Objective of this project is to create a simple device that is connect to internal network to be assessed, and have a Wireless access point established to bridge from outside to the inside network. This device provide a means to overcome network segmentation and spoof a valid internal MAC address in attempt to by network access control (NAC).
The Raspberry PI ethernet network is physically connected to the target internal network, and the wireless adapter is setup as WiFi access point.
My other physical penetration tools, including another more expensive drop-box
High level setup steps:
- Install Kali Linux on Raspberry Pi4
- Preparing networking, NTP timezone, & changing default password of kali user.
- Install extra Penetration Testing Tools, Services, GPIO Libraries, daemons, etc.
- Setup Wireless access point on Kali OS.
- Change Ethernet MAC address to bypass Network Access Control (NAC).
- Wiring power direct to GPIO connectors, and wire the seven segment LED display to GPIO pin outs.
- Run a python script at startup as service (Create authentic look of physical device disguise with 7 segement LED display)
- SSH Connect via WiFi IP.
Download the 7z from Offsec Kali Linux for Raspberry Pi. Use
balenaEtcheras Local administrator on Windows 10 workstation to burn image to 32GB SD memory card.
Chane the ethernet
eth0to automatically get DHCP IP address. Edit/etc/network/interfaces
auto eth0
iface eth0 inet dhcp
auto wlan0
iface wlan0 inet static
address 192.168.4.1
netmask 255.255.255.0
auto lo
iface lo inet loopback
Change Kali user password
sudo passwd kali
Set the timezone where the pentest drop-box is GEO located:
sudo timedatectl set-timezone Africa/Johannesburg
Install extra Penetration Testing Tools, Services, wordlist, daemons:
sudo apt update && sudo apt upgrade -y
sudo apt install hostapd dnsmasq
gobuster
feroxbuster
bloodhound
rlwrap
searchsploit --update
xsltproc
jq
apt -y install seclists
Install raspberry pi GPIO libraries:
sudo apt install python3-rpi.gpio
To set up your Raspberry Pi 4 (running Kali Linux) as a wireless access point and use SSH (via PuTTY) to connect from your laptop, follow these steps:
Running Kali Linux on Raspberry Pi 4, the system does not use
dhcpcd.confand
you've successfully configured theeth0interface using the/etc/network/interfacesfile, I'll update the wireless access point (AP) setup to align with this configuration.
Install the necessary packages:
sudo apt update
sudo apt install hostapd dnsmasqEnable the
hostapdservice:
sudo systemctl unmask hostapd
sudo systemctl enable hostapdSince you're using
/etc/network/interfaces, you'll configure the static IP for the wireless interfacewlan0directly in that file.
- Open the
/etc/network/interfacesfile:
sudo nano /etc/network/interfaces- Add the following configuration for
wlan0to assign a static IP:
auto wlan0
iface wlan0 inet static
address 192.168.4.1
netmask 255.255.255.0This ensures
wlan0uses a static IP (192.168.4.1) for your wireless access point.
- Save and close the file.
- Backup the default configuration file:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig- Create a new configuration file:
sudo nano /etc/dnsmasq.conf- Add the following lines to serve IP addresses for devices connecting to the access point:
interface=wlan0
dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24hThis configures
dnsmasqto serve DHCP addresses from 192.168.4.2 to 192.168.4.20 for clients connecting towlan0.
- Save and close the file.
- Create a
hostapdconfiguration file:
sudo nano /etc/hostapd/hostapd.conf-
Add the following content:
interface=wlan0 driver=nl80211 ssid=MyAccessPoint hw_mode=g channel=7 wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=YourStrongPassword wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Replace
MyAccessPointwith the SSID of your choice, andYourStrongPasswordwith a strong password for the AP. -
Now tell the system to use this configuration by editing the
hostapddefault configuration:sudo nano /etc/default/hostapd
-
Modify the line
#DAEMON_CONF=""to:DAEMON_CONF="/etc/hostapd/hostapd.conf" -
Save and close the file.
