[Tutor] Pen Testing with Maemo and Windows Mobile

[x.intruders]

omz2 and kakak2 DC.. ane gak sengaja muter2 nemu nih tutor..
ane lom sempet nyoba sih.. (Hp yg buat nyoba gak punya soalnya ) cm ane mo share aj sapa tau bisa bermanfaat..
klo dah ad yg berhasil kasih tau ane ya omz..
ni tutor full copas ane omz..

SUMBER MAEMO
SUMBER WINDOWS MOBILE

For MAEMO :
The n770, n800 and n900 are Linux based mobile devices from Nokia that are designed for portable web surfing, Internet Tablets as Nokia calls them. The platform for these devices is know as Maemo and since it's Linux based many hackers have extended its functionality greatly. Since both models have built in WiFi and Bluetooth, and the older 770 model has come down in price ($130 when I got mine), I've decided to use it as a mobile pen-testing device. This page will be a collection of my notes on how to install and run hacking/pen-testing software with the n800/n770/n810. This page is a very rough draft for now, I plan to update it as I have more information to convey.

The Operating System

Obviously, the first thing you will need is the proper OS. For my notes, I'm using Internet Tablet OS 2007 Hacker Edition (abbreviate IT2007HE) on a Nokia 770. IT2007 is meant for the n800, but the Hacker Edition version will run on the n770. I'm hoping that by using this edition I'll be able to write notes that should work on both models. To install IT2007HE download it from:
http://tabletsdev.maemo.org/os2007_hacker_edition.php

then use the installer from:
http://europe.nokia.com/support/product-...re-upgrade

Adding Software

Maemo appears to be Debian based and uses the APT package management system. You can install software off the web by using repositories you download from, or by installing individual .debs from the RS-MMC card. You can set up repositories by hand if you wish, like in the following screen shots:

Find the Application Manager


Bring up the catalogue


Add to the catalogue


Add to the catalogue


Or by using the built in web browser and clicking on .install files that are provided by the developers. The following are repositories I found useful, just open up your n770/n800s/n810 web browser to this page and click on the .install files to add them:

Repository Name: Polish Eko1 repository
Notable Packages: Not sure
Install File: http://irongeek.com/maemo/eko1.install
Notes: I've put this up despite it not having packages.

Repository Name: Polish Eko1 repository for IT2006
Notable Packages: becomeroot, btscanner, kismet, libpcap0.8, privoxy
Install File: http://irongeek.com/maemo/eko1kismet.install
Notes: I modified this to work on IT2007, mostly just for Kismet.

Repository Name: Maemo-hackers
Notable Packages: dropbear-client, dropbear-server, Gaim, Xterm, PHP
Install File: http://irongeek.com/maemo/maemo-hackers-...rm.install
Notes: A metric ton of apps. Xterm is a must for the comand line apps.

Repository Name: MUlliNER.ORG Maemo Software
Notable Packages: aircrack-ng, aircrack-ng, btaudit, dsniff, libp cap, nmap 3.95-1, tcpdump
Install File: http://irongeek.com/maemo/mullinerorg_bora.install
Notes: MUlliNER.ORG seems to have more security apps than anyone else.

Repository Name: Maemo.org Repository
Notable Packages: libpcap0.8, nano, netcat, tcpdump, wireless-tools, iputils, traceroute, wget, gpsd, Bash
Install File: http://irongeek.com/maemo/repository.maemo.org.install
Notes: Install this and get all those usefull IP tools like Ping and Traceroute

Repository Name: Maemo.org Repository Extras
Notable Packages: vncviewer, python, mplayer, maemo-mapper, evince, openssh, rdesktop
Install File: http://irongeek.com/maemo/repository.mae...ra.install
Notes: Even more good stuff.

