πŸ•ΈοΈ
Th4ntis CyberSec
  • πŸ•·οΈ>whoami_
  • πŸ–₯️General Info
    • CyberSec News
    • Getting Started and other Resources
      • CompTIA Certs
        • Security+
        • Pentest+
    • MITRE ATT&CK
    • Cyber Kill Chain
    • Docker
  • πŸ’»Networking
    • General Networking
    • Common Ports and Protocols
    • TCP/IP Model
    • OSI Model
    • Subnetting
    • Wireshark
    • NMap
    • Wireless
      • Wardriving/WiFi Sniffing
    • 3-Way Handshake
  • 🐧Linux
    • Common commands
    • Sudo
    • Files and File contents
    • Sed Awk and Grep
    • Permissions
  • πŸͺŸWindows
    • Event Codes
    • Powershell
    • Internals
    • Active Directory
  • πŸ”ŽOSINT
    • OSINT Tools
    • IP/Domain OSINT
    • Email/Username OSINT
    • URL OSINT and Sandboxing
    • Social Media OSINT
    • Website OSINT
    • Password OSINT
    • Physical Location OSINT
    • Image OSINT
    • People OSINT
    • Phone Number OSINT
    • Shodan
    • Google Dorking
  • πŸ› οΈTools
    • Brute Force
      • Hydra
    • Credential Dumping
      • Mimikatz
    • Enumeration
      • Bloodhound
      • Certipy
      • Dirb/Dirbuster
      • Enum4Linux
      • GoBuster
    • Exploitation Framework
      • Metasploit
      • Sliver
      • Cobalt Strike
    • Hash Cracking
      • Hashcat
      • JohnTheRipper
    • Methods
      • Powershell Obfuscation
      • Privilege Escalation
      • Pass-The-Hash
      • Kerberos and Kerberoasting
    • Vulnerability Scanners
      • Nessus
      • OpenVAS
    • Web App
      • BurpSuite
      • OWASP Zap
    • Wireless
      • Aircrack-ng
      • Kismet
      • Bettercap
      • HCXDumptool
      • Wifite
    • Impacket
    • Social-Engineer Toolkit (SET)
  • πŸ“”Guides and How-To's
    • Lab Setup
      • Ubuntu VM
      • Kali VM
      • Windows User VM
      • Windows Server VM
    • Wardriving
      • Pwnagotchi
    • Wireless Pentesting
      • WiFi Pineapple Basics
      • Evil-Twin Attack
    • Over The Wire
      • Bandit
      • Natas
      • Leviathan
      • Krypton
      • Narnia
      • Behemoth
      • Utumno
      • Maze
      • Vortex
      • Manpage
    • Docker and Kali Linux
    • Staying Private and goin Dark Online
  • πŸ“•Quick References
    • Tools
      • Tmux
      • NMap
      • Ffuf
      • NetExec
      • CrackMapExec
      • Proxychains
      • OneDriveUser Enum
      • Hashcat
    • One-liners
    • Reverse Shells
    • Post Exploitation
    • Enumeration
      • Google
      • Sublist3r
      • NMap
      • DNSDumpster
    • Hashcracking
    • Wireless
  • πŸ““Courses
    • PNPT
      • Practical Ethical Hacking
      • Windows Privilege Escalation
      • Linux Privilege Escalation
      • OSINT Fundamentals
      • External Pentest Playbook
  • ☁️TryHackMe
    • Attacking Kerberos
    • Hacking with Powershell
    • Powershell for Pentesters
    • Linux PrivEsc
    • Windows PrivEsc
    • Blue
    • Kenobi
  • πŸ“¦HackTheBox
    • Starting Point
      • Tier 0
        • Meow
        • Fawn
        • Dancing
        • Redeemer
        • Explosion
        • Preignition
        • Mongod
        • Synced
      • Tier 1
        • Appointment
        • Sequel
        • Crocodile
        • Responder
        • Three
        • Ignition
        • Bike
        • Funnel
        • Pennyworth
        • Tactics
      • Tier 2
        • Archetype
        • Oopsie
        • Vaccine
        • Unified
        • Included
        • Markup
        • Base
    • Walkthroughs
      • Lame
      • Analytics
      • Manager
      • Codify
Powered by GitBook
On this page
  • Pwnagotchi
  • Flashing
  • Starting
  • Config
  • Plugins
  • Bluetooth
  • Conclusion
Edit on GitHub
  1. Guides and How-To's
  2. Wardriving

Pwnagotchi

Last updated 1 year ago

Pwnagotchi

The is an A2C-based β€œAI” powered by that learns from its surrounding WiFi environment in order to maximize the crackable WPA key material it captures (either through passive sniffing or by performing deauthentication and association attacks).

