Exfiltrating Files With A Pi Zero | P4wnP1 A.L.O.A.

Share
Embed
  • Published on May 18, 2019
  • 👉👉Check out MALTRONICS maltronics.com/?PP
    PCBWay Assembly $30 with FREE worldwide Shipping: www.pcbway.com/quotesmt.aspx
    github page: github.com/mame82/P4wnP1_aloa
    mame82 twtr: mame82
    win32disk imager: sourceforge.net/projects/win32diskimager/
    pi zero antenna mod: ru-clip.net/video/KonrpeVRRjc/video.html
    oled display video: ru-clip.net/video/IubexFLXA6E/video.html
    exfiltrate files (old script): github.com/DuckyTools/payloads-P4wnP1-A.L.O.A./blob/master/exfiltrate-files-and-documents.txt
    my exfiltration script: pastebin.com/k4xjwPxg

    ----------------------------------------------------------------------------------------------
    Check out my site: www.seytonic.com
    Follow me on twitter: seytonic
    Discord server: discord.gg/seytopia
  • Science & TechnologyScience & Technology

Comments • 502

  • Travis Bryant
    Travis Bryant 11 days ago

    I can't get any of these scripts to work without errors. I wrote my own that works if I enter lines in powershell but I can't figure out the script errors. Can someone take a look? pastebin.com/Mrcj8HTW

  • mer meh
    mer meh 14 days ago

    This is by far the fastest way to rack up some gamer points with the FBI

  • Hugo Baylion
    Hugo Baylion 25 days ago

    Hello, when I deploy test.bin, I have the notification (new gadget setting deployed successfully) , but on my pc nothing’s happening.. could you help me plz

    • Hugo Baylion
      Hugo Baylion 24 days ago

      In fact, my cable was only for charge, so can't use to transfer data... be careful !!

  • The Last Gamer
    The Last Gamer 28 days ago +1

    Time to go to my local coffee shop!

  • Wiktor Kuzko
    Wiktor Kuzko 29 days ago

    You should sell special hats for pi with ALOA

  • Spambi The Neko
    Spambi The Neko Month ago

    *plugs a pwn pi into car*
    Given the password the car can now fly

  • Kaszanas
    Kaszanas Month ago

    Can it use Python?

  • RGC Tech
    RGC Tech Month ago

    Would this be possible on a raspberry pi 4??

  • Vladislav Catimba
    Vladislav Catimba Month ago

    good stuf

  • Gaming Time
    Gaming Time 2 months ago

    can you use any pi with this project

    • DarkCatapulter
      DarkCatapulter 25 days ago

      Yes you can, however the image-file that you can use to flash an SD-Card provided in this tutorial is for RPi Zero. Meaning that you will have to install Kali-Linux yourself, and then download the project using something like "git clone".

  • Saket Verma
    Saket Verma 2 months ago

    that is why u should use win7 😂,,no Power shell there,,lol

  • Cameron Noakes
    Cameron Noakes 3 months ago

    if its a bad USB, why dont you save up for a good one (LMAOOOOOO)

  • comingx4xyou
    comingx4xyou 3 months ago

    Hmmm. I love this video but can't actually get this to work 😔

  • Dan Bennett
    Dan Bennett 3 months ago

    Admittedly it was a while ago now so might have been "fixed" but I recall VBA or VB scripts can be executed without anything visible on screen. I used to put scripts in people's startup directory on Windows that slept for a while, ejected the optical drive, then looped. There was no CLI window or anything flashing on screen, it was entirely "hidden" in a background process. If that trick still works it would probably make more sense to create a script that opens notepad, writes to a script file that contains the file-copying code, and then run that script. You'd only have a second or two of things flashing on screen while the script is created and launched and then nothing, so it would be a lot more covert.

  • CE R&EM Cell
    CE R&EM Cell 3 months ago

    Please try jlc PCB once

  • Janib Soomro
    Janib Soomro 3 months ago

    It won't work in office environment since mass storage & RNDIS is blocked, you can't use usb device and having an emulated mouse/keyword may work only when window is logged on therefore anyone can see it in action, even though it takes few seconds.
    Correct me if I am wrong and suggest me a way around, I really like to use this.

  • Georgios Skokos
    Georgios Skokos 4 months ago

    Stealnothing in my pc! Help me

  • Rancid Rocket
    Rancid Rocket 4 months ago

    When I do this with my Pi zero, when I press deploy to create the mass storage emulation, either it doesn’t get created, or windows doesn’t recognise the partition.

  • TN Nguyen
    TN Nguyen 4 months ago

    oops, no space, need to find some other type of adapters for keyboard and the TV. i.imgur.com/6DBEWIM.png

  • TN Nguyen
    TN Nguyen 4 months ago

    I cant see the SSID in the wifi list on my laptop.