If you want a large list of repositories, check out http://gronmayer.com/it/index.php?lang=en&system=maemo4

Once the repositories are set up you can install apps using the Application Manager and let it take care of the dependences for you. Just choose "Browse installable applications" and go through the alphabetical list, or use the binoculars icon to search for the package you want. It should be noted that to install some packages you will have to be in "Red Pill" mode. If you ever get an error that says you can't install something, put your tablet in "Red Pill" mode by going to add a new repository, typing just "matrix" in the web address line then hitting cancel and choosing Red as show in the screen shots below. If you want to find even more software for you 770/800 check out http://maemo.org/community/wiki/applicat...ositories/ .

Red Pill Mode 1


Red Pill Mode 2


Using the above repositories you should be able to add pen-testing apps like Nmap, Kismet, Netcat and others.
ecoming Root

For some apps like Kismet a Nmap, to get the full functionality you will have to become root. The easiest way is to drop out to a command line using Xterm and type "sudo gainroot" then use use whatever apps you like.


That's it for now, more to come later.

MetaSploit!!!

Pierre Droids has done some work to install Metasploit on the n800. Check out his blog entry here:

http://blog.pierre.droids-corp.org/2007/...ploit.html

and download hi packages from here:

http://pierre.droids-corp.org/maemo/

He even has a newer version of Nmap for use. Step by step instructions for installing Metasploit on your n800 can be found here:

http://mfresh-n800.blogspot.com/2007/07/...-3-on.html

I'm still working on getting it to run on the n770.

Conclusion

If you want be to continue working on this page send me your how to snibits and suggestions and I'd be glad to add them. If you are still having problems, check out by video on configuring a Nokia 770 with pen-testing tools:

Nokia 770/800 Pen-Testing Setup Video

Change Log:

09/22/2007: First draft of the notes.
09/26/2007: Added link to Paul Rubens' Metasploit instructions. Added link to my video.
01/16/2008: Added link to http://gronmayer.com/it/index.php?lang=en&system=maemo4 (thanks to BlackDeath for the link)


For WINDOWS MOBILE :
As some of you may know I run a website with information on using the Sharp Zaurus PDA as a Pen-testing tool. Since the Zaurus runs Linux, porting over security apps meant to run on a Linux PC is pretty simple. But what about the other, more popular side of the fence, the Microsoft Pocket PC (usually abbreviated PPC)? Unfortunately the choice of good pen-testing tools for Pocket PC is pretty limited. Your best bet if you want to use your PPC device as a Pen-testing tool is to see if you can find a distribution of Linux that supports your model and install it, forgoing the PPC/Windows Mobile/WinCE.net OS entirely[0]. With those caveats stated, let's dive into what tools are out there that would be useful to the mobile pen-tester. I'll concentrate on free tools since I have no budget and abhor the idea of paying for a tool that does a worse job than an Open Source alternative running on a Linux/PC platform. I'll also be sticking to tools that are useful for pen-testing and network reconnaissance, ignoring tools for securing the PPC itself like firewalls, encryption apps and anti-virus packages (as of this writing there seem to be more AV apps for the PPC then there are actual viruses). For my test system I'll be using a Dell Axim X5 with PPC 2003 and a Linksys WCF12 compact flash Wi-Fi card.

Installing Software

I'll gloss over the installation of PPC software; it's pretty easy. There are basically three different scenarios when installing a Pocket PC application:


1. In most cases there will be an installer that you run on your desktop PC that sets ActiveSync up so that the next time you dock your PPC the application will be installed for you automatically (you may have to tap a confirm button on the PPC itself).

2. The application may come as just the binary (an exe file) and support files which you will have to copy to your PPC using My Computer->Mobile Device->My Pocket PC, then run them using the File Explorer.

3. The third and least common way is if the app comes as a CAB file. In this case just copy the CAB file to your PPC the same way as above, then find it in the file explorer and tap it to install.

War driving (or is that walking?)

