The idea was to have a mobile "laptop" like setup using Raspberry Pi 5, running Kali Linux, with laptop screen in a toolbox containing my extra gadgets when I am on the road performing mobile security assessments.
This is a device that is placed at the target office location using social engineering. It connects to their internal LAN network via Ethernet. The device includes a GSM SIM HAT board, which sends me an SMS when it is powered on, providing me with the GSM public IP address. This allows me to establish a remote SSH connection to the device. Additionally, the device broadcasts a rogue fake free WiFi access point to steal user credentials from those seeking quick, free wireless access.
Equipment:
- Raspberry pi4
- GSM HAT SIM7600E with SIM card
- USB Battery bank for power source
This module is build using the PwnAgotchi project and perform deauthentication, and handshake interception to obtain wireless password hashes.
Equipment:
- Raspberry Pi Zero W
- WaveShare 2.23 Inch OLED HAT display board
USB Arduino ATtiny85 boards loaded with various scripts and setup to bypass USB blocking protection on windows workstations.
The PowerShell scripts perform various actions similar to the HAK5 rubber ducky actions such as password stealer and downloading staged reverse shell from my "homecloud".
Equipment:
- Digispark ATTiny85 DEV USB boards
This unit is connected to windows workstation and provide direct access through USB bypassing security policy that prevent USB storage devices.
The device broadcast secure wireless AP that I connect to and then via the USB presents a keyboard that allow the execution of scripts remotely to execute payloads and reverse shell payloads downloaded in stages from my "homecloud".
This unit is setup from the P4wnP1 A.L.O.A project source.
Equipment:
- USB Mouse inside modified
- Raspberry Pi Zero W
References:
- Kali - Raspberry Pi Zero W P4wnP1 A.L.O.A
- P4wnP1 A.L.O.A. by MaMe82 is a framework which uses a Rapsberry Pi Zero W
Web application interface to the rogue USB mouse AP:
http://172.16.0.1:8000/
This Rapsberry Pi5 with ALFA AWUS036AXML 802.11axe WiFi USB adapter is used as wireless attack station during wireless penetration testing.
This Pi5 is also used to connect to the other equipement such as my "homecloud" or the Fake USB mouse to issue remote commands.
Equipment:
- Raspberry Pi5 8GB
- Universal LCD Control Board with Cable - 30 Pin EDP
- LCD Laptop screen inside toolbox lid
- ALFA AWUS036AXML 802.11axe WiFi USB adapter
- Pi5 Power supply on custom power lead
The old repurposed LCD screen from laptop I needed a Universal LCD Control Board with Cable for 30 Pin EDP, in my case. Mounting the LCD is in progress, but inspiration from project Open MenuRe-purposed Laptop Screen for Raspberry Pi by lerigsby12.
The homecloud Raspberry pi 4 provide me private cloud controlled and maintained on my dedicated internet connection.
I can remotely control the power to the unit, thus it is only turned on and visible on public internet when I require payloads, reverse shell, fake impersonate web hosting or webhooks. Controlling the power and when it is visible on the public internet keep nosy scanners from my device unnessaryly.
Equipement:
- Raspberry Pi4 4GB
- Sonoff Smart Switch wireless
To Do List for Later...