Exfiltrating Files With A Pi Zero | P4wnP1 A.L.O.A.

  • Published on May 18, 2019
  • 👉👉Check out MALTRONICS maltronics.com/?PP
    PCBWay Assembly $30 with FREE worldwide Shipping: www.pcbway.com/quotesmt.aspx
    github page: github.com/mame82/P4wnP1_aloa
    mame82 twtr: mame82
    win32disk imager: sourceforge.net/projects/win32diskimager/
    pi zero antenna mod: ru-clip.net/video/KonrpeVRRjc/video.html
    oled display video: ru-clip.net/video/IubexFLXA6E/video.html
    exfiltrate files (old script): github.com/DuckyTools/payloads-P4wnP1-A.L.O.A./blob/master/exfiltrate-files-and-documents.txt
    my exfiltration script: pastebin.com/k4xjwPxg

    Check out my site: www.seytonic.com
    Follow me on twitter: seytonic
    Discord server: discord.gg/seytopia
  • Science & TechnologyScience & Technology

Comments • 476

  • TN Nguyen
    TN Nguyen 2 days ago

    I cant see the SSID in the wifi list on my laptop.

    SOLVED: you need to use an external power supply (my is 5v /3A) for the PWR port (near the hole; doesnt matter with the other usb port) and then change your wifi channel number on your router if you cant login (the P4wnP1 image uses channel 6. I live at the 6th floor, 20 stations around me, many interferes). I had now changed the ssid/passwd for easy login. Ssh works per default (after you can connect towards I try to use wifi as "client + access point), it failed (i get stuck), I need to reflash again. Thanks a lot to Seytonic & the team for sharing

  • Mr Spoopy
    Mr Spoopy 17 days ago

    this is neat and all but how do I stop a creep from doing this to my computer?

  • Jesse Mancuso
    Jesse Mancuso 27 days ago +1

    Great job. I figured this out after a couple days of being dumb, but BEAUTIFUL!

  • Patrick van der Meulen

    Does your shop also ship to the Netherlands?

  • O'lorcain
    O'lorcain Month ago

    So I finally got my sd card flashed then was able to connect to the wifi but when I go to I get an unable to connect error... So I was able to ssh by doing ssh -l pi and using the password raspberry

  • RyanP
    RyanP Month ago

    more aloa vids please

  • Thebloggermustdie
    Thebloggermustdie Month ago

    Great tutorial, thanks for putting out there.

  • JD Grobler
    JD Grobler Month ago

    I have a question regarding this. and a statement.
    1. Statement: hide the powershell by adding this in your line 5; type("powershell.exe -windowstyle hidden") and adjust the speeds accordingly barely even notice that it opened the powershell.
    2. Question: How would I be able to implement mkdir with the $Env:ComputerName and have all the files then go to that folder?
    Could someone please point me in the right direction?

  • Atomkey Sinclair
    Atomkey Sinclair Month ago

    Well okay. But do this to hide everything and have the script run unseen: Call a batch file that calls a powershell script that runs without a window. Here's the code:
    Single line in go.bat file: Powershell.exe -windowstyle hidden -executionpolicy remotesigned -File doit.ps1
    Single line call (or more0) in doit.ps1 script: Copy-Item -Path * -Destination mydir
    Of course tailor this to your needs. The * is what you want copied and 'mydir' is where you want it. The batch file runs powershell without a window and tells it to use the script in file 'doit.ps1' ~Oh - and this only works for PS versions 2 and up. To find out what version of PS you are using, run it and type 'get-host' -- I think that will work for what you are trying to do with a bit more effectiveness. Next step is to hide the device from appearing as a mounted component.

  • Dane Jones
    Dane Jones Month ago

    I'm using P4wnP1 as a base to build a KVM "ish" system for use at a small PC repair place I work at. Setting up the PI to use the B101 HDMI to CSI-2 Bridge to capture the video from an HDMI port to stream over the web interface. Also allowing for direct mouse and keyboard commands over the web interface as well. When I get things rampped up, I'll fork the GitHub source and submit a few push requests.

