Objective of this project is to create a simple device that is connect to internal network to be assessed, and have a Wireless access point established to bridge from outside to the inside network. This device provide a means to overcome network segmentation and spoof a valid internal MAC address in attempt to by network access control (NAC).
The Raspberry PI ethernet network is physically connected to the target internal network, and the wireless adapter is setup as WiFi access point.
My other physical penetration tools, including another more expensive drop-box
Thanks too all for your support by buying me coffee, thanks you so much
\o/
High level setup steps:
- Install Kali Linux on Raspberry Pi4 or Raspberry Pi Zero 2W with Ethernet Hat.
- Preparing networking, NTP timezone, & changing default password of kali user.
- Install extra Penetration Testing Tools, Services, GPIO Libraries, daemons, etc.
- Setup Wireless access point on Kali OS.
- Change Ethernet MAC address to bypass Network Access Control (NAC).
- Wiring power direct to GPIO connectors, and wire the seven segment LED display to GPIO pin outs.
- Run a python script at startup as service (Create authentic look of physical device disguise with 7 segement LED display)
- SSH Connect via WiFi IP.
Download the 7z from Offsec Kali Linux for Raspberry Pi. Use
balenaEtcheras Local administrator on Windows 10 workstation to burn image to 32GB SD memory card.
Updated and tested with Raspberry Pi Zero 2W with ethernet hat connected - smaller
Change the ethernet
eth0to automatically get DHCP IP address. Edit/etc/network/interfaces
auto eth0
iface eth0 inet dhcp
auto wlan0
iface wlan0 inet static
address 192.168.4.1
netmask 255.255.255.0
auto lo
iface lo inet loopback
Change Kali user password
sudo passwd kali
Set the timezone where the pentest drop-box is GEO located:
sudo timedatectl set-timezone Africa/Johannesburg
Install extra Penetration Testing Tools, Services, wordlist, daemons:
sudo apt update && sudo apt upgrade -y
sudo apt install hostapd dnsmasq
gobuster
feroxbuster
bloodhound
rlwrap
searchsploit --update
xsltproc
jq
sudo apt -y install seclists
Tunnel pivot tool CHISEL
Install raspberry pi GPIO libraries on Kali Linux:
sudo apt install python3-rpi.gpio
set up Raspberry Pi 4 (running Kali Linux) as a wireless access point and use SSH (via PuTTY) to connect from laptop, follow these steps:
Running Kali Linux on Raspberry Pi 4, the system does not use
dhcpcd.conf
Configured theeth0interface using the/etc/network/interfacesfile
Wireless access point (AP) configuration:
Install the necessary packages:
sudo apt update
sudo apt install hostapd dnsmasqEnable the
hostapdservice:
sudo systemctl unmask hostapd
sudo systemctl enable hostapdUse
/etc/network/interfaces, to configure the static IP for the wireless interfacewlan0directly in that file.
- Open the
/etc/network/interfacesfile:
sudo nano /etc/network/interfaces- Add the following configuration for
wlan0to assign a static IP:
auto wlan0
iface wlan0 inet static
address 192.168.4.1
netmask 255.255.255.0This ensures
wlan0uses a static IP (192.168.4.1) for wireless access point.
- Save and close the file.
- Backup the default configuration file:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig- Create a new configuration file:
sudo nano /etc/dnsmasq.conf- Add the following lines to serve IP addresses for devices connecting to the access point:
interface=wlan0
dhcp-range=192.168.4.2,192.168.4.20,255.255.255.0,24hThis configures
dnsmasqto serve DHCP addresses from 192.168.4.2 to 192.168.4.20 for clients connecting towlan0.
- Save and close the file.
- Create a
hostapdconfiguration file:
sudo nano /etc/hostapd/hostapd.conf-
Add the following content:
interface=wlan0 driver=nl80211 ssid=MyAccessPoint hw_mode=g channel=7 wmm_enabled=0 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 wpa=2 wpa_passphrase=YourStrongPassword wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
Replace
MyAccessPointwith the SSID name, andYourStrongPasswordwith a strong password for the AP. -
Now tell the system to use this configuration by editing the
hostapddefault configuration:sudo nano /etc/default/hostapd
-
Modify the line
#DAEMON_CONF=""to:DAEMON_CONF="/etc/hostapd/hostapd.conf" -
Save and close the file.
To allow devices connecting to access point to access the local network, need to enable IP forwarding and set up NAT.
