Raspberry Pi Zero W P4wnP1 A.L.O.A
The Raspberry Pi Zero W P4wnP1 A.L.O.A. (A Little Offensive Application) image is a highly customized version of Kali Linux. It allows you to connect the Raspberry Pi to a computer, and send commands, or use its networking, all without having to interact with it, although you can do that too!
Currently the P4wnP1 A.L.O.A. image only supports the Raspberry Pi Zero W, not Zero 2 W.
Quick install and usage
Use the dd utility to image this file to your microSD card. In our example, we use a microSD which is located at
/dev/sdb. Change this as needed.
This process will wipe out your microSD card. If you choose the wrong storage device, you may wipe out your computers hard disk.
$ xzcat kali-linux-2022.3-raspberry-pi-zero-w-p4wnp1-aloa-armel.img.xz | sudo dd of=/dev/sdb bs=4M status=progress
This process can take a while, depending on your PC, your microSD card’s speed, and the size of the Kali Linux image.
Once the dd operation is complete, plug the microSD card into your Raspberry Pi Zero W.
From another computer, connect to the default wireless network
💥🖥💥 Ⓟ➃ⓌⓃ🅟❶of P4wnP1 A.L.O.A. with the password
Once you are connected to the P4wnP1 A.L.O.A. wireless network, you can access the system via either:
- The web interface (http://172.24.0.1:8000)
- Command line using SSH (
ssh [email protected]), then run the
- Locally compile the P4wnP1 A.L.O.A. CLI software, and pass
hostalong with your commands
One of the important customizations of this Kali Linux image, is that both the
kali users can SSH in.
root user has the default password of
- Go wild
P4wnP1 A.L.O.A. by MaMe82 is a framework which turns a Raspberry Pi Zero W into a flexible, low-cost platform for pentesting, red teaming and physical engagements… or into “A Little Offensive Appliance”.
P4wnP1 A.L.O.A. is not meant to:
- Be a “weaponized” tool
- Provide RTR payloads, which could be carried out by everybody, without understanding what’s going on or which risks are involved
P4wnP1 A.L.O.A. is meant to:
- Be a flexible, low-cost, pocket sized platform
- Serve as enabler for tasks like the one described here
- Support prototyping, testing and carrying out all kinds of USB related tasks, commonly used during pentest or redteam engagements, without providing a finalized static solution
P4wnP1 A.L.O.A. provides a configuration, which utilizes the given components to do the following things:
- Drive-by against Windows hosts in order to deliver in-memory client code to download stage2 via HID covert channel, based on keystroke injection (HIDScript)
- Starting the keystroke injection, as soon as P4wnP1 is connected to a USB host (TriggerAction issuing HIDScript)
- Bring up the stager, which delivers the Wi-Fi covert channel client agent via HID covert channel, as soon as the keystroke injection starts (TriggerAction running a bash script, which again starts the external server)
- Bring up the Wi-Fi covert channel server, when needed (same TriggerAction and BashScript)
- Deploy a USB setup which provides a USB keyboard (to allow keystroke injection) and an additional raw HID device (serves as covert channel for stage2 delivery) - the USB settings are stored in a settings template
- Deploy a Wi-Fi setup, which allows remote access to P4wnP1, in order to allow interaction with the CLI frontend of the Wi-Fi covert channel server - the Wi-Fi settings are stored in a settings template
- Provide a single point of entry, to deploy all the needed configurations at once (done by a Master Template, which consists of proper Wi-Fi settings, proper USB settings and the TriggerActions needed to start the HIDScript)
The best place for up to date information is on the project’s README.
If you need a reminder of the default passwords again:
Problems, questions, feedback? Join us in the forums
Updated on: 2022-Aug-10