First let's look at war driving apps for the Pocket PC. One limitation the PPC has is that there seem to be no free tools that let you put the Wi-fi card into RF Mon mode; this means you will never see cloaked SSIDs. To get some of these war driving applications to work you may have to play a little driver bingo. For example the drivers from Linksys for my card won't work with any of these tools, but some other older Prism2 drivers will work just fine. If you have problems getting these applications to work do a Google search on the tool and Wi-fi card you are trying to use. If you have the cash you may want to look into Airmagnet [1] since it's the only PPC tool out there that I know of that will find cloaked SSIDs. Make sure you check the supported hardware list before you buy Airmagnet since it's kind of particular about hardware. As a side note, I really wish folks on forums would stop referring to war driving tools as sniffers; it just confuses the hell out of Google searches when looking for a real network sniffer. Here are some of the current free or Open Source PPC war driving apps:
Pocket Warrior
http://www.pocketwarrior.org/


The last version of PocketWarrior seems to have come out early in 2003, but it still works well. PocketWarrior supports a GPS and lets you save the information on the WAPs it found. All in all not bad if you don't mind missing cloaked SSIDs, but then again none of the other Wi-Fi tools I review below can see cloaked SSIDs either. PocketWarrior worked fine on my Prism2 based card as long as I used the older Senao drivers.


WiFiFoFum
http://www.wififofum.org

WiFiFoFum does not seem to have an installer; you just copy the files to your PPC and run the executable from File Explorer by tapping it. On my Axim X5 it just quit without giving an error message, but I've seen it in action before on an Axim X3 and worked quite well. WiFiFoFum has a radar like display that indicates how strong of a signal you're getting from a WAP, cute but it misleads some folks into thinking that the display is indicating the direction of the WAP. WiFiFoFum also support a GPS if you have Compact Framework SP2 installed.

MiniStumbler
http://www.netstumbler.com


MiniStumbler is the little brother of the Windows PC tool NetStumbler. It supports quite a few Wi-Fi chip sets and the current version (0.4.0 as of this writing) worked flawlessly with my Prism2 card. It has GPS support and a very intuitive interface. If you're familar with NetStumbler for Windows then you should feel right at home with MiniStumbler. It supports 802.11a as well as 802.11b/g networks. Since MiniStumbler saves its session files in the same format as NetStumbler you should have no problem using mapping programs meant for NetStumbler or uploading your finds to Wigle.net[2].

General Network Information Tools

I'll lump general tools that allow you to find out more about the network you're on into this category. Pocket PC ships with almost nothing built in for exploring the network you're connected to, but luckily there are a few third party tools that may help a little.

vxUtil
http://www.cam.com/vxutil.html


As far as free network information tools for the PPC go there's not much that can touch vxUtil. In some ways it's like SamSpade for the PPC. VxUtil Personal is several small applications rolled into one and supports the following functions:
DNS Audit
DNS Lookup
Finger
Get HTML
Info (sort of like IP config for Windows)
IP Subnet Calculator
Password Generator Ping
Ping Sweep
Port Scanner
Quote
Time Service
Trace Route
Wake On LAN
Whois

While most of these applications are pretty rudimentary they are quite useful and fill a spot left vacant by the tools that come with Pocket PC 2003. The port scanner is slow but it works; just don't expect all of the speed, stealth and packet options of a tool like Nmap.

vxSniffer
http://www.cam.com/vxsniffer.html


A pretty rudimentary network sniffer for the cost of $60 bucks, but there is a 30 day evaluation version. You can save out the network captures as a text file so make sure you invest in an SD card to write large dumps too.

Airscanner Mobile Sniffer
http://www.pdagold.com/software/detail.asp?s=223
http://www.airscanner.com/

Airscanner Mobile Sniffer only supported PPC 2002 (try it on PPC 2003 and you will likely get the error "Windows CE failed to load the packet capture driver"). It's kind of hard to find now since Airscanner dropped support for it but it's still mirrored on various sites. The sniffer's interface itself is not very good, but its one cool feature is that it can dump what it sniffs into a TCPDump format file which can then be loaded into more capable sniffers like TCPDump, Ethereal, Ettercap, etc.

vxSNMP
http://www.cam.com/vxsnmp.html

This simple tool lets you read and set SNMP values ( if you know the right community names, which can be sniffed since they are passed as plain text in versions 1 and 2 of the SNMP protocol).

