I thought this would be easy, but after days I'm no closer to a solution. I'm using the kali-linux-2018.4-rpi0w-nexmon.img on a Raspberry Pi0W. The three basic ways I can think of to access a Pi wirelessly are:
1) Bluetooth over serial using getty/agetty and rfcomm
2) Bluetooth PAN
3) Wifi AP
The first method showed the most promise. I even got it to work, but it doesn't seem to be a full terminal. Certain programs (Wifite, apt-get) give errors about not being able to create child processes. If anyone wants to try, these were my steps:
Set Bluetooth Name:
echo PRETTY_HOSTNAME=Kali-Pi > /etc/machine-info
Stop ModemManager from interfering:
systemctl stop ModemManager
systemctl disable ModemManager
Modify /etc/bluetooth/main.conf:
[Policy]
AutoEnable=true
Edit /lib/systemd/system/bluetooth.service to enable BT services:
ExecStart=/usr/lib/bluetooth/bluetoothd -C
ExecStartPost=/bin/hciconfig hci0 piscan
ExecStartPost=/usr/bin/sdptool add SP
Start and enable bluetooth service:
systemctl enable bluetooth
systemctl start bluetooth
Create systemd service /etc/systemd/system/rfcomm.service
[Unit]
Description=RFCOMM service
After=bluetooth.service
Requires=bluetooth.service
[Service]
ExecStart=/usr/bin/rfcomm watch hci0 1 setsid /sbin/agetty --8bits --noclear -L rfcomm0 115200 linux
[Install]
WantedBy=multi-user.target
Enable and start the rfcomm service:
systemctl enable rfcomm
systemctl start rfcomm
Enable and start Bluetooth Service:
systemctl enable bluetooth
systemctl start bluetooth
Then:
sudo systemctl start hciuart.service
Pairing and Connecting:
bluetoothctl
discoverable on
pairable on
Once Paired:
bluetoothctl
discoverable off
pairable off
trust <BT-MAC of client>
THEN! To allow this Bluetooth connection to log on, we need to edit a file
nano /etc/securetty
And add rfcomm0
-----------------------------------------------------------------------
The second way was to set up a Bluetooth PAN. This almost worked, but I wasn't able to configure my phone or Windows computer to use the PAN, and I couldn't figure out the IP address of the Pi to SSH to.
1. image kali-linux-2018.4-rpi0w-nexmon.img to a MicroSD
2. apt update && apt full-upgrade -y
3. reboot
4. systemctl start hciuart
5. systemctl start bluetooth
6. bluetoothctl
> agent on
> default-agent
> scan on
> scan off
> pair XX:XX:XX:XX:XX:XX
> trust XX:XX:XX:XX:XX:XX
The XX:XX:XX:XX:XX:XX device should now be paired and trusted
Now, we install and start the PAN
cd /home
mkdir Pi
cd pi
git clone https://github.com/re4son/Kali-Pi
cd /home/pi/Kali-Pi
git pull
cd Menus/RAS-AP/
./bt-pan-ap-install
systemctl enable pan
systemctl start pan
--------------------------------------------------------------------------------
The third way, using Wifi, didn't work too well either. This is what I did:
Install Prerequisites:
sudo apt-get -y install hostapd dnsmasq
Or
sudo apt-get -y install hostapd dnsmasq dhcpcd5
Set a Static IP Address:
sudo nano /etc/dhcpcd.conf
At the end of the file, add this line:
denyinterfaces wlan0
Set a Static IP for the wlan0 Interface:
sudo nano /etc/network/interfaces
At the bottom of this file, add these lines:
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.5.1
netmask 255.255.255.0
network 192.168.5.0
broadcast 192.168.5.255
Configure hostapd:
sudo nano /etc/hostapd/hostapd.conf
The file may not exist. Put these lines in the file:
interface=wlan0
driver=nl80211
ssid=Kali-Pi
hw_mode=g
channel=8
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40][SHORT-GI-20][DSSS_CCK-40]
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_passphrase=Just-a-password
rsn_pairwise=CCMP
Configure hostapd Startup:
sudo nano /etc/default/hostapd
Replace this line:
#DAEMON_CONF=""
With this line:
DAEMON_CONF="/etc/hostapd/hostapd.conf"
Configure Dnsmasq:
sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.bak
sudo nano /etc/dnsmasq.conf
The file should be blank. Put this in it:
interface=wlan0
listen-address=192.168.5.1
bind-interfaces
server=8.8.8.8
domain-needed
bogus-priv
dhcp-range=192.168.5.100,192.168.5.200,24h
When I run this, I never get an IP address.
When I try it the Re4son way:
cd /home
mkdir pi
cd pi
git clone https://github.com/re4son/Kali-Pi
cd /home/pi/Kali-Pi
git pull
cd Menus/RAS-AP/
To configure password and SSID, edit the config file:
nano /home/pi/Kali-Pi/Menus/RAS-AP/ras-ap.conf
To run it:
/home/pi/Kali-Pi/Menus/RAS-AP/ras-ap.sh start
When I run it, I get:
--------------------------------
START Remote Access WiFi AP
--------------------------------
sed: can't read /RAS-AP/ras-ap.conf: No such file or directory
/home/pi/Kali-Pi/Menus/RAS-AP/ras-ap.sh: line 33: /usr/sbin/hostapd: No such file or directory
RTNETLINK answers: File exists
SIOCADDRT: File exists
dnsmasq: cannot read /RAS-AP/dnsmasq-dhcpd.conf: No such file or directory
Any ideas on what I'm doing wrong with any of these?