prototype metasploit payload port from bash bunny for P4wnP1

HATs/hats.cfg

@@ -0,0 +1,5 @@
+#
+# config file for HAT support for P4wnP1
+
+## Pimoroni Blinkt ( 8 rgb Leds )
+PIMORONI_BLINKT=false

HATs/ledtool.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+. /home/pi/P4wnP1/HATs/hats.cfg
+
+ if $PIMORONI_BLINKT ; then
+   python /home/pi/P4wnP1/HATs/pimoroni_blinkt/ledtool.py "$1"
+ fi
+

HATs/pimoroni_blinkt/README.md

@@ -0,0 +1,23 @@
+
+Author : hahnstep (https://github.com/hahnstep)
+
+Credits :
+
+P4wnP1 is made by Mame82 : https://github.com/mame82
+
+## Setup
+
+enable the hat in HATs/hats.cfg , per default only the onboard led is enabled for no hat support
+
+## PIMORONI_BLINKT
+
+  led_blink with PIMORONI_BLINKT enabled
+
+     led_blink 1 turn on 1 led
+     led_blink 2 turn on 2 leds
+     led_blink 3 turn on 3 leds
+
+     and so on
+
+     led_blink 0 turn all leds off
+

HATs/pimoroni_blinkt/install.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+
+sudo apt-get install -y python-blinkt
+sudo pip install watchdog
+

HATs/pimoroni_blinkt/ledtool.py

@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+import sys
+import time
+import blinkt
+
+#blinkt.set_clear_on_exit(False)
+blinkt.set_brightness(0.05)
+
+def main(count):
+
+  if count == 0:
+    blinkt.set_all(0,0,0)
+  else:
+    for i in range(count):
+       blinkt.set_pixel(i, 255, 255, 255)
+       blinkt.show()
+       time.sleep(0.05)
+
+    time.sleep(0.3)
+
+
+if __name__ == "__main__":
+#        if len(sys.argv) < 1:
+#        sys.exit()
+        main(int(sys.argv[1]))

boot/boot_P4wnP1

@@ -42,6 +42,9 @@ source $wdir/boot/init_led.sh
 echo "P4wnP1: Loading config ..."
 source $wdir/boot/init_config.sh
 
+echo "P4wnP1: HATs config ..."
+source $wdir/boot/init_hats.sh
+
 # Create bash script which could be altered from /home/pi/.profile
 touch /tmp/profile.sh
 echo "#!/bin/bash" >> /tmp/profile.sh

boot/init_hats.sh

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+# for later, payload select 
+
+source $wdir/HATs/hats.cfg
+echo -n "PAYLOAD is set to: "
+echo $PAYLOAD

boot/init_led.sh

@@ -42,6 +42,9 @@ function led_blink()
 	then
 		echo "$1" > $ledtrigger
 	fi
+
+	# if some HAT support leds
+        $wdir/HATs/ledtool.sh "$1"
 }
 
 # disable LED for now

boot/init_wifi.sh

@@ -187,6 +187,13 @@ function generate_wpa_supplicant_conf()
 	# delete the network entry, to overwrite the old entry in next step (but don't store it later on)
 
 	generate_wpa_entry $1 $2 > /tmp/current_wpa.conf
+
+	# fix for a bug that appears if i install a blank pi zero w headless 
+	# with ssh and wpa_supplicant.conf enabled. 
+	# after install P4wnP1 its not possible to use Wifi Access Point  
+        # adding a wifi client per payload or setup.cfg fails 
+        sudo bash -c 'echo "" >> /tmp/wpa_supplicant.conf'
+
 	sudo bash -c 'cat /tmp/current_wpa.conf >> /tmp/wpa_supplicant.conf'
 
 	# ToDo: store the new network back to persistent config 

boot/led_blink_user.sh

@@ -27,4 +27,8 @@ function led_blink()
 	then
 		echo "$1" > $ledtrigger
 	fi
+
+	# if some HAT support leds
+        $wdir/HATs/ledtool.sh "$1"
+
 }

payloads/network_only.txt

@@ -49,7 +49,6 @@ WIFI_ACCESSPOINT_HIDE_SSID=false # don't hide ESSID
 
 BLUETOOTH_NAP=true # enable bluetooth NAP, P4wnP1 will be rechable via IP configured in setup.cfg (BLUETOOTH_NAP_IP)
 
-
 # The AutoSSH section enables a SSH reachback to a custom external SSH server
 # working like this:
 #   1) the target server is defined by AUTOSSH_REMOTE_HOST, the user by

tools/install_msf.sh

@@ -0,0 +1,38 @@
+#!/bin/sh
+
+sudo apt-get update
+sudo apt-get -y install build-essential zlib1g zlib1g-dev libxml2 libxml2-dev libxslt-dev locate libreadline6-de
+v libcurl4-openssl-dev git-core libssl-dev libyaml-dev openssl autoconf libtool ncurses-dev bison curl wget post
+gresql postgresql-contrib libpq-dev libapr1 libaprutil1 libsvn1 libpcap-dev libsqlite3-dev git-core postgresql c
+url gem ruby-dev ruby nmap
+sudo gem install wirble sqlite3 bundler
+
+sudo systemctl start postgresql
+sudo -u postgres bash -c "psql -c \"CREATE USER msfgit WITH PASSWORD 'msf';\""
+sudo -u postgres createdb -O msfgit msf
+
+mkdir -p ~/.msf4/plugins
+cd ~/.msf4/plugins
+curl -O https://raw.githubusercontent.com/jeffbryner/kinectasploit/master/db_autopwn.rb
+
+cat > ~/.msf4/database.yml << EOF
+production:
+ adapter: postgresql
+ database: msf
+ username: msfgit
+ password: msf
+ host: 127.0.0.1
+ port: 5432
+ pool: 75
+ timeout: 5
+EOF
+
+cat > ~/.msf4/msfconsole.rc << EOF
+db_connect -y ~/.msf4/database.yml
+EOF
+
+cd /home/pi/P4wnP1/tools
+git clone https://github.com/rapid7/metasploit-framework.git
+cd metasploit-framework
+bundle install
+