Tiger Tools
http://www.tigertools.net

Tiger tools claims to support all sorts of pen-testing tools, but as it does not have an evaluation version I did not test it. It claims to be able to do multi-threaded port scanning, FIN scans and run simple exploit scripts. From what I can see on their web site it looks to be written in eMbeddedVB which gives me some doubts.

PocketConsole (and related tools)
http://www.symbolictools.de/public/pocketconsole/


Pocket console makes it easier for developers to port applications that use stdout to the Pocket PC and other Windows CE devices. Here are a few of the related project (hosted on the same site as PocketConsole) that you should be aware of:

PocketCMD
After installing PocketConsole this is probably the next app to setup. It works in a similar fashion as the Windows command prompt and is needed to run some of the apps listed below.

NetTools (Ping, Ipconfig, Route, Net, Netstat)
A few basic network tools Microsoft left out of Pocket PC. They may not be as full featured as their Windows XP cousins but they are still useful. The function of Ping and Ipconfig are obvious. Route lets you set up IP routing information (I'm not sure how useful this is since I never plan to use my PPC as a gateway device, but it's still cool that someone spent the time to figure it out). Net allows you view SMB shares and map share points. Netstat gives you various network statistics.

SNMPUtils
Allows you to retrieve and set SMNP values.

Telnet
Not as pretty as PocketPuTTY (mentioned below) but since you can specify ports it's more useful for doing banner grabs. For example, if you want to do a banner grab to find out what version of SSH a box is running you could use a command something like the following:
open some.server.com 22

If you are a developer you may want to look into using PocketConsole when porting over your Windows console apps.

PocketLAN
http://www.pocketgear.com/software_detail.asp?id=2825


PocketLAN costs $14.99 and seems like a nice tool for mapping share points to SMB file servers and finding out what machines are around you. I like the network scan function that does a quick ping sweep and reverse DNS lookup, then tells you information like the network card vendor (based on MAC address) and Domain/Workgroup the hosts belong to. You can view a report of the hosts it finds in HTML format, then copy the reports off of the PPC for later viewing (Quick tip: dock your PPC and look in My Computer->Mobile Device->My Pocket PC\\Program Files\Z2\PocketLAN to find the report).

V-Mobile Network Browser
http://www.pocketgear.com/software_detail.asp?id=14818

VM Network Browser costs $17.95 and does the same basic things as PocketLAN, but looks more like the classic Network Neighborhood interface. Unlike PocketLAN, VM Net Browser does not seem to do a ping sweep, but instead pulls its information from NetBIOS traffic or the Windows Browsemaster on the network (it's hard to tell without talking to the developers). VM Net Browser is not as responsive as PocketLAN and it doesn't give as much information about the hosts it scans.

NeoScan
http://www.dotnetux.net/


I don't know about paying $15 for a port scanner but of the ones I've tested it seems the fastest. Luckly there's a demo version. Just make sure you set it to only port scan hosts that respond to a ping, otherwise you will be waiting awhile. The bad side: I see no way to save your scans for later viewing.

NbtstatCE
http://sourceforge.net/projects/nbtstatce/

NbtstatCE does ping sweeps and is supposed to retrieve NetBios info. It appears to have no way to save the scan. Nice, not as slick as other tools but hell, it's open source. As of right now I can't seem to get it to actually pull NetBIOS info, but keep an eye on this app since it shows promise.

Netcat
http://prt.fernuni-hagen.de/~bischoff/wince/#netcat


Yep, there's a version of Netcat, the network Swiss army knife, for Windows CE. Netcat can be a bit clumsy to use but it's very versatile. With it you can shovel shells, port scan, do banner grabs and a host of other things. See the following website for many of the possible uses for Netcat:

http://www.giac.org/certified_profession...c/0436.php

If Netcat loses the connection before you can see the output check the files nc-stdin.txt, nc-stdout.txt and nc-stderr.txt located in the same directory as the Netcat executable. One bug with Netcat for Windows CE is that the backspace key does not work, so be carefull when you type in a command. To give you one example of usage, here is how you could use Netcat to do a quick banner grab to find out what version of sshd a host is running:

1. Start Netcat by tapping on nc.exe in the File Explorer.
2. Issue the command (replace "targethost" with the name or IP of the host you are connecting to):

targethost 22

3. Hit the enter key and open nc-stdout.txt if Netcat closes before you can read the output.

Clients

While not technically pen-testing tools, every pen-tester needs various clients to access the services they are targeting. Here's a short list of clients I find quite useful on the PPC platform.

