Hacking

Handy Devices Revolution: Handy Pentesting & Hacking Part 1

A few weeks ago, I wrote an article entitled 'Transforming your Android Phone into a Network Pentesting Device' which is obviously about turning your Android phone into a very simple graphical network monitoring tool and network penetration testing arsenal by installing dSploit. And so it has come to my mind that I should make a follow-up article on other handy or pocket devices aside from your smartphone (but we first start off with the smartphone overview) that are used by some ingenious hackers, information security enthusiasts, programmers and developers out there for handy penetration testing and hacking.

Smartphones

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

Download Now

We start off with the most common device in today's generation - the smartphone. There are a lot of smartphone systems that have revolutionized the market today like the iOS, Android, Blackberry, Symbian, Meego OS and Windows. Penetration testers however usually pick Android or iPhone devices not just because they are the two most popular ones, or that they have cool apps and functionalities, but because they are very handy for hacking and penetration testing.

The Metasploit 4, for example, has been tested fully for the iPhone 4S, and the official website of Offensive Security has detailed instructions on how to install it with your jailbroken iPhone, which can be found here.

Then there are also a lot of Android apps today that can be used for ARP spoofing, sniffing, session hijacking, port scanning, vulnerability assessment, network monitoring, forensic analysis and other cool stuff. One such is the dSploit application which is a free Android Network Penetration Suite released by evilsocket. For me, dSploit totally rocks not only because it is free but because of its functionality and uniqueness.

Aside from penetration testing tools and arsenals, smartphones take pride in free applications for coding and editing or IDEs (Integrated Development Environment) that can be used for programming such as DroidEdit, AIDE, Terminal IDE, Android Java Editor, C4droid, and Code Peeker.

In some cases, other venturers boot their smartphones with BackTrack 5 Linux which is a popular penetration testing distribution. This is possible because there is an ARM version that can be downloaded here, although it is not really advisable booting it in your smartphone if your phone has a small memory and storage. To lessen the amount of used memory resources and prevent a hang up, just install free Android applications that can be used for penetration testing. Take note that you need a rooted phone if you plan on converting your phone into an arsenal.

Tablet Computers or PC's

In terms of size, tablets and PCs are larger than smartphones, but in terms of usability in the field of penetration testing, they just have the same functionality (although not totally). If it runs on Android, then you can install dSploit, Droidsheep, zAnti, and Netspoof. BackTrack 5 ARM version runs smooth on Samsung Galaxy S too; all you need to do is to have these prepared:

A new microSD, 8 GB or more and you need to format it
A rooted device
Full Busybox Install (if you install titanium backup you get Busybox)
Terminal Emulator for your Android
A VNC client

Here is the link for the detailed tutorial on how to install BackTrack 5 ARM version in your Samsung Galaxy Tab.

If you have an iPad, then you can have Metasploit 4 installed too.

[caption id="" align="aligncenter" width="323"] (Image courtesy of BackTrack's Forum Website)[/caption]

Working with IDEs in tablet computers is easier than working with your smartphone because the touch screen keyboard is larger than that of a smartphone's. Overall, it minimizes the hassle and frustration.

The difference between a smartphone and a tablet is that the tablet has a bigger screen and more RAM and system resources. It may be larger but it is still handier than your laptop.

Raspberry Pi

Raspberry Pi is a ARM GNU / Linux box or a credit card size mini computer that can be plugged in to your TV using an HDMI cable and to your USB type keyboard. Aside from office work, programming, personal usage, and gaming, it is also used by enthusiasts out there as a penetration testing box by installing Ubuntu or Debian Linux and a couple of tools for information gathering, vulnerability assessment, exploitation, maintaining access, reverse engineering, social engineering, forensic analysis and VOIP analysis.

There are also two known penetration testing distros suited for Raspberry Pi today, PwnPi and Raspberry Pawn from Pwnie Express.

