Pages

Tuesday, November 29, 2016

Part 1 - PoisonTap: Setting up the backend

This is the first in a series on how to set up PoisonTap, by Samy Kamar.
Poison Tap, a USB device that costs no more than $5, can hack into web browser cookies and other parts of any computer just by being plugged into a spare USB port, claims Samy Kamkar, the developer of the USB device. Kamkar built the device out of a Raspberry Pi microcomputer. [Source] 

This guide will cover setting up the backend server, which the Raspberry Pi communicates with to transmit data back to the attacker. This guide assumes you're familiar with using ssh along with being comfortable editing some text files.

1. Setting up a VPS

In order to run PoisonTap, you will need a server for the device to communicate with once it infiltrates the target device. In this guide, I'm using Digital Ocean to host the server. Thanks to the folks over at Jupiter Broadcasting, you can use the promo code "heresthething" to get a $10 credit toward your account which can be used for two free months of service.

Once you're signed up, follow Digital Ocean's easy-to-use interface to deploy an Ubuntu 14.04 x64 server with Node.js pre-installed. They will email you your ssh password and use this to log into the server. Once you're in the server, run the command:

apt-get update && apt-get install nginx git

Note: For the purpose of this guide, all commands must be run as root.

This will install nginx and git along with updating the package list.

2. Setting up nginx

The first thing you'll need to do is set up nginx. Create a new file called 'nginx.conf' in '/etc/nginx/conf.d/' and add the following code to it:


server {
    listen 80;

    server_name brighbox.tk;

    root /usr/share/nginx/html/node;
    index index.html index.htm;

    client_max_body_size 10G;

    location / {
        proxy_pass http://localhost:1337;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }
}

The post 1337 can be changed to any port but by changing the port, you will need to edit various config files which I'll go over later.

Then, run the following command to ensure that pm2 is installed on your VPS:


npm install pm2 -g

3. Launching the node.js application

Now that you're all set up, head over to Samy Kamar's github to download PoisonTap, or pull it using git by running the command:

git clone https://github.com/samyk/poisontap.git

Then, change your working directory to the poisontap directory:


cd poisontap

Once in the working directory, we can check that the .js application will run properly by running:


node backend_server.js

If any errors are thrown here, do not fret. There is excellent documentation available regarding node.js and Digital Ocean. You can find this information here.

Once the node.js application is running correctly, you can launch it by running:


pm2 start backend_server.js

Then, you'll need to restart the nginx service:


service nginx restart

And finally, you can make sure that the application is running using the command:


pm2 list

You should see the following:

Expected output from the pm2 list command
pm2 list

And there you have it! Now the backend server for PoisonTap is set up and you're ready to set up your Raspberry Pi Zero to communicate with it! Stay tuned for my guide on setting up the Raspberry Pi Zero with PoisonTap. Please feel free to leave any comments or ask any questions, I'm more than happy to help folks out.

Notes:

The first thing to realize is that it is a Federal crime in the United States to gain unapproved access to digital media. This guide exists for educational purposes only. If you choose to disregard this warning, know that the services running on a target computer will point to your Digital Ocean server, making it very easy for someone to track you down, probably resulting in jail time. Use at your own risk!



6 comments:

  1. Nice explanations, thanks !
    I'm very impatient to discover your guide to setting up poisontap on the Raspbery :)

    ReplyDelete
  2. Tnx for the effort. While executing 'pm2 list' I noticed that I recieve 'watching' ´ disabled. What should I do?

    ReplyDelete
    Replies
    1. watching doesn't need to be enabled in order for it to work. I would suggest checking out 'man pm2' for more details as to what watching entails.

      Delete
  3. ok am new to this and was trying to test on a local kali linux install
    i followed you're steps but when i run npm install
    i get the error
    bash: npm: No such file or directory

    could you please help

    ReplyDelete
    Replies
    1. Kali Linux doesn't come pre-installed with node.js. You'll need to install node.js first then you will be able to run 'npm install...'

      Delete
  4. This is excellent, I've had a hard time finding anything about setting up the back end.

    ReplyDelete