    SOLVED: you need to use an external power supply (my is 5v /3A) for the PWR port (near the hole; doesnt matter with the other usb port) and then change your wifi channel number on your router if you cant login (the P4wnP1 image uses channel 6. I live at the 6th floor, 20 stations around me, many interferes). I had now changed the ssid/passwd for easy login. Ssh works per default (after you can connect towards 172.24.0.1:8000). I try to use wifi as "client + access point), it failed (i get stuck), I need to reflash again. Thanks a lot to Seytonic & the team for sharing

  • Mr Spoopy
    Mr Spoopy 5 months ago

    this is neat and all but how do I stop a creep from doing this to my computer?

  • Jesse Mancuso
    Jesse Mancuso 5 months ago +1

    Great job. I figured this out after a couple days of being dumb, but BEAUTIFUL!

  • Patrick van der Meulen
    Patrick van der Meulen 5 months ago

    Does your shop also ship to the Netherlands?

  • O'lorcain
    O'lorcain 5 months ago

    So I finally got my sd card flashed then was able to connect to the wifi but when I go to 172.24.0.1:8000 I get an unable to connect error... So I was able to ssh by doing ssh -l pi 172.24.0.1 and using the password raspberry

  • RyanP
    RyanP 5 months ago

    more aloa vids please

  • Thebloggermustdie
    Thebloggermustdie 6 months ago

    Great tutorial, thanks for putting out there.

  • JD Grobler
    JD Grobler 6 months ago

    I have a question regarding this. and a statement.
    1. Statement: hide the powershell by adding this in your line 5; type("powershell.exe -windowstyle hidden") and adjust the speeds accordingly barely even notice that it opened the powershell.
    2. Question: How would I be able to implement mkdir with the $Env:ComputerName and have all the files then go to that folder?
    Could someone please point me in the right direction?

  • Atomkey Sinclair
    Atomkey Sinclair 6 months ago

    Well okay. But do this to hide everything and have the script run unseen: Call a batch file that calls a powershell script that runs without a window. Here's the code:
    Single line in go.bat file: Powershell.exe -windowstyle hidden -executionpolicy remotesigned -File doit.ps1
    Single line call (or more0) in doit.ps1 script: Copy-Item -Path * -Destination mydir
    Of course tailor this to your needs. The * is what you want copied and 'mydir' is where you want it. The batch file runs powershell without a window and tells it to use the script in file 'doit.ps1' ~Oh - and this only works for PS versions 2 and up. To find out what version of PS you are using, run it and type 'get-host' -- I think that will work for what you are trying to do with a bit more effectiveness. Next step is to hide the device from appearing as a mounted component.

  • Dane Jones
    Dane Jones 6 months ago

    I'm using P4wnP1 as a base to build a KVM "ish" system for use at a small PC repair place I work at. Setting up the PI to use the B101 HDMI to CSI-2 Bridge to capture the video from an HDMI port to stream over the web interface. Also allowing for direct mouse and keyboard commands over the web interface as well. When I get things rampped up, I'll fork the GitHub source and submit a few push requests.

  • compactdiscman
    compactdiscman 6 months ago

    i hope it works this time, last time i coulnt get the shell to work

  • Dravyn C
    Dravyn C 6 months ago

    Could you do this with a regular raspberry pi?

  • Soniboy84
    Soniboy84 6 months ago +1

    I dont understand, do you not still need to be logged into the pc to do anything with this?

  • VJ 90
    VJ 90 6 months ago

    Why not 3D print a shell and make it look as an external HDD (including a Li-Ion battery for keeping the pi up) also use the awesome ideas presented here to hide the drive and move the PS window in a corner. Also is there the possibility to mount a visible partition while having the hidden one (the one where you put the stolen files) in order to mask your "ext HDD"? I think there were some guides where you can make your partition look virtually like 500gb where in fact it's just 50mb or something, just enough to keep some PDF, Excel or whatever files which you would need to "print" on the PC you are using the pi :)

  • Ludo Wolf
    Ludo Wolf 6 months ago

    i usually plop press("GUI CTRL down") in there just befor exit so it just hides the power shell window while its running

  • bruno moreno mata
    bruno moreno mata 6 months ago +2

    ¿Could you do this with a raspberry pi 3 model b?

  • Vukasin Todorovic
    Vukasin Todorovic 6 months ago

    Great video, but how do I steal things from an android device?

  • human being
    human being 7 months ago

    seems a bit drastic just rip the drive out same thing pretty much lol

  • Joe Gibson
    Joe Gibson 7 months ago

    Total noob here but does anyone know how I can get the ip for my raspberry pi to ssh it? I did try an ip scanner but it didn't appear

    • Joe Gibson
      Joe Gibson 6 months ago

      @Jango1989 thanks so much managed to get it up and running but this was a huge help

    • Jango1989
      Jango1989 6 months ago

      1st are you connected to your pi's WiFi or is your pi connected to your network via ethernet or WiFi? You need at least one of these to connect to the pi. Once you've made sure you're both on the same network use arp-scan to find your pi or use nmap to run a ping scan of your network:
      nmap -sn 192.168.0.0/24
      (Note that if you're IP address is 10.0.0.someNumber etc then replace the IP range in the nmap command with 10.0.0.0/24)
      If your pi is connected to your router's network, you can also log in to your router and it will normally show what devices are on the network and what their respective IP on the network is.