  • compactdiscman
    compactdiscman Month ago

    i hope it works this time, last time i coulnt get the shell to work

  • Dravyn C
    Dravyn C 2 months ago

    Could you do this with a regular raspberry pi?

  • Soniboy84
    Soniboy84 2 months ago +1

    I dont understand, do you not still need to be logged into the pc to do anything with this?

  • VJ 90
    VJ 90 2 months ago

    Why not 3D print a shell and make it look as an external HDD (including a Li-Ion battery for keeping the pi up) also use the awesome ideas presented here to hide the drive and move the PS window in a corner. Also is there the possibility to mount a visible partition while having the hidden one (the one where you put the stolen files) in order to mask your "ext HDD"? I think there were some guides where you can make your partition look virtually like 500gb where in fact it's just 50mb or something, just enough to keep some PDF, Excel or whatever files which you would need to "print" on the PC you are using the pi :)

  • Ludo Wolf
    Ludo Wolf 2 months ago

    i usually plop press("GUI CTRL down") in there just befor exit so it just hides the power shell window while its running

  • bruno moreno mata
    bruno moreno mata 2 months ago +2

    ¿Could you do this with a raspberry pi 3 model b?

  • Vukasin Todorovic
    Vukasin Todorovic 2 months ago

    Great video, but how do I steal things from an android device?

  • human being
    human being 2 months ago

    seems a bit drastic just rip the drive out same thing pretty much lol

  • Joe Gibson
    Joe Gibson 2 months ago

    Total noob here but does anyone know how I can get the ip for my raspberry pi to ssh it? I did try an ip scanner but it didn't appear

    • Joe Gibson
      Joe Gibson 2 months ago

      @Jango1989 thanks so much managed to get it up and running but this was a huge help

    • Jango1989
      Jango1989 2 months ago

      1st are you connected to your pi's WiFi or is your pi connected to your network via ethernet or WiFi? You need at least one of these to connect to the pi. Once you've made sure you're both on the same network use arp-scan to find your pi or use nmap to run a ping scan of your network:
      nmap -sn
      (Note that if you're IP address is 10.0.0.someNumber etc then replace the IP range in the nmap command with
      If your pi is connected to your router's network, you can also log in to your router and it will normally show what devices are on the network and what their respective IP on the network is.

      Hope that helps.

  • Hossam Shadi
    Hossam Shadi 2 months ago

    What if I want to attack smart phone Android

  • Jack Adams Daniels
    Jack Adams Daniels 2 months ago

    Very interesting

  • Desh
    Desh 2 months ago

    me and my friends messed around with the stealing files function and its fun we went to the library and we did what we could and we found some interesting stuff it wasn't private and yes we got permission for the "experiment"

  • AgeingBoyPsychic
    AgeingBoyPsychic 2 months ago

    I've followed every tutorial on making a P4wnP1, and it has never been able to do ANYTHING to my Windows 10 computer, it immediately gets flagged as not human input, and doesn't let me do anything to my pin/password protected Win 10 computer.
    I have no idea why. The software all runs, I bought a USB passthrough for the middle USB, it's recognised as a keyboard, but I can't do anything useful with it at all...
    Am I doing something wrong?

  • Kevin Miedema
    Kevin Miedema 2 months ago

    here is a sneaky idea. put a P4wnP1 inside a power bank. so you can pretend your just 'charging your powerbank'

  • Kevin Miedema
    Kevin Miedema 2 months ago

    that is interesting. and pretty terrifying.

  • ThisIsAPrettyLongUserNameWhyTheFuckWouldHeDoThatSoThatEveryoneWouldThumbsUpIt

    I can't get the Keyboard HID to work, but the mouse does work....any ideas anyone?

    • Yo
      Yo Month ago

      Wrong Keyboard Layout?