- IP Table Route Rules script
Edit /usr/local/bin/router-rules.sh:
sudo nano /usr/local/bin/router-rules.shPaste this (overwrite existing):
#!/bin/bash
set -euo pipefail
# --- settings ---
AP_IF="wlan0"
LAN_IF="eth0"
AP_NET="192.168.4.0/24"
# Wait until both interfaces exist (and have a link/IP)
for i in {1..30}; do
ip link show "$AP_IF" &>/dev/null && ip link show "$LAN_IF" &>/dev/null && break
sleep 1
done
# Optional: wait until wlan0 has its static IP and eth0 has any IPv4
for i in {1..30}; do
AP_HAS_IP=$(ip -4 addr show "$AP_IF" | grep -q 'inet 192\.168\.4\.' && echo yes || echo no)
LAN_HAS_IP=$(ip -4 addr show "$LAN_IF" | grep -q 'inet ' && echo yes || echo no)
[[ "$AP_HAS_IP" == "yes" && "$LAN_HAS_IP" == "yes" ]] && break
sleep 1
done
# --- enable IPv4 forwarding at runtime ---
sysctl -w net.ipv4.ip_forward=1 >/dev/null
# (Optional but sometimes helpful on multi-homed hosts)
# Disable reverse path filtering to avoid dropped replies
sysctl -w net.ipv4.conf.all.rp_filter=0 >/dev/null || true
sysctl -w net.ipv4.conf."$LAN_IF".rp_filter=0 >/dev/null || true
sysctl -w net.ipv4.conf."$AP_IF".rp_filter=0 >/dev/null || true
# --- reset tables ---
iptables -F
iptables -t nat -F
# --- forwarding rules (wlan0 <-> eth0) ---
iptables -A FORWARD -i "$AP_IF" -o "$LAN_IF" -s "$AP_NET" -j ACCEPT
iptables -A FORWARD -i "$LAN_IF" -o "$AP_IF" -d "$AP_NET" -m state --state ESTABLISHED,RELATED -j ACCEPT
# --- NAT for AP clients out via eth0 ---
iptables -t nat -A POSTROUTING -s "$AP_NET" -o "$LAN_IF" -j MASQUERADE
exit 0Make script executable:
sudo chmod +x /usr/local/bin/router-rules.sh- Update the systemd unit to also ensure forwarding
Edit /etc/systemd/system/router-rules.service:
sudo nano /etc/systemd/system/router-rules.serviceUse this content:
[Unit]
Description=Apply iptables NAT + enable IPv4 forwarding for AP->LAN routing
After=network-online.target
Wants=network-online.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/router-rules.sh
RemainAfterExit=yes
# If interfaces bounce, re-run this service manually
# or add a timer/udev trigger in the future.
[Install]
WantedBy=multi-user.targetReload & enable:
sudo systemctl daemon-reload
sudo systemctl enable router-rules.service
sudo systemctl start router-rules.service- Verify now and after reboot
Immediate check:
sudo sysctl net.ipv4.ip_forward
sudo iptables -t nat -L -n -v
sudo iptables -L -n -vFrom wireless client (192.168.4.x), test ping internal lan host on ethernet LAN:
ping 192.168.255.102
ping 192.168.255.129Reboot and re-test:
sudo rebootValidate after reboot:
sudo journalctl -u router-rules.service -b --no-pager
sudo iptables -t nat -L -n -v
sudo sysctl net.ipv4.ip_forward- The script waits for both interfaces to have IPv4 addresses before applying rules; this avoids races on boot.
- We set
ip_forwardat runtime, so no need for/etc/sysctl.conf.
-
From laptop, connect to the wireless access point created (
MyAccessPoint) using the password. -
Once connected, use PuTTY (or any other SSH client) to connect to the Raspberry Pi's static IP address (
192.168.4.1):- Host Name (or IP address):
192.168.4.1 - Port:
22 - Connection Type: SSH
- Host Name (or IP address):
To change the hostname on Kali Linux: Edit the
/etc/hostnamefile:
Replace the current hostname with desired new hostname.
