How to make a Poison Tap (Hack locked Computers)

Samy Kamkar released a tool which allows for a Raspberry Pi Zero to emulate a USB Ethernet device and steal cookies from a locked machine.

We decided to make one and see how it worked. Below is a quick tutorial on how to set this up for yourself!

Requirements

  • Raspberry Pi Zero (Only the Zero will work)
  • Micro SD Card (8GB should be fine)
  • USB OTG Adapter (Used for setting up the Pi)
  • USB Ethernet Adapter
  • Micro USB Cable
  • SD Card Reader
  • About 10 Minutes of time.

This kit on amazon for £19.00 has everything you need to do this

Step 1

You will need the latest version of Raspbian, you can download this using the following link:

https://downloads.raspberrypi.org/raspbian_lite_latest

Step 2

Next we need to install the Raspbian Image on the Pi, to do this we will use Win32DiskImager , if you are on a Mac or Linux you can use DD in order to install the image.

Step 3

Now we have Raspbian installed on the SD card we need to add a file with no extension called ‘ssh’ into the boot directory of the SD card.

This allows the Pi to automatically start SSH without a screen attached.

Step 4

Find the Pi. I used arp-scan on Linux in order to find my Pi on the network. My USB Ethernet adapter is branded Plugable so it was easy to identify.

The default credentials are:

Username: pi

Password: raspberry

Step 5

At this point we are ready to start installing the Poison Tap software. We need to install Git on the Pi Zero. We can simply run:

sudo apt-get install git

Once we have Git installed we need to clone Samy’s repository:

git clone https://github.com/samyk/poisontap.git

Step 6

With the Poison Tap Repo installed next we need to run a quick setup script in order to have  everything set up:

wget https://www.demmsec.co.uk/install.sh; sudo bash install.sh

Step 7

At this point your very own Poison Tap should be ready to try! Plug it into your computer via USB and see if a network adapter comes up!

6 thoughts on “How to make a Poison Tap (Hack locked Computers)

  • February 9, 2017 at 4:28 pm
    Permalink

    So this will be sending data to Sammy’s server listed in the code on github?

    Reply
  • February 9, 2017 at 7:52 pm
    Permalink

    Nevermind, now I just watched the video. Did you ever figure out the server portion?

    Reply
  • April 4, 2017 at 2:41 am
    Permalink

    have you figured out the remote portion would love to see a video on that

    Reply
  • April 5, 2017 at 9:50 pm
    Permalink

    Yes, the PiZero is shown as internet hub. but it doesnt syphon cookies. Connected to a Windows PC, locked, accessed NFL.com, waited 3 min, disconnected the Pi and checked the poisontap folder. no cookies were there. what am i missing?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: