-40%

P4wnP1 Linux micro SD RPi Zero 0 W pen test HID attack script

$ 7.91

Availability: 76 in stock

Description

Formatted and Installed on an 16 GB micro SD card with included SD card adapter. Ready to plug and play no setup required. This is an SD Card only.
This is the optimized version for the newer Raspberry Pi Zero Wireless
Look no further this is the ultimate setup for Hacking and Penetration Testing
What is P4wnP1?
P4wnP1 is an open source, highly customizable USB attack platform, based on a low cost Raspberry Pi Zero or Raspberry Pi Zero W. P4wnP1 combines support for Human Interface Device (HID) attacks and network attacks. When it comes to HID attacks, P4wnP1 can be installed as a plug-and-play keyboard. When network attacks come into the picture, Windows targets act as a Remote Network Driver Interface Specification (RNDIS) interface and for *NIX based targets, it acts as a USB Communications Device Class (CDC) – Ethernet Control Model (ECM) Subclass interface.
P4wnP1 features:
HID covert channel Frontdoor/Backdoor: Get remote shell access to Microsoft Windows targets via HID devices
Windows 10 Unlocker: Unlock Microsoft Windows boxes with weak passwords (fully automated)
Stealing Browser Credentials: Dumps stored browser credentials and copy’s them to the built-in flash drive
WiFi Hotspot: SSH access (Pi Zero W only), supports hidden ESSID.
Client Mode: Relays USB net attacks over WiFi with internet access (MitM)
USB device: Works with Windows Plug and Play support. Supports the following device types:
HID covert channel communication device: Frontdoor/Backdoor
HID Keyboard/Mouse
USB Mass storage: Currently only in demo setup with 128 Megabyte drive
RNDIS: Microsoft Windows networking
CDC ECM: MacOS / Linux networking
Bash based payload scripts. A lot of examples payloads included.
Responder: Pre-compiled and ready to go!
John the Ripper Jumbo: Pre-compiled version ready to go!
AutoSSH integration: For easy reverse ssh tunnels.
Auto attack: P4wnP1 automatically boots to standard shell if an OTG adapter is attached
LED state feedback with a simple bash command (led_blink)
Advanced HID features:
Keyboard payloads could be triggered by targets main keyboard LEDs (NUMLOCK, CAPSLOCK and SCROLLLOCK)
Dynamic payload branching based on LED triggers
Supports raw ASCII Output via HID Keyboard (could be used to print out character based files via keyboard, like cat /var/log syslog | outhid)
Multi Keyboard language layout support (no need to worry about target language when using HID commands)
Output starts when target keyboard driver is loaded (no need for manual delays, onKeyboardUp callback could be used in payloads)
Supports MouseScript
Advanced network features:
Fake RNDIS network interface speed up to 20GB/s to get the lowest metric and win every fight for the dominating ‘default gateway’ entry in routing tables, while carrying out network attacks.
Automatic link detection and interface switching, if a payload enables both RNDIS and ECM network
SSH server is running by default, so P4wnP1 could be connected on 172.16.0.1 (as long as the payload enables RNDIS, CDC ECM or both) or on 172.24.0.1 via WiFi
if both, WiFi client mode and WiFi Access Point mode, are enable – P4wnP1 fails over to open an Access Point in case the target WiFi isn’t reachable (Pi Zero W only)
Advanced payload features:
bash payloads based on callbacks (see template.txt payload for details)
onNetworkUp (when target host gets network link active)
onTargetGotIP (if the target received an IP, the IP could be accessed from the payload script)
onKeyboardUp (when keyboard driver installation on target has finished and keyboard is usable)
onLogin (when a user logs in to P4wnP1 via SSH)
configuration can be done globally (setup.cfg) or overwritten per payload (if the same parameter is defined in the payload script)
settings include:
USB config (Vendor ID, Product ID, device types to enable …)
WiFi config (SSID, password …)
HID keyboard config (target keyboard language etc.)
Network and DHCP config
Payload Selection
You can use P4wnP1 to install payloads and gain access to airgapped systems, launch man-in-the-middle attacks and exfiltrate information. Infact, using this tool, the author also found a vulnerability in Oracle Java installations! You now must be wondering why is there a need for P4wnP1?
These are the reasons I found most appealing:
You also have the ability to run native keyboard payloads when an event such as a key press is triggered.
When installed on a Raspberry Pi Zero W, keyboard attacks can also be fired via WiFi by spawning an access point.
Output raw ASCII with pipes to the virtual keyboard.
Multi-language support via a global payload variable!
Give this project a shot!