Terminal Services Client

Not much to say here. Terminal Service Client comes with Pocket PC and it works fine if you can tolerate the small screen size and a lot of scrolling. Damn useful for connecting to a Windows Terminal Server or an XP box running Remote Desktop.

VNC Client
http://www.cs.utah.edu/~midgley/wince/vnc.html
or
http://sourceforge.net/projects/dotnetvnc/

While both of these VNC clients work, they seem slower than my grandma at the grocery. I think the slowness has something to do with my VPN or just a limitation of Windows CE networking (the VNC client on my Zaurus runs plenty fast). Neither has an installation wizard so just copy them to your PPC and run them using File Explorer. The cool thing about the .Net VNC client is that you can use the same executable on both your PPC and your Windows PC.

PocketPuTTY
http://pocketputty.duxy.net/


PocketPuTTY is the Pocket PC port of the popular Putty SSH client (now try to say that out loud). PocketPuTTY is pretty much your best option for connecting to your *nix box from the PPC. PocketPuTTY does not come with an installation wizard so just copy the files to your PPC. There are two different versions out on their site as of this writing. Make sure you get v0.1-prealpha-0.53b if you're running PPC2003 and newer or download v0.2-alpha-2k2-0.53b if you're using PPC 2002. One huge downside to this app is that I see no place to set it to connect on a non-standard port, so if you want to try banner grabbing use Netcat or the PocketConsole version of Telnet mentioned above.

Pocket IE (PIE)


Pocket IE comes bundled with PPC. The version that ships with PPC 2003 and later shows many speed improvements over the older one in 2002. Till Minimo is ready for prime time I'd recommend sticking to Pocket IE. Keep in mind that Microsoft does not keep PIE all that up to date, so you may want to make yourself aware of some of its vulnerabilities [3].

Minimo
http://www.mozilla.org/projects/minimo/


Minimo is a version of Mozilla meant for PDA size devices. They are working on porting it to Pocket PC (see a link to the early development version above). While it does not seem to be fully functional yet keep an eye on it in the future. By the way, just so you know, I did not mess up the screen shot to the right-it really looked like that when I ran it.

neoFTP
http://www.dotnetux.net/

A simple little freeware FTP client for those that need one.


Closing
That about sums it up for the PPC tools I've found useful. Sadly, Open Source developers have by and large ignored the Pocket PC platform in favor of other more open environments. If you know of any good pen-testing tools for the Pocket PC platform please email me and I'll update my list. By the way, if you don't have a Pocket PC yourself port scan your network for 999/tcp and you may find a co-worker that does.


moga bermanfaat ya omz..
ane sambil buka2 kamus ngartiin nih tutor..
yg udah bisa ato berhasil d share di mari yak.. ane kan jg pngn ..

mo lanjut dulu

[Super Moderator]

yang symbian ada gak yank?

[x.intruders]

ihh yayank nuxer.. yg ane nemu cm yg maemo.. itu pun ane lom nyobain.. gak pnya HPnya soalnya.. maemo emank keren yah.. basicnya dr linux.. maemo kernelnya bs d update gak ya..

[ketek]

wew maemo nice om, ngeri juga nih pentest dari hp

[jackerp]

Pingin Nyoba . tapi gk ngerti nhie gmn ................ ???

[x.intruders]

(01-21-2012 09:12 PM)jackerp Wrote:  
Pingin Nyoba . tapi gk ngerti nhie gmn ................ ???

ane jg pngn nyoba.. hp nya yg agak ad..
setau ane N900 OSnya pake maemo..

nabung ah buat bli N900..

[fu_150]

keren gan, aku udah make hampir 2 thun N900
bisa di instal nginx dll

[devilgyan]

its helpful