

Quick instructions:

You won’t be able to get out to the internet, because Pwnagotchi changes the default Route, so we need to delete the default route, then add a new route to your gateway/ router. You can then pull down the files needed with “apt install”.

  • sudo ip route del default
  • sudo route add default gw 172.24.1.1 eth0 (Use your gateway address!)
  • sudo apt install raspberrypi-ui-mods
  • sudo apt install chromium-browser
  • reboot – the default route should restore on bootup

The first two commands deal with the routing. The third command installs a cut down version of the Raspbian graphical desktop. Next, the chromium web browser is installed.

Once it reboots, start Chromium, navigate to the Pwnagotchi web interface and press “F11” for full screen. That’s it! If all went well, you should have a large Pwnagotchi on the screen!

Now remember, it is a web interface, so, if you want you can also surf to it from your desktop or mobile systems connected to the same LAN.

This was just a quick overview of running Pwnagotchi on a Raspberry Pi 4. Do you want to unlock the real power of Pi for Ethical Hacking? Check out my latest book, “Security Testing with Raspberry Pi” – available on Amazon.com!

Pi 4 Hacking Platform using DietPi and PTF

Building a Raspberry Pi 4 Ethical Hacking platform using The Pentesters Framework and DietPi.

I’ve been playing with using different hacking tools and Operating Systems with the Pi 4. In this article I cover installing The Pentesters Framework on a RPi 4 running DietPi.

DietPi is a very lightweight Debian OS for the Raspberry Pi. The Pentesters Framework by TrustedSec is an Ethical Hacking installation script that automatically installs and updates over 250 modules/ tools. It would be great if they would work together on a Raspberry Pi 4. The good news is that is does – With a couple tweaks.

I cover installing and using The Pentesters Framework on Raspberry Pi in my latest book. So, I am not going to go into great detail on using the tools in PTF. I just want to cover actually installing it on DietPi.

Installing

NOTE: You will need a Raspberry Pi 4, and at the minimum a 32 GB MicroSD card if you want to install all of the PTF tools. Don’t have a Pi 4? Seeed is currently offering free shipping for orders over $119 with a Raspberry Pi 4 4GB.

Insert the MicroSD card into your Pi, attach peripherals and lastly connect power (always connect power last). When DietPi boots up you will be presented with some options.

  • Pick any software install options you want, then “Go install software”
  • Requested software and updates will be installed
  • Reboot when finished

I just run through it quickly the first time to get the latest OS updates. Note the CPU temp warning, it’s a Pi 4, it runs hotter than a Pi 3.

To install an “X” Desktop or any other included software, type, “dietpi-software”.

There are a ton of add-on software options under “Software Optimised”. For example, if you want a graphical desktop, pick the X-Desktop you want and then the “Go install software” option. You can also setup your login preferences from this menu – auto login, desktop login, etc.

All we really need here is to install Python. Then we need to make a small config file tweak and finally install PTF.

Installing Python

From the DietPi-Software menu, go to “Software Additional” and install Python:

  • Cursor down to Python Pip, hit the space bar to select it.
  • Select “OK

You will return to the main menu.,

  • Cursor down and select “Go >> Start Installation
  • Reboot when finished

We need to install git:

  • Open a terminal and enter, “apt install git

Next we need to comment out a line in the ‘/etc/hosts’ file or the PTF install will error out.

  • Comment out the “::1 localhost  IPv6 localhost” line
  • Reboot

That’s it! We can now proceed with the standard PTF install:

You will then see the main PTF interface:

Type “show modules” to see all available modules. You can install individual ones if you wish. If you have a large memory card (32 Gb), you can install all of them.

  • To install all tools, enter “use modules/install_update_all
  • Reboot when finished

The install will take a very long time, especially if you install all of the modules. After install, all tools will be located in category themed directories under the ‘/pentest’ directory, as seen below:

Many of the tools can be run from anywhere, but some tools require you to change into its install directory for it to work properly. This is usually ‘/pentest’, but some run from ‘/usr/share’ as well. Check it out, there are a ton of very good tools at your disposal, like “Sniper”:

And there you have it. Again, I go into much deeper detail in my book about using PTF on a Pi, I just wanted to show how it could be installed on DietPi. If you want to learn a lot more about using Raspberry Pi for Ethical hacking check out my latest book – Security Testing with Raspberry Pi

Installing Kali Linux on Raspberry Pi – Partial Book Chapter

This is a partial sample chapter from my latest “Security Testing with Raspberry Pi” book – The full chapter (chapter 4) is over 20 pages long and includes how to use several of the installed Kali Linux tools.

In this chapter we will cover installing Kali Linux on a Raspberry Pi 3b+. We will also see how to run several Kali tools on this platform. As I assume the reader has used Kali Linux before, the goal is to show how to get up and running quickly on a Raspberry Pi, not necessarily to show how to run each individual tool. Most of the tools work just like they would in a full PC install of Kali. Though some of the tools, like Hashcat, apparently don’t have ARM compatible binaries and are not included in the Kali Pi version.

Surf to the Offensive Security Website:

https://www.offensive-security.com/kali-linux-arm-images/

Navigate to the Kali ARM images and then select the Raspberry Pi branch. Download the version of Raspberry Pi for the Pi that you have. I used a Pi3b+ for this chapter, so I downloaded the Kali Linux Raspberry Pi 3 64-bit image. If you have a Pi 4, you must download the Pi 4 version of Kali.

Once the image is downloaded, all you need to do is write it you your SD Ram card.

Etcher works great:

Insert your memory card into the Pi, attach keyboard, mouse, network line, and video cable. Lastly, plug in the power cord. The Pi will boot up and give you a graphical login screen.