  • mather jodeh
    mather jodeh 2 months ago

    Would this work on Raspberry pi 3 B+ ?

  • Michael D
    Michael D 2 months ago

    Can a pi 0 crack wifi passwords

    • Jango1989
      Jango1989 2 months ago

      In as much as a plastic knife can cut down a tree.
      You'd be better off collecting the handshake and cracking on a better computer.

  • Simon Smith
    Simon Smith 2 months ago

    You have to think if you do this in a company some computers have the usb ports switched off so this device is rendered useless this device will only work went all of the USB ports are enabled

  • Stefan Bangert
    Stefan Bangert 3 months ago

    Would P4wnP1 also run on an Raspberry PI 3 B+?
    Or does it would have difficulty with the hid scripts? (Does the MicroUSB port on the 3b+ even support this?)

  • Anton U
    Anton U 3 months ago +3

    I started following the first tutorial, and it didnt make sense! Thanks for the update!

  • Lewis Read
    Lewis Read 3 months ago +1

    For me the file i downloaded didn't show up on windisk imager. It showed up as a .xz file. What was i doing wrong?

    • Lya
      Lya 3 months ago

      you have to extract the file, the .xz is an archive
      in linux use "unxz [filename.xz]"
      on windows you have to install something like winzip (www.winzip.com/win/en/xz-file.html)

  • Milad Omidvaran
    Milad Omidvaran 3 months ago

    u mean if we disable auto trust on keyboard all these are useless?????

  • shaman now
    shaman now 3 months ago

    What video editing software do u use. Really good edits and affects. Please dm following.

  • Rafael Albuquerque
    Rafael Albuquerque 3 months ago

    Would be nice to learn how to steal files from android devices with Pi or Arduino

  • Aleksandar Jovanovic
    Aleksandar Jovanovic 3 months ago

    i was wondering if this would work on a raspberry pi 3 b?

    • Thijmen Heuvelink
      Thijmen Heuvelink 3 months ago

      Aleksandar Jovanovic Not quite sure but maybe a usb male to usb male data transfer cable will work?

    • Aleksandar Jovanovic
      Aleksandar Jovanovic 3 months ago

      Thijmen Heuvelink there is no microusb port for transper of info

    • Thijmen Heuvelink
      Thijmen Heuvelink 3 months ago

      Aleksandar Jovanovic Should work, its just a hardware upgrade compared to the zero w.

  • Lysol !
    Lysol ! 3 months ago

    What if the target PC has several User accounts?

  • JustWasted3HoursHere
    JustWasted3HoursHere 3 months ago

    You should probably put a disclaimer on here somewhere since this seems to be, well, only moderately legal, if at all.

    • blackwhattack
      blackwhattack 3 months ago

      How is it illegal? He's just informing us about technology

  • ukpauliogazzio
    ukpauliogazzio 3 months ago +1

    I'd have it wired internally with a small battery so it can last for a bit without power, and wire a couple of GPIO pins to the switch pins on the motherboard so it can power the PC up at night.
    then have it copy the files to the disk or upload them to a remote server.

  • Kenbomp
    Kenbomp 3 months ago

    Don't think this will work if you have plug play disabled or have avira

  • Elliott Alderson
    Elliott Alderson 3 months ago

    When i run your script, it only copies the files on my desktop and nowhere else. What am i doing wrong? I followed you every step of the way (i thought!) lol

  • country boy
    country boy 3 months ago

    if you have physical access to a computer ......................... what would be the point

  • Neko Imouto
    Neko Imouto 3 months ago +9

    this'll be useful in case we need to raid oppressive supercorps, jack into their mainframes within their HQs and parkour through the night back to the underground hacker base

  • Joe Milosch
    Joe Milosch 3 months ago

    All these only work on a Window's computer.... dosn't tht tell you to avoid using Windows?

  • Lennart Nilsen
    Lennart Nilsen 3 months ago

    Put the script on the mass storage device and run it in the background.

