search

samyk / poisontap

Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.
https://samy.pl/poisontap/
6.23k stars 994 forks source link

HELP: Poisontap for beginners #63

Open mtlca opened 7 years ago

mtlca commented 7 years ago

hi guys!

I work in the computer department of a public school and we want to educate the community about computer security. We want to introduce them to Poisontap.

We buy a raspberry pi 3 in order to program the poisontap. But it seems to be more complicated than expected. Is there a detail procedure from the beginning? Or are there existing files to download on the raspberry that would make the task easier?

Iam new in programming. Thanks for helping the community.

Thank you guys!!

crazy54 commented 7 years ago

I think this is a more broad question as you will need linux command line skills in order to complete the installation. The application is written for Node.JS, so you have to have to understand web servers and Node.

Start here on your own and move on if you feel like this is something you should bring into the class: http://nodeguide.com/beginner.html

Maybe it would be better to just discuss this in class - Can you imagine you training 40 kids and then giving them this kind of tool? Uh, does not seem like the smart way to go but that is just me...

FluxIX commented 7 years ago

Security is a field where you look for gaps or holes in systems; you need to teach about the applicable systems (OS, web server, network communication and protocols, etc) before you can effectively use such a tool as this.

mtlca commented 7 years ago

Thanks guyz for the advices, but can i have a step by step tutorial like those on youtube. I can do it:

  1. I Execute those lines sucessfully in linux shell:

sudo bash echo -e "\nauto usb0\nallow-hotplug usb0\niface usb0 inet static\n\taddress 1.0.0.1\n\tnetmask 0.0.0.0" >> /etc/network/interfaces echo "dtoverlay=dwc2" >> /boot/config.txt echo -e "dwc2\ng_ether" >> /etc/modules echo "/bin/sh /home/pi/poisontap/pi_startup.sh" >> /etc/rc.local mkdir /home/pi/poisontap chown -R pi /home/pi/poisontap apt-get update && apt-get upgrade apt-get -y install isc-dhcp-server dsniff screen nodejs

What is the next step?

Thank you!

MrARM commented 7 years ago

This will not run with the Raspberry Pi 3 hardware, as the raspberry pi zero has a special usb controller that supports usb hosts.

Check your local micro center for the Zero. got mine for $5.44 with tax.

mtlca commented 7 years ago

Thank you very much MR ARM. Would that work with that? https://inversepath.com/usbarmory

zenware commented 7 years ago

@mtlca Yes as the readme indicates it will work with the usbarmory, the lanturtle, the pi zero, and as @MrARM mentioned, anything which supports host mode I'm currently working on a write-up as I install and configure everything from a coffee shop right now.