PwnPi is a Linux-based penetration testing drop box distribution which has 181 network security tools pre-installed and uses Xfce as its window manager. Following is a list of the tools in PwnPi as categorized by the lead developer:

Information Gathering

arping
bing-ip2hosts-0.2
chaosreader
darkstat
dmitry
dnstracer
dnswalk
enum4linux
frox
ike-scan
lynis
metagoofil-blackhat
netmask
ngrep
pscan
SearchEngineAssessmentToolkit
squid
sslsniff
sslstrip
swaks
tcpdump
tcpflow
tcpspy
tcptraceroute
theHarvester

Penetration

ExploitDB
Fasttrack
S.E.T
sqlbf
inguma
isr-evilgrade
metasploit (with db_autopwn)
msfencode
msfpayload
msfvenom
mysqloit
sqlbrute
sqlmap
sqlninja
wfuzz

Radio Network Analysis

airbase-ng
aircrack-ng
airdecap-ng
airdecloak-ng
airdriver-ng
aireplay-ng
airmon-ng
airodump-ng
airserv-ng
airtun-ng
besside-ng
bluesmash
bluetracker
bluewho
btscanner
ghettotooth
giskismet
hcidump
hcitool
ivstools
kismet
makeivs-ng
obexftp
packetforge-ng
prismstumbler
reaver
setbtaddr
ussp-push
wash
wavemon
weplab

Privilege Escalation

bkhive
chntpw
dsniff
etherape
ettercap
fcrackzip
john
medusa
netsed
ophcrack
packeth
packit
pdfcrack
pw-inspector
samdump2
ssldump
tcpick
tcpreplay
thc-hydra
wireshark
yersinia

Network Mapping

arp-fingerprint
arp-scan
fping
hostmap
hping3
knocker
nbtscan
netdiscoverer
nmap
nmapsi4
onesixtyone
p0f
pbnj
pnscan
scapy
sslscan
tcptraceroute
thc-amap
xprobe
zenmap

VoIP Analysis

fuzzer
sipcrack
sipdump
sipp
sipsak
svcrack
svcrash
svmap
svreport
svwar
torturer
voiphopper
voipong

Maintaining Access

6tunnel
cryptcat
dns2tcp
ftp-proxy
httptunnel
iodine
netcat
openvpn
proxychains
ptunnel
socat
stunnel4
tinyproxy
udptunnel
videlia
vinetto
wipe

Digital Forensic

aimage
chkrootkit
foremost
galleta
magicrescue
mboxgrep
scalpel
scrub

Vulnerability Identification

bfbtester
curl
fimap
flasm
lsat
netwox
nikto
openvas-client
openvas-server
ovaldi
ratproxy
skipfish
smb-nat
smbclient
w3af
wapiti
wbox

Reverse Engineering

dissy
splint

Miscellanious

ccrypt
httrack
ipcalc
macchanger
makepasswd
otp
pentbox-1.5
sendemail
u3-tool
w3m

Stress Testing

mz
siege

Raspberry Pwn on the other hand includes the following penetration testing tools: SET, Fasttrack, kismet, aircrack-ng, nmap, dsniff, netcat, nikto, xprobe, scapy, wireshark, tcpdump, ettercap, hping3, medusa, macchanger, nbtscan, john, ptunnel, p0f, ngrep, tcpflow, openvpn, iodine, httptunnel, cryptcat, sipsak, yersinia, smbclient, sslsniff, tcptraceroute, pbnj, netdiscover, netmask, udptunnel, dnstracer, sslscan, medusa, ipcalc, dnswalk, socat, onesixtyone, tinyproxy, dmitry, fcrackzip, ssldump, fping, ike-scan, gpsd, darkstat, swaks, arping, tcpreplay, sipcrack, proxychains, proxytunnel, siege, sqlmap, wapiti, skipfish, and w3af.

For me, Raspberry Pi is an ideal box for handy penetration testing because you can buy it for just $25 USD or $35 USD.

