Format_C/pivilion
1
0
Fork 0
mirror of https://gitlab.com/hacklab01/pivilion.git synced 2025-04-29 16:47:17 +00:00
Code Issues Projects Releases Wiki Activity

Update pivilion manual setup

j3d1n4 2019-01-20 19:09:27 +00:00
parent 1bbcb62b79
commit cbfdb2f981
1 changed files with 28 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
pivilion-manual-setup.md

@ -1,6 +1,6 @@
# Pivilion manual setup
You can chose to download one of our pre-installed images (not available atm) or follow this guide to install Pivilion on your Raspberry Pi from scratch and use it as a portable darknet gallery. It installs Tor with Lighttpd (Lighty) as a hidden service and runs a simple php based gallery system. Tor is free software for enabling anonymous communication and censorship circumvention. However, Pivilion doesn't use Tor for its anonimity features (but Tor still provides them). Tor is used to host a HTTP server as a hidden service. We make extensive use of its NAT punching capabilites to enable us to host a gallery behind NATs and firewalls. Keep in mind that this may or may not break your ISP contract if you do it from home. Using public WiFi to host hidden services, while not technically illegal if you were provided with the password by the owner of the WiFi, may present certain issues with their ISP. Since we're using Tor there is no way for you to get *caught*. With great power comes great resposibility. Be responsible in what you host and do on the darknet while using Pivilion.
You can choose to download one of our pre-installed images (not available atm) or follow this guide to install Pivilion on your Raspberry Pi from scratch and use it as a portable darknet gallery. It installs Tor with Lighttpd (Lighty) as a hidden service and runs a simple php based gallery system. Tor is free software for enabling anonymous communication and censorship circumvention. However, Pivilion doesn't use Tor for its anonimity features (but Tor still provides them). Tor is used to host a HTTP server as a hidden service. We make extensive use of its NAT punching capabilites to enable us to host a gallery behind NATs and firewalls. Keep in mind that this may or may not break your ISP contract if you do it from home. Using public WiFi to host hidden services, while not technically illegal if you were provided with the password by the owner of the WiFi, may present certain issues with their ISP. Since we're using Tor there is no way for you to get *caught*. With great power comes great responsibility. Be responsible in what you host and do on the darknet while using Pivilion.
### Use a Virtualbox image
For testing Pivilion without a Raspberry Pi, you can use Ubuntu server (or any other Debian-based OS) as a base and install all packages from this manual. Some package names may differ, depending on your system. Use
@ -9,7 +9,7 @@ For testing Pivilion without a Raspberry Pi, you can use Ubuntu server (or any o
to search for similar packages.
Run your appliance in bridged networking mode if you need to access your Pivillion appliance from your local network.
Run your appliance in bridged networking mode if you need to access your Pivilion appliance from your local network.
You can skip all the Raspberry-specific steps if you chose to use Virtualbox. You can also download prepared Virtualbox appliances with Pivilion completely installed, or a base system to install Pivilion yourself [here](https://download.pivilion.net/).
@ -21,7 +21,7 @@ You can also download the complete pre-installed appliance image and run Pivilio
1. Micro USB power adapter - a cable is also fine (you can connect to any USB port)
1. Min 8 GB (micro)SD card
1. SD card reader
1. Ethernet cable - optional - you can connect the Rpi to a HDMI screen and connect it to wifi as you would any computer. However, this setup is meant to be made over SSH - consider your Pi a server (even though it's on a table next to you :)). You can connect it to a display and once you input the wifi password, just connect to the pi via ssh from a different computer.
1. Ethernet cable - optional - you can connect the RPi to a HDMI screen and connect it to WiFi as you would any computer. However, this setup is meant to be made over SSH - consider your Pi a server (even though it's on a table next to you :)). You can connect it to a display and once you input the WiFi password, just connect to the Pi via SSH from a different computer.
### Software
1. [Raspbian image](https://www.raspberrypi.org/downloads/raspbian/)
@ -29,7 +29,7 @@ You can also download the complete pre-installed appliance image and run Pivilio
1. [Nmap](https://nmap.org/)- network scanning tool. This is optional, Arp is perfectly fine! **Be careful with nmap - scanning networks that are not yours may be illegal in your country!**
1. [Putty SSH client](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html) - Windows only
### Installing Rasbian
### Installing Raspbian
Always get a fresh and current Raspbian image before installing Pivilion. It will drastically speed up the update / upgrade step of the manual. Use [this guide](https://www.raspberrypi.org/documentation/installation/installing-images/README.md) from Raspberry Pi's official website. You can use either the full or the lite image, its up to you. Choose your system. Well be using Linux + dd.
### Enabling SSH on your Pi
@ -40,18 +40,18 @@ The boot partition on a Pi should be accessible from any machine with an SD card
### Connecting to your Pi
Once thats done, connect your RPi to a DHCP network with an ethernet cable and power it on. Depending on your network configuration, you can login to your RPi using it's hostname "raspberry", or use a network discovery tool to find it's IP address. Logging into your local router and checking the list of connected devices is also an option.