To allow devices connecting to your access point to access the internet, you'll need to enable IP forwarding and set up NAT.
-
Enable IP forwarding by editing
/etc/sysctl.conf:sudo nano /etc/sysctl.conf
-
Uncomment the following line:
net.ipv4.ip_forward=1
-
Apply the changes:
sudo sysctl -p
-
Configure
iptablesfor NAT:sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
-
Save the
iptablesrules so they persist after reboot:sudo sh -c "iptables-save > /etc/iptables.ipv4.nat" -
Ensure the rules are applied on boot by editing
/etc/rc.local:sudo nano /etc/rc.local
Add the following line before
exit 0:iptables-restore < /etc/iptables.ipv4.nat -
Save and close the file.
-
Start
hostapdanddnsmasqservices:sudo systemctl start hostapd sudo systemctl start dnsmasq
-
Ensure they start on boot:
sudo systemctl enable hostapd sudo systemctl enable dnsmasq
-
From your laptop, connect to the wireless access point you created (
MyAccessPoint) using the password you set. -
Once connected, use PuTTY (or any other SSH client) to connect to the Raspberry Pi's static IP address (
192.168.4.1):- Host Name (or IP address):
192.168.4.1 - Port:
22 - Connection Type: SSH
- Host Name (or IP address):
To change the hostname on Kali Linux: Edit the
/etc/hostnamefile:
Replace the current hostname with your desired new hostname.
Edit the
/etc/hostsfile:
Find the line that says
127.0.1.1 old-hostname(where old-hostname is your current hostname). Change old-hostname to your new hostname (e.g., new-hostname):
To ensure the MAC address remains after reboot, create file:
sudo mousepad /etc/systemd/system/macspoof@.serviceadding below line: Insert Content below in new file:
[Unit]
Description=Spoof MAC address for %i
Wants=network-pre.target
Before=network-pre.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device
[Service]
Type=oneshot
ExecStart=/usr/bin/macchanger -m XX:XX:XX:XX:XX:XX %i
ExecStartPost=/usr/sbin/ip link set dev %i up
[Install]
WantedBy=multi-user.target
Enable the macspoof@.service
sudo systemctl enable macspoof@eth0.service
Start the Service
sudo systemctl start macspoof@eth0.service
sudo reboot
Verify the MAC Address
ip addr show eth0
Automatically run your Python program at boot on your Raspberry Pi running Kali Linux, setting it up using systemd. Confirm prerequisite of
python3-rpi.gpiois installed before starting python service.
Create a new service file for your Python program:
sudo nano /etc/systemd/system/seven_segment.serviceAdd the following content to the service file, modifying the path to your Python script if necessary:
[Unit]
Description=Seven Segment Display Script
After=multi-user.target
[Service]
Type=idle
ExecStart=/usr/bin/python3 /path/to/your/seven_segment.py
Restart=on-failure
User=pi # Replace 'pi' with your Raspberry Pi username if different
[Install]
WantedBy=multi-user.targetExecStart: Replace
/path/to/your/seven_segment.pywith the full path to your Python script. User: Comment out username of kali for pi to run as root.
Reload systemd to recognize the new service:
sudo systemctl daemon-reload
Enable the service so it runs at boot:
sudo systemctl enable seven_segment.service
Start the service immediately to test if it works:
sudo systemctl start seven_segment.service
Check the status of the service to ensure it's running without errors:
sudo systemctl status seven_segment.service
:You should see that the service is running. If there are any errors, check the logs for more details.
Reboot your Raspberry Pi to confirm the script runs automatically at startup:
sudo reboot
If the service doesn't start correctly, you can check the logs with:
journalctl -u seven_segment.service
This will help you identify any errors or issues that might be occurring.
The inside of the air freshner spray drop box containing raspberry pi 4 with USB power bank (battery for 5V)