      Hope that helps.

  • Hossam Shadi
    Hossam Shadi 7 months ago

    What if I want to attack smart phone Android

  • Jack Adams Daniels
    Jack Adams Daniels 7 months ago

    Very interesting

  • Desh
    Desh 7 months ago

    me and my friends messed around with the stealing files function and its fun we went to the library and we did what we could and we found some interesting stuff it wasn't private and yes we got permission for the "experiment"

  • AgeingBoyPsychic
    AgeingBoyPsychic 7 months ago

    I've followed every tutorial on making a P4wnP1, and it has never been able to do ANYTHING to my Windows 10 computer, it immediately gets flagged as not human input, and doesn't let me do anything to my pin/password protected Win 10 computer.
    I have no idea why. The software all runs, I bought a USB passthrough for the middle USB, it's recognised as a keyboard, but I can't do anything useful with it at all...
    Am I doing something wrong?

  • Kevin Miedema
    Kevin Miedema 7 months ago

    here is a sneaky idea. put a P4wnP1 inside a power bank. so you can pretend your just 'charging your powerbank'

  • Kevin Miedema
    Kevin Miedema 7 months ago

    that is interesting. and pretty terrifying.

  • Grammer Natcis' hair are you're christmas present;

    I can't get the Keyboard HID to work, but the mouse does work....any ideas anyone?

    • Yo
      Yo 5 months ago

      Wrong Keyboard Layout?

  • mather jodeh
    mather jodeh 7 months ago

    Would this work on Raspberry pi 3 B+ ?

  • Michael D
    Michael D 7 months ago

    Can a pi 0 crack wifi passwords

    • Jango1989
      Jango1989 6 months ago

      In as much as a plastic knife can cut down a tree.
      You'd be better off collecting the handshake and cracking on a better computer.

  • Simon Smith
    Simon Smith 7 months ago

    You have to think if you do this in a company some computers have the usb ports switched off so this device is rendered useless this device will only work went all of the USB ports are enabled

  • Stefan Bangert
    Stefan Bangert 7 months ago

    Would P4wnP1 also run on an Raspberry PI 3 B+?
    Or does it would have difficulty with the hid scripts? (Does the MicroUSB port on the 3b+ even support this?)

  • Anton U
    Anton U 7 months ago +3

    I started following the first tutorial, and it didnt make sense! Thanks for the update!

  • Lewis Read
    Lewis Read 7 months ago +1

    For me the file i downloaded didn't show up on windisk imager. It showed up as a .xz file. What was i doing wrong?

    • Lya
      Lya 7 months ago

      you have to extract the file, the .xz is an archive
      in linux use "unxz [filename.xz]"
      on windows you have to install something like winzip (www.winzip.com/win/en/xz-file.html)

  • Milex Freak
    Milex Freak 7 months ago

    u mean if we disable auto trust on keyboard all these are useless?????

  • shaman now
    shaman now 7 months ago

    What video editing software do u use. Really good edits and affects. Please dm following.

  • Rafael Albuquerque
    Rafael Albuquerque 7 months ago

    Would be nice to learn how to steal files from android devices with Pi or Arduino

  • Aleksandar Jovanovic
    Aleksandar Jovanovic 7 months ago

    i was wondering if this would work on a raspberry pi 3 b?

    • Thijmen Heuvelink
      Thijmen Heuvelink 7 months ago

      Aleksandar Jovanovic Not quite sure but maybe a usb male to usb male data transfer cable will work?

    • Aleksandar Jovanovic
      Aleksandar Jovanovic 7 months ago

      Thijmen Heuvelink there is no microusb port for transper of info

    • Thijmen Heuvelink
      Thijmen Heuvelink 7 months ago

      Aleksandar Jovanovic Should work, its just a hardware upgrade compared to the zero w.

  • Lysol !
    Lysol ! 7 months ago

    What if the target PC has several User accounts?

  • JustWasted3HoursHere
    JustWasted3HoursHere 7 months ago

    You should probably put a disclaimer on here somewhere since this seems to be, well, only moderately legal, if at all.

    • blackwhattack
      blackwhattack 7 months ago

      How is it illegal? He's just informing us about technology

  • ukpauliogazzio
    ukpauliogazzio 7 months ago +1

    I'd have it wired internally with a small battery so it can last for a bit without power, and wire a couple of GPIO pins to the switch pins on the motherboard so it can power the PC up at night.
    then have it copy the files to the disk or upload them to a remote server.

  • Kenbomp
    Kenbomp 7 months ago

    Don't think this will work if you have plug play disabled or have avira

  • Elliott Alderson
    Elliott Alderson 7 months ago

    When i run your script, it only copies the files on my desktop and nowhere else. What am i doing wrong? I followed you every step of the way (i thought!) lol

    • LOLster Studios
      LOLster Studios 2 months ago

      that's how it works lol
      Edit the script to different location