We will use nmap to scan our DHCP IP range for all hosts that are up. Replace 10.0.0.1/24 with your IP address range. You can also check you router's settings to see all devices connected to your network and their IPs.
We will use nmap to scan our DHCP IP range for all hosts that are up. Replace 10.0.0.1/24 with your IP address range. You can also check your router's settings to see all devices connected to your network and their IPs.
Enter
`nmap 10.0.0.1/24` into your terminal (replace 10.0.0.1 with your network's IP)
and
Login to your pi using SSH with username: pi password: raspberry.
Login to your Pi using SSH with username: *pi* password (which will, for security reasons, not be visible as you type it in): *raspberry*.
`ssh pi@10.0.0.5 `
(Replace 10.0.0.5 with your Rpi's IP)
(Replace 10.0.0.5 with your RPi's IP)
### Change the default password
@ -69,7 +69,7 @@ Check used and available storage with
`df -h`
And use raspi-config to expand the filesystem if needed.
And use raspi-config to expand the filesystem if needed (i.e. if its size differs a lot from the SD card capacity).
`sudo raspi-config`
(under Advanced options in the menu find Expand filesystem).
@ -88,7 +88,7 @@ Lighttpd (pronounced "lighty") is an open-source web server optimized for speed-
`sudo apt install lighttpd -y`
You can now navigate to your Rpi's IP (or hostname - raspberry) using a browser.
You can now navigate to your RPi's IP (or hostname - raspberry) using a browser.
You will see lighttpd's placeholder page.
@ -98,7 +98,7 @@ You will see lighttpd's placeholder page.
PHP (Hypertext Preprocessor) is a server-side scripting language designed primarily for (but not limited to) web development. We use it to run our basic gallery generation script.
php-cgi is a PHP to CGI interpreter. CGI (Common Gateway Interface ) offers a standard protocol for web servers to interface with executable programs running on a server that generate web pages dynamically. The interpreter is how Lighty handles PHP.
php-cgi is a PHP to CGI interpreter. CGI (Common Gateway Interface) offers a standard protocol for web servers to interface with executable programs running on a server that generate web pages dynamically. The interpreter is how Lighty handles PHP.
Apt will install all required dependencies.
@ -118,7 +118,7 @@ Reload the lighttpd daemon
`sudo apt install hostapd -y`
Hostapd (Host access point daemon) is a user space software access point capable of turning normal network interface cards into access points and authentication servers. We use it, in conjuction with dnsmaq, to turn the Rpi into a Wifi access point.
Hostapd (Host access point daemon) is a user space software access point capable of turning normal network interface cards into access points and authentication servers. We use it, in conjuction with Dnsmasq, to turn the Rpi into a WiFi access point.
If you pull Pivilion scripts and settings from Gitlab later on, the default SSID will be "Pivilion" and the default WPA2 passphrase will be "darknetofthings".
These can be edited in /etc/hostapd/hostapd.conf. Do this after pulling from git or your config file will get overwritten!
@ -139,11 +139,11 @@ Dnsmasq is a Domain Name System (DNS) forwarder and Dynamic Host Configuration P
`sudo apt install tor -y`
You can now choose to either pull the Pivilion scripts and Tor / Rpi configuration or make the next step [manually](#configuring-tor) and make your own custom Tor hidden service.
You can now choose to either pull the Pivilion scripts and Tor / RPi configuration or make the next step [manually](#configuring-tor) and make your own custom Tor hidden service.
## Cloning Pivilion settings and scripts via Git
We assume that your user is named pi. It will create direcotries in pi's home dir (/home/pi) and use scripts that reference that directory.
We assume that your user is named *pi*. It will create directories in pi's home dir (/home/pi) and use scripts that reference that directory.
Make sure you are root before doing these steps. The root account is disabled on Raspbian, so you will have to become root using by issuing
@ -170,7 +170,7 @@ We also need to set the permissions to our www directory so that PHP can write /
`sudo chown -R www-data:www-data /var/www/`
This command set Lighty's user "www-data" from the group "www-data" as the owner of /var/www (the webserver root directory)
This command sets Lighty's user "www-data" from the group "www-data" as the owner of /var/www (the webserver root directory)
`sudo chmod -R 775 /var/www`
@ -178,7 +178,7 @@ This command tells the system that all files and directories in /var/www have th
`sudo usermod -a -G www-data pi`
This adds the user pi to the group www-data, so that user can write to the /var/www directory when logged in to ssh or via sftp.
This adds the user pi to the group www-data, so that user can write to the /var/www directory when logged in to SSH or via SFTP.
Now reboot your RPi and log back in.
@ -197,7 +197,7 @@ You should now edit the hostapd config file by issuing
`sudo nano /etc/hostapd/hostapd.conf`
Change the wifi ssid (if you like) - the password should definitely be changed!
Change the WiFi SSID (if you like) - the password should definitely be changed!
### Configuring Tor
You can skip this if you cloned everything from GitLab and don't want to make a custom Tor service!
