WiFi-Pumpkin

From Embedded Lab Vienna for IoT & Security
Jump to: navigation, search

Summary

Create a rogue Wi-Fi access point on Raspberry Pi.

Requirements

Description

Setup

Touchscreen

  • Connect the small ribbon cable to the connector on the top of the board
  • Fix the board to the screen with the four spacers
  • Connect the white ribbon cable to the connector on the board
  • Connect the four jumper wires to the 5V, GND, SCL and SDA pins on the display driver board
  • Mount your Raspberry Pi onto the four spacers
  • Connect the white ribbon to the Display Connector of the Raspberry Pi
  • Connect the jumper wires (assuming your Raspberry Pi is in front of you with the GPIO on the right side):
    • GND to the third pin down on the right hand side
    • 5V to the second pin down on the right
    • SCL to the third pin down on the left hand side
    • SDA to the second pin down on the left hand side
    • Click here for more detailed information of the assembly
  • Connect your keyboard and mouse to the Raspberry Pi
  • Connect the ALFA wireless interface to the Raspberry Pi
  • Do NOT power on yet

Installation

  • Download, unzip and install Kali Linux RaspberryPi 2 and 3 (version 2019.1) on your SD card with the PC
  • Insert the SD card into the Raspberry Pi and connect it with the power source
  • Login with username "root" and password "toor"
  • Open a terminal and update:
  apt-get update
  apt-get upgrade

Optional

  • Change the password:
  passwd
  • Regenerate SSH keys:
  dpkg-reconfigure openssh-server
  • Expand the image to use all SD card space:
  apt-get install gparted
  • Launch the tool and resize the ext4 partition to use the rest of the unused space

  git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git
  cd WiFi-Pumpkin
  chmod +x installer.sh
  sudo ./installer.sh --install
  • Install dependencies:
  pip install -r requirements.txt

Usage

  • Connect to the Internet with the internal interface of the Raspberry Pi (either wired or wireless)
  • Identify the name of ALFA wireless interface (wlan1 in my case):
  iwconfig
  ifconfig wlan1 down
  iwconfig wlan1 mode monitor
  ifconfig wlan1 up
  • Start monitoring the networks:
  airodump-ng wlan1
  • Check the channel of your target network (1 in my case)
  • Set your ALFA to the appropriate channel:
  iwconfig wlan1 channel 1
  • Check the frequency:
  iwlist channel
  iwconfig wlan1
  wifi-pumpkin
  • A GUI opens
  • Go to "Settings":
    • Change "SSID" to the same name as your target network (OpenHotSpot in my case)
    • Change "Channel" to the channel you discovered before (1 in my case)
    • Change "Network Adapter" to your ALFA's name (wlan1 in my case)
    • My target network does not have any security, so I leave "Wireless Security" unchecked
  • Go to "Plugins":
  • Hit start and watch the clients connect to your rogue AP!!

Used Hardware

References