Originally created by , it was not maintained and was picked up by , , and to continue development.

There is great document on the , as well as the .

I am using the software with the (version 2.8.6 at the time of writing) as I am running a . If you're running on other hardware, see and choose the one that fits your build.

For this, I will be using Debian as my host machine operating system, but this can also be done on Windows with the for SSH, for extracting the image, and you may need RNDIS drivers from ModCloud which can obtained . I will not be covering those in here but feel fre to reach out if you would like.

Flashing

After the image is downloaded, extract it so you have a .img file.

image

Open the RaspberryPi Imager and choose your device. As I am using a Pi Zero 2W, I will be selecing that.

Then choose the image you want. We will scroll to the bottom and select CUSTOM IMAGE and choose our .img we extracted.

Choose the MicroSD card you have inserted.

When asked if you would like to apply OS customisation, choose No.

It will inform you that the entire SD card will be erased and ask if that is OK. Choose yes.

Once it's done flashing, you're good to plug the Micro SD card into your Pi!

Starting

Start by connecting the micro-USB cable to the data port of your Pwnagotchi’s RPi, then connect the other end of that cable to your computer.

  • If your Pwnagotchi has already been booted up at least once before, you will soon see a new Ethernet interface on your host computer.

  • If you have never booted your Pwnagotchi before, it will take a few minutes to boot up or become visible or responsive. DO NOT INTERRUPT YOUR PWNAGOTCHI DURING THIS PROCESS. Just give it time to do it's thing, I recommend ~10 minutes.

When you see a new Ethernet interface on your host computer, you’ll need to configure it with a static IP address of:

IP: 10.0.0.1
Netmask: 255.255.255.0
Gateway: 10.0.0.1
DNS (if required): 8.8.8.8 (or whatever)

If everything’s been configured properly, you will now be able to ping either 10.0.0.2 or pwnagotchi.local. If we are able to ping the Pi, we should now be able to connect to your unit using SSH:

ssh pi@10.0.0.2

With this plugged into your computer, you can go to the pwnagotchi UI at http://10.0.0.2:8080 to see it's face in manual mode. The default username and password is changeme:changeme

Config

We can copy the default config file and make edits to that so we know what formatting and such to use. I find this easier but you can also just copy/paste settings or start on your own. To copy the default config we run:

sudo cp /etc/pwnagotchi/default.toml /etc/pwnagotchi/config.tml

The config location is /etc/pwnagotchi/config.yml , to edit this we can run

sudo nano /etc/pwnagotchi/config.yml

With this open we can modify multiple settings, like the name, WiFi's to whitelist(ignore), the default Web UI login, and plugin settings.

Plugins

I like to use the bluetooth so I can access it from my phone while out with it, but that isn't necessary.

Bluetooth

Our pwnagotchi will indicate the status via a little BT symbol at the top of the screen. The status codes are:

  • C Connected: This means the connection to the device has been established.

  • NF Not found: This means the connection to the device could not be established (probably because it could not be found).

  • PE Pairing Error: This error occurs on a pairing problem.

  • BE Bnep Error: This error occurs, when the NAP could not be created.

  • AE Address Error: The IP could not be assigned to the NAP interface.

Setup

To set this up, in the config file, we find a section to add in our phones bluetooth mac address. Depending on if you're using iPhone or Android will determine which section you use. It's straight forward when reading it.

After we save the setting and put it into Auto mode via the web UI, make your device discoverable via bluetooth, and it should attempt to pair/connect with your phone.

If this does not try to connect after a couple mintes, we may need to manually pair our devices together. To do this, put your phone in discoverable mode. On our pwnagotchi, run

sudo bluetoothctl

and once in the bluetooth-shell, to scan for nearby bluetooth devices, run

scan on

When you see the name/mac address of your phone run:

pair <mac>

and

trust <mac>

We will soon be prompted on the phone to allow connection from our pwnagotchi hostname.

Once we pair and trust the device, we can see we're connected!

Conclusion

image
image

There's a variety of cool plugins we can use, such as Bluetooth pairing so we can access the pwnagotchi fom our phone, uploading to websites, and more. There's some as well.

image

With that, we've got a pwnagotchi setup and connected via Bluetooth. From here, experiment with other plugins, get a nice and to make it even more portable! Even checkout ways to cusomize it with if you're not using Jayofelonys image like I am.

πŸ“”
3rd Party plugins
waveshare sceen
PiSugar battery
Fancygotchi
Pwnagotchi
bettercap
EvilSocket
Jayofelony
Aliminum-Ice
WPA2
new website
original website
RaspberryPi Imager
Jayofelony image
RaspberyPi Zero 2W
the other images
Putty software
7Zip
here