@ -206,19 +206,21 @@ Edit Tor's configuration file /etc/tor/torrc by issuing
`sudo nano /etc/tor/torrc`
Uncomment RunAsDeamon 1
Uncomment (remove the leading hash symbol, #)
In the section intended for hidden services only, uncomment (remove the leading # (hash) symbol) the two lines
RunAsDeamon 1
In the section intended for hidden services only, uncomment (by removing the # in front of) the two lines
HiddenServiceDir /var/lib/tor/hidden_service
HiddenServicePort 80 127.0.0.1:80
In order to setup additional services, simply add their port's to this list, followed by your localhost IP (always 127.0.0.1). Eg. for SSH via Tor we would add
In order to setup additional services, simply add their ports to this list, followed by your localhost IP (always 127.0.0.1). Eg. for SSH via Tor we would add
HiddenServicePort 22 127.0.0.1:22
Note that hidden service ports don't need to be the same as their local ports. It is reccomended to run services on high ports (1024-65535) for (not much) added security. The port for the http service is left at the default port 80, because otherwise we need to input the port in the URL, i.e. 7j4kxhmso6yhz2df.onion:1337 tp access the website on port 1337.
Note that hidden service ports don't need to be the same as their local ports. It is recommended to run services on high ports (1024-65535) for (not much) added security. The port for the http service is left at the default port 80, because otherwise we need to input the port in the URL, i.e. 7j4kxhmso6yhz2df.onion:1337 to access the website on port 1337.
Write your changes to the file with Ctrl + O. Exit nano with Ctrl + X.
@ -226,7 +228,7 @@ Now restart tor
`sudo systemctl restart tor`
Tor will generate a hostname. to view your hostname run
Tor will generate a hostname. To view your hostname run
`sudo cat /var/lib/tor/hidden_service/hostname`
@ -240,26 +242,26 @@ While logged in to the Pi via SSH there are four commands at your disposal.
All these commands are bash scripts located in the /usr/local/bin directory.
1. "pivilion" will display some info and a brief tutorial. It will also copy some files to proper positions.
1. "onion" will set your Pi to start in onion mode on next reboot. This is the default mode. In this mode, the Pi acts as a hidden service on Tor and serves your content.
1. "onion" will set your Pi to start in onion mode on next reboot. This is the default mode. In this mode, the Pi acts as a hidden service on Tor and serves your content.
1. "hotspot" will set your Pi to start in hotspot mode on next reboot. This mode can be used to connect to the Pi without being connected to a network. The Pi has the IP of 10.1.0.1. That means you can connect to it with
`ssh pi@10.1.0.1`
It will also redirect all non-encrypted traffic to this IP, meaning that all traffic will be redirected to your gallery. You can use this mode to serve a local instance of the gallery.
**Please remember to set the mode properly before each reboot or you might have to access your Pi via ethernet cable or screen.**
1. "pikey" is used to setup a Wifi network and password to be used in onion mode.
1. "pikey" is used to setup a WiFi network and password to be used in onion mode.
### Using the generator script to setup a gallery
After setting everything up, you can find the generator script by entering your Pi's IP address into your browser on port 81. This is only available on your local network, not through Tor - eg. http://192.168.15:81.
After setting everything up, you can find the generator script by entering your Pi's IP address into your browser on port 81. This is only available on your local network, not through Tor - e.g. http://192.168.15:81.
The script is very simple - it uses PHP to generate a static HTML site. It can take audio, video and images. The audio and video need to be encoded with certain codecs compatible with HTML5 media reproduction because of patents. [Here](https://developer.mozilla.org/en-US/docs/Web/HTML/Supported_media_formats)'s a breakdown on what's supported where. You should test and make sure your media files work. The use of WebM, an open, royalty-free media file format is recommended. [Here](http://wiki.webmproject.org/ffmpeg/vp9-encoding-guide)'s a VP9 encoding guide for video.
**Keep in mind that Tor is slow and optimize your images, audio and video properly! **
**Keep in mind that Tor is slow and optimize your images, audio and video properly!**
The gallery generator takes in some basic data such as the name, description, title of the specific works, etc. Sections are vertical while slides are horizontal. Each piece has its own page. You should play around to figure out how it works. Keep in mind that the script will overwrite everything each time you generate a new gallery, so preparing a directory of media and **backing up** :) is the way to go. This will be better implemented in the future.
### Custom HTML
You can also chose to overwrite anything the generator script generates or edit it manually just like you would HTML / PHP on any server. Use an FTP client such as [Filezilla](https://filezilla-project.org/) and the same username / password you would for logging in via SSH (point Filezilla to your Pi's IP and port 22). The directory that's served is /var/www/html/pivilion/gen. You can also edit Lighty's config in /etc/ lighttpd.conf and move the directory to where you see fit.
You can also choose to overwrite anything the generator script generates or edit it manually just like you would HTML / PHP on any server. Use an FTP client such as [Filezilla](https://filezilla-project.org/) and the same username / password you would for logging in via SSH (point Filezilla to your Pi's IP and port 22). The directory that's served is /var/www/html/pivilion/gen. You can also edit Lighty's config in /etc/ lighttpd.conf and move the directory to where you see fit.
Please note that Pivilion is in public beta and is sure to have some errors. Don't hesitate to help development by raising issues here https://gitlab.com/hacklab01/pivilion/issues