Part 2 will cover the set up of Poisontap on the Raspberry Pi Zero along with a short review outlining my thoughts on the program itself. This guide uses Raspbian Jessie Lite for the Pi operating system. I also utilized an USB serial cable but this can easily be worked around.
You will need:
-USB Serial Cable
-Raspberry Pi Zero
-Micro USB to Female USB 2.0 or 3.0
-Wifi Dongle
1. Preparing the Device
The biggest problem I ran into regarding getting Poisontap set up on the Pi was the lack of internet access on the device. You can purchase an adapter to be able to attach a USB Wifi dongle or Ethernet cable but the method I used was to be able to use the internet on my Arch laptop via Micro USB cable. Contact me if you want more details on this. For the purpose of this guide, I will assume you managed to connect a wifi dongle to the RPi and have internet access that way.
The first step is to enable the Ethernet on the RPi. I did this through accessing the MicroSD card on my laptop via an SD card reader.
In '/boot/config.txt', add the following line at the end of the file:
dtoverlay=dwc2
Then, in '/boot/cmdline.txt' add the following line after 'rootwait':
modules-load=dwc2,g_ether
Now, you will want to change the network settings to have the Pi act like an Ethernet connection over USB. Depending on the way you configure your internet connection on the Pi, you may want to leave this step for last, as in skip it and come back to it. DO NOT SKIP IT ENTIRELY. On the Pi, in '/etc/network/interfaces', add the following lines:
auto usb0 allow-hotplug usb0 iface usb0 inet static
address 1.0.0.1
netmask 0.0.0.0
2. Downloading PoisonTap
If you haven't already installed 'git' on the Pi, you will want to install it now. Then run:
git clone https://github.com/samyk/poisontap.git
Move to the downloaded directory and edit the configuration files to point at the back-end server you set up previously.
Once that's done, you'll want to add the PoisonTap script to '/etc/rc.local' on the Pi:
/bin/sh /home/pi/poisontap/pi_startup.sh &
Make sure to place this before 'exit 0'. Finally, install the following packages to allow PoisonTap to run properly and update the Pi to make sure all other packages are up to date:
sudo apt-get update && sudo apt-get upgrade && sudo apt-get install -y isc-dhcp-server dsniff screen nodejs
And there you have it! You should now have set up PoisonTap successfully on the Raspberry Pi Zero!
3. My Thoughts
Honestly, I'm rather unimpressed with the way PoisonTap operates. It does operate as advertised but I think the buzz surrounding it made me have unrealistic expectations for it.
As soon as I plugged the device into my test machine (my personal laptop), Chromium jumped into lock-down mode, not allowing for any traffic other than HTTPS. I managed to get be able to download browser data once I used Vivaldi as the browser but I still couldn't get any of the remote features to work. I do pride myself on running a tight ship when it comes to the security of my computer and I am completely unwilling to remove settings on this machine in order get this to work. It seems counter-intuitive to me. My goal was to end up with a device that can reliably gain access to machines and I don't feel like that's what I ended up with. This may be different under Windows but I don't have access to a Windows machine so I couldn't tell you.
Overall, if I had to rate this project as a flavor of ice cream, I would go with vanilla. It's good enough as so I'm not entirely disappointed but it certainly leaves room to be more impressive. The biggest take-away from this project was getting the RPi to function as an Ethernet device, which opens the door for future exploits and projects, but if you're hoping to have this 'wild and crazy' hacking device everyone has been describing, you're looking in the wrong place.
Have you tried this on the Pi Zero? That's what I'm working with. I'm going to follow your guide and see how it goes. There are issues getting the wifi working on the pi zero with Kali but I found it will connect to an unsecured network, so I just created one with my phone.
ReplyDeleteI did this with the RPi Zero but I did it under Raspbian. If you're going to use Kali, you're going to need to make some modifications as Kali uses different repos than Raspbian. For Raspbian, I recommend checking out this article on setting up wifi:
Deletehttp://www.suntimebox.com/raspberry-pi-tutorial-course/week-3/day2-1-wireless-network-setup/
I'd start after the 'lsmod' command if you're using a compatible wifi dongle. As for Kali, I have a hard time getting the wifi to connect on my Arch box with Kali in a VM so I really wouldn't recommend it for this purpose.
Since the Pi Zero is so cheap and how such limited system resources, I would only use it as a dedicated device for a single purpose. In this instance, Kali linux comes loaded with so may extraneous programs that it doesn't make sense to me to make a PoisonTap device using Kali. I really would recommend using Raspbian for this purpose.
When you say "edit the configuration files to point at the back-end server you set up previously" can you be more specific on which config file to edit and which piece of it? I believe I have mine edited but I must be missing something somewhere? Thanks
ReplyDeleteI did this and it worked! Only once and then I could not connect it to the usb hub it was originally connected to. I switched the SD cards out and it worked again, but my data was on the old one. Any suggestions?
ReplyDelete