  • Login with User: root, Password: toor

At the “Welcome to the first start of the panel” message, click on “Use default config”. You will then be presented with the Kali Desktop. Take a second and familiarize yourself with it. You will notice it is slightly different looking than the regular Kali Desktop, as it is using a different desktop environment. Xfce is used as the default Pi interface as it is a lightweight and fast desktop. But it is the same Kali underneath that you know and love.

Click the “Applications” button to see the tools menu. They are pretty sparse at the moment; we will fix that soon. There are a couple house keeping things we need to do first.

Setting up SSH

The first thing we will want to do is regenerate the SSH security keys.

  • Open a Terminal
  • cd /etc/ssh/
  • mkdir default_keys
  • mv ssh_host_* default_keys/
  • dpkg-reconfigure openssh-server

In a couple seconds we should have new SSH security keys.

In the current version of Kali for the Pi, root login is permitted by default. This is fine for our lab, but this is something you would want to change in “/etc/ssh/sshd_config” if you were going to use this for regular purposes. You will also want to change the root password using the “passwd” command.

The SSH server is already started by default in the Kali Pi install, so all we need is the IP address of Kali. If you are an old time Linux user like me you will probably still use Ifconfig, the old “deprecated” commands are easier to use and look nicer in my opinion, (have to love change, lol) though you are supposed to use the “ip” command now.

  • Enter, “ip a” to see all the network addresses or “ip -4 a” to only see the ip 4 address.

Now you can just SSH or use Putty like we did in the previous chapter to connect remotely to the Kali system.

Metapackages

The Kali-Pi image comes pre-installed with some tools already installed. They were called the “top 10” in an earlier release of Kali and include Metasploit, nmap, Recon-NG, etc.  The rest of the Kali tools can be downloaded via Kali “Metapackages”. Metapackages are security tool packages grouped by function. If you have a 16 GB or greater SDRam card, and a lot of patience, you can install the full Kali Linux install. If you didn’t need all of these tools, you could install just the Wireless tools (kali-linux-wireless) or the Web Application Assessment tools (kali-linux-web), depending on your needs.

All the available Metapackages are listed on the Kali Metapackages website:

Installation is simple, in a terminal just enter, “apt install” along with the metapackage that you want. You basically have 2 options; you can install the full package or individual tool packages. The only drawback to option 2 is that some of the necessary “helper” tools may not be installed and you may need to install them manually.

Option 1

If you want the full Kali install:

  • apt install kali-linux-full

This includes all the tools from a normal Kali Linux install. This will take a very long time to install, so be patient.

Option 2

If you want to install a specific category of tools:

Depending on what you want to do with your Kali install, a good choice is the Wireless tools. The wireless package includes numerous tools including ones for Wi-Fi, Bluetooth & SDR. You can see what packages are included by using the following command:

  • apt-cache show kali-linux-wireless |grep Depends

If these are the tools that you want, then proceed with the install:

  • apt install kali-linux-wireless

Whichever option you pick, the new tools will show up in the Kali menu after the install:

Either install option seems to take hours, be patient, and reboot when it is finished.

The downloaded tools are the SAME tools that you would receive on the regular Kali install. These aren’t watered down versions or anything like that. I have run into a couple tools that didn’t work, or seemed to be missing, but it is a rare occurrence. If it works in the regular Kali install, chances are you can do the same thing, the same way, in the Raspberry Pi version. So, after that long install, let’s play!


If you liked this sample and want to learn a lot more about using the Raspberry Pi for Ethical Hacking, check out my new book, “Security Testing with Raspberry Pi“!

New Book: “Security Testing with Raspberry Pi”

My latest book, “Security Testing with Raspberry Pi” is out. The newest in my “Security Testing” series is all about the versatile Raspberry Pi! †

The credit card sized Raspberry Pi has been a hit with makers for years, it is amazing how many different ways you can use these devices. What many don’t know is that they are also a great tool for use in the security field.

The RPi can run many of the popular Ethical Hacking tools and operating systems. The small size and portability of the Pi makes it a perfect tool for Red Teams and Pentesters.

For example, the RPi makes for great pentesting “Drop Boxes”, small scanning remote access tools left behind on a client’s website during a test. But that is just one use, thanks to P4wnP1, the Pi can also be used as a very powerful and live customizable HiD attack tool. They can even be used as surveillance cameras.

In my book, I cover how to install and use many of the top security tools on the Raspberry Pi.

How to install Kali Linux on a RPi, installing security tools on Raspbian, how to use Warberry Pi – a drop box like system, even how to setup your Pi to act like a security camera, and much, much more!

Like my previous books, the first thing covered is setting up a test lab with vulnerable targets. You will see how to use the RPi to scan test systems for vulnerabilities. I also cover how to use the RPi as an actual test target so you hone your ethical hacking skills without breaking the bank.

This book basically takes off where “Basic Security Testing with Kali Linux” ends and shows you how to use a Pi as a functional security tool. Though not a beginner, “How to use a Pi” book, I use step-by-step tutorials for those new to ethical hacking and the Raspberry Pi.

What about the Raspberry Pi 4? The book now includes notes for those who want to use the brand new Pi 4. As the Pi 4 was just released, many of the operating systems and tools are not 100% functional yet with the Pi 4. But you can install Kali Linux on the Pi 4, and use many of the popular security tools in Raspbian. Functionality will increase as time goes on and as tools are updated to work with the Pi 4.

If you are interested in the Raspberry Pi and want to see how to use it in the security realm, check out, “Security Testing with Raspberry Pi“!