One of the main reasons I purchased a Nokia N900 was due to the mere fact that stuffed inside (of the gorgeous hardware) is a recent Linux kernel, packaged with the regular GNU tools that make computing ever so enjoyable and apt/dpkg, which is arguably the greatest binary package managing system known to man. Back in the day, I was big into the blackhat side of life, something that never really leaves you. 10 years later I found myself writing small patches for Neutrino RTOS and wepattack, causing mayhem with the guys at 0x90.org and building custom translators for GNU/Hurd. Having a device with the power that I have on my desktop at home, is paramount.
Some of the tools that I use on my N900 are pen-testing related, development/debugging and general network mayhem purposes. I’ve created a short list of the applications I’ve cross compiled, packaged, had to do general hackwork on or ones that simply Just Work (tm) on my N900;
1). Metasploit - After some quick tips and talks with @hdmoore, I packaged up ruby, sqlite and gems that provided metasploit and db access. I later removed sqlite (I don’t need databasing anyway) and went with ruby et al packages from the maemo repositories for ease of use.
2). Ettercap-NG - I had numerous issues with lib linking with ettercap, pcre and GTK but got some help by a real dapper chap (@tchouky) with patches and binaries to boot. Both GTK and curses interfaces work, although it’s a bit difficult to use curses with the device keyboard, better suited for BT or SSH.
3). Wireshark / Ethereal - Needs to be “hildonized” by the binary packages in maemo.org repositories work as described. Capture works, promiscuous mode works and packet dissection works. I’d like to incorporate the LORCON Injection Patch eventually when we get raw frame support with WL1251.
4). SSLStrip - Since we’ve got Ettercap-NG we can setup ARP poisoning and other MiTM attacks. SSLStrip can be used to gank traffic out of encapsulation. Python2.5.4 along with python-twisted-web and conch are all in the maemo repositories, and sslstrip runs perfectly fine with no modifications.
5). dsniff - I found a package at the Maemo Garage with everything seemingly in order apart from functional arpspoof, seems to be an issue with my libnet installation. I’ve had to symlink too many libraries around it seems I might have dropped some compile flags wrong on my copy of libnet. You’ll need to symlink libcrypto and libssl files in /usr/lib to make it play nicely (after installing them from the repo) but it runs and returns no errors. I have yet to use it in a mischievous fashion.
6). kippo - I recently heard about this tool and Kojoney on the PaulDotCom podcast. If you have the above tools working, you’ll also have all the required dependencies for kippo. Unfortunately it seems that python-crypto has some false files and it doesn’t link properly. I’ll be working on this and submitting a package.
7). nmap - Yep. From the repo. Works mint.
8). w3af - A bit tricky to get working. I’ve been using a debian chroot (also installable from repo) but I’m certain it’s possible to get all the libraries over and running “natively”. I probably won’t bother, since NeoPwn2 will achieve that.
9). aircrack-ng - Semi functional for crunching. Not useful for on-the-spot penetration. It’s in the repositories. It’s an old version. You should checkout the newest source via svn and compile it.
10.) nikto - Without breaking my perl packages by installing a bucket load of modules for SSL, nikto2 runs just great.
That’s all for PART 1. Stay tuned for PART 2 of all the little tools you should keep in your arsenal. The little work I’ve done will pale in comparison to the work that’s being done on the BackTrack Mobile N900 images, which hopefully will be ready for public release shortly. I really can’t wait for the great work these guys are doing. You should check out the podcast episode 005 where the boys over at Social Engineer interview the BackTrack Linux development team (the same guys working on NeoPwn / BackTrack Mobile). Really good stuff.