search

samyk / poisontap

Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
https://samy.pl/poisontap/
6.22k stars 993 forks source link

Mac: Works Once Only ? #59

Open Featherfx opened 7 years ago

Featherfx commented 7 years ago

I got it to work on my macbook air then I removed the RNDIS/Ethernet Gadget thing that gets installed under the Network manager in osx I deleted the cache from safari to remove the backdoors.

But when I replug in my raspberry pi zero, its doesnt install the RNDIS/Ethernet Gadget again nor the backdoors?

What i'm wondering is: is there some type of file that is created that tells the pi the machines that have been compromised already, so it doesnt re-do its thing?

Note- it installs on others computers fine, but not the same one. hmmmmm

MarkMallett commented 7 years ago

I have this exact same problem

Featherfx commented 7 years ago

Actually I found a workaround, all you have to do is go to Network, click that little plus sign at the bottom left corner. Under Interface: drop down list, select WIFI and press create or RNDIS/.. if you have that, I didn't have the RNDIS after I removed it, so I choose WIFI and just replugged in the pi zero and it worked again.

NOTE- ONCE the RNDIS is detected again, don't delete it, it doesnt do anything once the pi is disconnected, the only thing you need to delete is your cache files in safari or chrome or w.e you use in order to be able to browse again.

MarkMallett commented 7 years ago

Either I'm doing it wrong or that didn't work for me.

--
Mark Mallett

From: Featherfx notifications@github.com(mailto:notifications@github.com) Reply: samyk/poisontap reply@reply.github.com(mailto:reply@reply.github.com) Date: December 12, 2016 at 4:44:02 PM To: samyk/poisontap poisontap@noreply.github.com(mailto:poisontap@noreply.github.com) CC: MarkMallett mark.mallett@icloud.com(mailto:mark.mallett@icloud.com), Comment comment@noreply.github.com(mailto:comment@noreply.github.com) Subject: Re: [samyk/poisontap] Mac: Works Once Only ? (#59)

Actually I found a workaround, all you have to do is go to Network, click that little plus sign at the bottom left corner. Under Interface: drop down list, select WIFI and press create or RNDIS/.. if you have that, I didn't have the RNDIS after I removed it, so I choose WIFI and just replugged in the pi zero and it worked again.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub(https://github.com/samyk/poisontap/issues/59#issuecomment-266562227), or mute the thread(https://github.com/notifications/unsubscribe-auth/ALk5AHzumEEPvZy6-OPCUw2ekxy0pBvwks5rHcAigaJpZM4LDebf).

zenware commented 7 years ago

I have a MBP, I'm in progress setting up the tool right now and after I've done it I'll test this out and see what I can come up with

zenware commented 7 years ago

So I had a similar issue, what happened to me was that I had originally configured internet sharing as part of a headless setup process to be able to access the internet from the pi for updates. Before I disabled internet sharing and removed modules-load=dwc2,g_ether from the end of my /boot/cmdline.txt file it wasn't operating correctly. At least I think that's what was going on, because before I disabled that it would still show the orange dot and 'Self-assigned IP', and now it's showing green and connected. Though I did also try removing it to test it appearing without intervention, and while I was removing it from the list I was given the option "Would you like RNDIS/Ethernet Gadget to return next time it is connected to your Mac?" and I chose yes. After that it took about 30 or 40 seconds to appear in the menu and be functional.