Eye Of Amun

Eye Of Amun
Remote wifi probe for Sticky Fingers Kali-Pi

 

Unifi AC Mesh dual radio
O
penWrt

Kismet remote capture
Aircrack-ng

 

 

Ingredients:

Server:
Sticky Fingers Kali-Pi
Kismet github edition with server service

The Eye:
Unifi AC Mesh
OpenWRT firmware
Kismet remote cap
Aircrack-ng

Kismet Client:
– Any client with ssh and web browser

Installation:

Server:
Note: Sticky Fingers Kali-Pi comes with both “Kismet stable” and “Kismet development – github edition” installed side by side. The version to be used is configured in “/home/pi/Kali-Pi/menu”.

New installation:
Install the latest Sticky Fingers Kali-Pi
Set “KISMETVER” to “2” in “/home/pi/Kali-Pi/menu”

Upgrade existing Sticky Fingers Kali-Pi:
Install https://github.com/kismetwireless/kismet

cd /home/pi/Kali-Pi

## Do either of the following two options
## 1. To upgrade the entire kali-pi menu:
sudo -u pi git pull
## 2. To only add the "Eye of Amun":
sudo -u pi git checkout Menus/kismet

cd Menus/kismet
sudo cp *.conf /usr/local/etc/
sudo cp kismet.service /etc/systemd/system/
sudo systemctl daemon-reload

Set “KISMETVER” to “2” in “/home/pi/Kali-Pi/menu”.
Start the kismet server by pressing the “Kismet” button in the menu.
The kismet server can also be run as a service by typing:

sudo systemctl enable kismet && \
sudo systemctl start kismet

 

Enable port forwarding and NAT:
To get Internet access on the eye to install packages or updates, enable port forwarding and masquerading on the Kali-Pi via:

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward
iptables -A FORWARD -i eth0 -j ACCEPT
iptables -A FORWARD -0 eth0 -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

I only enable it temporarily on a needs basis and don’t bother with persistence.

The Eye:

    • Connect the LAN interface of the Unifi AC Mesh to the same network as the Kali-Pi. The default IP address of the interface is “192.168.1.20”.
    • Log on to the Kali-Pi, download, extract and transfer the OpenWRT to the eye:
wget -O eye-of-amun.tar.xz https://re4son-kernel.com/download/eye-of-amun/
tar -xJf eye-of-amun.tar.xz
cd eye-of-amun
scp lede-17.01.4-ar71xx-generic-ubnt-unifiac-lite-squashfs-sysupgrade.bin ubnt@192.168.1.20:/tmp/
    • ssh into the eye
    • Follow these steps to to replace both firmware partitions with OpenWrt.
    • Point a web browser to the OpenWrt web interface at “192.168.1.1” (root/password)
    • Change root password
    • Configure the lan interface:
      IP: 192.168.254.254
      Netmask: 255.255.255.0
      Gateway: 192.168.254.1
      Disable DHCP server for the interface
    • Configure the LAN interface of the Kali-Pi to:
      IP: 192.168.254.1
      Netmask: 255.255.255.0
    • Connect the Eye to the Kali-Pi via direct LAN cable
    • Log back in to the Kali-Pi and transfer the OpenWRT to the eye:
      cd ~/eye-of-amun
      scp *.ipk kismet_cap ubnt@192.168.254.254:/tmp/
    • From the Kali-Pi, ssh into the eye and complete the installation:

      cd /tmp
      opkg update
      opkg upgrade
      opkg install libpcap aircrack-ng *.ipk
      uci set network.lan.peerdns='0'
      uci add_list network.lan.dns='9.9.9.9'
      uci commit
      cp kismet_cap /etc/init.d/
      /etc/init.d/kismet_cap enable
      /etc/init.d/kismet_cap start
    • Start kismet on the Kali-Pi

Usage:

1. Start the kismet server on the Kali-Pi
2. The initial web admin password is stored in:
“/home/pi/Kali-Pi/Menus/kismet/.kismet/kismet_httpd.conf”
2. Power up the eye
3. Ssh into the Kali-Pi via it’s wifi interface from your computer and establish a tunnel, e.g:

ssh -L 2501:localhost:2501 root@192.168.1.x

    or using PuTTY on Windows, goto  “connections->ssh->tunnels
4. Open a browser on your computer and point it to http://127.0.0.1:3501

Tips:

1. Upgrade all packages on the eye:

opkg list-upgradable | cut -f 1 -d ' ' | xargs opkg upgrade

2. Update the kismet server on the Kali-Pi:

cd /usr/local/src/kismet
make clean
git pull
./configure
make -j4
sudo make suidinstall

Happy hacking 🙂

Problems, questions, feedback? Join us in the forums:
https://whitedome.com.au/re4son/forum/

Last modified: Jun 7, 2018 @ 8:58 pm