Edit the
/etc/hostsfile:
Find the line that says
127.0.1.1 old-hostname(where old-hostname is current hostname). Change old-hostname to new hostname (e.g., new-hostname):
To ensure the MAC address remains after reboot, create file:
sudo mousepad /etc/systemd/system/macspoof@.serviceadding below line: Insert Content below in new file:
[Unit]
Description=Spoof MAC address for %i
Wants=network-pre.target
Before=network-pre.target
BindsTo=sys-subsystem-net-devices-%i.device
After=sys-subsystem-net-devices-%i.device
[Service]
Type=oneshot
ExecStart=/usr/bin/macchanger -m XX:XX:XX:XX:XX:XX %i
ExecStartPost=/usr/sbin/ip link set dev %i up
[Install]
WantedBy=multi-user.target
Enable the macspoof@.service
sudo systemctl enable macspoof@eth0.service
Start the Service
sudo systemctl start macspoof@eth0.service
sudo reboot
Verify the MAC Address
ip addr show eth0
Automatically run Python program at boot on Raspberry Pi running Kali Linux, setting it up using systemd. Confirm prerequisite of
python3-rpi.gpiois installed before starting python service.
Create a new service file for Python program:
sudo nano /etc/systemd/system/seven_segment.serviceAdd the following content to the service file, modifying the path to Python script if necessary:
[Unit]
Description=Seven Segment Display Script
After=multi-user.target
[Service]
Type=idle
ExecStart=/usr/bin/python3 /path/to/x/seven_segment.py
Restart=on-failure
User=pi # Replace 'pi' with Raspberry Pi username if different
[Install]
WantedBy=multi-user.targetExecStart: Replace
/path/to/x/seven_segment.pywith the full path to Python script. User: Comment out username of kali for pi to run as root.
Reload systemd to recognize the new service:
sudo systemctl daemon-reload
Enable the service so it runs at boot:
sudo systemctl enable seven_segment.service
Start the service immediately to test if it works:
sudo systemctl start seven_segment.service
Check the status of the service to ensure it's running without errors:
sudo systemctl status seven_segment.service
:See that the service is running. If there are any errors, check the logs for more details.
Reboot Raspberry Pi to confirm the script runs automatically at startup:
sudo reboot
If the service doesn't start correctly, check the logs with:
journalctl -u seven_segment.service
This will help identify any errors or issues that might be occurring.
The inside of the air freshner spray drop box containing raspberry pi 4 with USB power bank (battery for 5V)
After several months using a 32 GB size SDcard memory is out of disk space.
I ran out of space but did not want too loose all my customization and hosting data content.
✅ Full migration process replacing a full 32 GB Kali SD card with a 128 GB bootable upgrade, while keeping all custom configs and installed Kali Linux pentest tools.
- Working Raspberry Pi 4
- Full 32GB Kali Linux SD card (source)
- 128GB A1 Class 10 SD card (target)
- Ubuntu host machine
- Tools:
rsync,dd,losetup,blkid,gpartedorfsck
-
Remove the full 32GB SD card from Raspberry Pi 4, insert into Ubuntu host.
-
Unmount its partitions using
umountorlsblk. -
Create a full image backup using
dd:sudo dd if=/dev/sdX of=~/kali32.img bs=4M status=progress conv=fsync -
Prepare a 128GB A1 SD card (Class 10, non-A2 for Pi compatibility).
-
Flash official Kali Linux ARM64 image to 128GB card using Raspberry Pi Imager.
-
Boot test the 128GB card in Raspberry Pi 4 to confirm it works.
-
Insert 128GB SD card into Ubuntu, identify and mount the
ROOTFSpartition. -
Mount the 32GB
.imgfile's root partition usinglosetupand offset. -
Use
rsyncto copy the rootfs from image to mounted 128GB root partition:sudo rsync -aAXv ~/mnt/kali32-rootfs/ /mnt/kali128-rootfs/ -
Edit
/mnt/cmdline.txton the 128GB boot partition:-
Append to the end of the single line:
init=/bin/bash
-
-
Run
syncand unmount all partitions cleanly. -
Eject and insert the 128GB SD into the Raspberry Pi 4.
-
Pi boots into root shell (due to
init=/bin/bash). -
Run:
blkid
- Note the correct UUID of
/dev/mmcblk0p2
- Note the correct UUID of
-
Remount root as writable:
mount -o remount,rw /
-
Edit
/etc/fstabto replace old UUID with the correct one. -
Remove
init=/bin/bashfrom/boot/cmdline.txt -
Reboot:
sudo reboot
Original Kali build running on a fully bootable 128GB SD card, with full disk space and all data/configs preserved 🎯.