  • Herezjush
    Herezjush 3 months ago

    you have to run pc and plugin to it, you wont extract anything from pc that is not signed in right?

  • Colton Dillon
    Colton Dillon 3 months ago

    First video ive ever seen of yours... instant follow.

  • max mustermann
    max mustermann 3 months ago

    hi I can't deploy the usb without disabling the RNDIS (on Windows 7). when I disable RNDIS the usb gets shown and is accessible (both imgened as well as testimg) otherwise this error gets displayed on the aloaweb-client:
    "Error while deploying new USB gadget settings
    rpc error: code = Unknown desc = Response closed without headers

    symptoms (i guess):
    HIDtest1 script works on deploy, but does never stop according to the status on the client. also it sometimes starts more than one process (exactly 8 jobs at a time)
    In device manager the pi0 gets shown as rndis, cdc ecm and as one usb device (no HID eventhough HID-input works)

    please tell me if you encountered similar problems or have an idea where it might come from.

  • vehctor
    vehctor 3 months ago

    Is there any advice what to do if the hidscript is not being executed on the target pc?

  • Laughing Man
    Laughing Man 3 months ago +1

    So I just tried this on a test computer and a spare pi zero w, and unfortunately it isnt working for me. Everything seams fine and the job starts on the pi but it never connects to the pc or grabs anything and the job jut stays there (not failed but not succeeded either.

  • Jeroen
    Jeroen 3 months ago +6

    Small suggestion: You also need a microsd card converter for plugging it into your computer to flash it though you never said this in the hardware section. Great video though

    • Jeroen
      Jeroen 2 months ago

      @Melted Spades True, but he never said you needed it in the "requirements" section

    • Melted Spades
      Melted Spades 2 months ago

      or just use a micro sd reader as shown

  • JustANinja
    JustANinja 3 months ago

    what if we sent this pi usb to a predator (on discord) and then steal all of his files and then replacing it with tracking viruses, therefore allowing the FBI to investigate him and arrest him?

  • Anwar Al Shamkhany
    Anwar Al Shamkhany 3 months ago +3

    that's kinda scary that this actually works and that effectively

  • xampl3
    xampl3 3 months ago +1

    Hey, guys I just modified the script of our awesome boy Seytonics a little bit.
    It uses the HIDE function from the backdoor script to hide the window while still in focus.
    Additionally, I put up a list of keyboard layouts that theoretically should work(no guarantee)
    WATCH OUT: you have to change the Keyboard layout and DRIVENAME!!!!!!!!!!!!!

    gl hf using my script
    Again, the original script is not from me. It's from Seytonic


  • theburntcrumpet
    theburntcrumpet 3 months ago

    Could you run all the commands with a start /b before the copy command so that the prompt is only very briefly visible to the user? Also could have a batch file on the root of the mass storage device

  • New Fly Tech
    New Fly Tech 3 months ago

    Do you need a perfect raspberry pi zero w logo case for the pi ?

  • Cesium
    Cesium 3 months ago +1

    Compatibility with 3B? it boots kali but I don't see a network

  • Tom England
    Tom England 3 months ago

    In the UK do I need to change theh keyboard layout?

  • Adam Rhodes
    Adam Rhodes 3 months ago

    If the user comes back to the PC whilst the power shell window is up copying files it's quite obvious something is going on. Maybe instead run the script from the run command itself, supplied with a --command "" and a --windowstyle hidden so that the process does not display anything to the user? If you wanted to reduce the amount of text typed into the run dialog, you could run a simple script from the command line argument that simply saves the location of the USB storage device to an env variable, and then executes a malicious script from the storage device itself.

  • Birdcrumbs
    Birdcrumbs 3 months ago +1

    Quick tip from hours of trial + error: Make sure to EXTRACT the download first. If it takes a few seconds to flash the image it won't work. If it takes a few minutes then it will probably work.