Minipwner

[caption id="" align="alignright" width="468"] (Image courtesy of minipwner.com)[/caption]

If you are into war driving and war walking, then Minipwner is for you. It is a customized TP-Link TL-WR703N router which has a 4GB flash drive in order to expand its storage capability. It includes 802.11n Wireless N and a Gig Ethernet port and runs on an OpenWRT flavor. It is also a penetration testing drop box which has the following pre-installed tools or software:

Nmap - a network scanner
Tcpdump - a sniffer
Netcat - the hacker's Swiss army knife
aircrack - used for wireless network analysis, auditing, and cracking
kismet - used for network analysis
perl - a Scripting language
openvpn - Virtual Private Network (OpenVPN) Client and Server
dsniff - a suite of sniffing and spoofing tools, including arpspoof
nbtscan - NetBIOS Network Scanner
snort - Sniffer, Packet Logger, Intrusion Detection System (IDS)
karma - Wireless Sniffing Tool but it does not work well yet
samba2-client - Windows File Sharing Client
elinks - text-based web browser
yafc - File Transfer Protocol Client
openssh-sftp - Secure File Transfer Client

Overall, it is a small but cool war driving tool that can be easily carried in a pocket, hidden behind a telephone, jeans, or hanging from a jack by a short Ethernet cable.

Minipwner can be bought for $99 USD and can only be shipped to US purchasers (how sad) but you can actually build a customized one as long as you secure a TP-Link TL-WR703N router which costs $22.34 USD and follow the instructions which can be found here.

PwnPhone

[caption id="" align="alignleft" width="336"] (Image courtesy of pwnieexpress.com)[/caption]

I already mentioned that smartphones are handy devices that can be used for hacking and penetration testing but I think it's also a good thing to highlight PwnPhone, which is a mobile phone-based penetration testing platform from Pwnie Express. This platform includes tools like Aircrack-NG, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, nmap, and many more.

This mobile phone has a built-in wireless chipset that supports packet injection, monitor mode, and promiscuous mode which means it can be used for wireless cracking.

This phone costs $995.00 USD.

Pwn Plug Wireless

Some people may describe this device as an ordinary power plug or something that has got to do with the Internet connection (but not a router LOL). But beware; Pwn Plug Wireless is another product of Pwnie Express which is a known company for selling pen testing drop boxes.

Pwn Plug Wireless is a commercial-grade penetration testing drop box that is pre-loaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack-ng, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth / VoIP / IPv6 tools, weevely, sqlmap, sqlninja, fimap, goohost, hping3, john, mdk3, and other known penetration testing tools. It also comes with a simple web-based administration interface called Plug UI.

Pwn Plug Wireless costs $695.00 USD though, so I would still vouch for a Raspberry Pi.

WiFi Pineapple

WiFi Pineapple is a hot spot honeypot penetration testing platform that has the ability to perform Man-in-the-Middle attacks. Here is a brief specification and functionality of WiFi Pineapple as described by the device's official website:

Fast Linux Kernel 3.2-based Jasager firmware (built on OpenWRT)
Built on the Atheros AR9331 SoC running at 400 MHz (2x speed of previous models)
802.11 b/g/n 150 Mbps wireless
2x Ethernet, one with PoE (Power-Over-Ethernet)
USB 2.0 for expanded storage, WiFi Interfaces and Mobile Broadband
Six common stealth deployment scenarios for secure remote target monitoring
MITM attack tools: Karma, DNS Spoof, SSL Strip, URL Snarf, Ngrep and more
Wireless cracking and deauth attacks with the Aircrack-NG suite
Autostart service like karma and reverse SSH for instant attack on power-up
Simple Mobile Broadband, Android Tethering, and Reverse SSH setups
Hands-off deployment of locally hosted payloads in standalone mode
Community-built modules add functionality with web interfaces for additional tools:nmap, tcpdump, java attacks, WiFi Jammer, bandwidth monitor, sslstrip, dynamic DNS, site survey and many more.
Stealth Access Point for Man-in-the-Middle attacks
Mobile Broadband (3G USB) and Android Tethering
Manage from afar with persistent SSH tunnels
Relay or Deauth attack with auxiliary WiFi adapter
Web-based management simplify MITM attacks

I am planning to buy WiFi Pineapple but sad to say, it is only available to US buyers. Even though its fourth hardware version has been released, this device still costs $99.99 USD which is manageable for all enthusiasts. I just wish that the Philippines would soon have these kinds of drop boxes.

Final Words for Part One

There are still a lot of penetration testing drop boxes and microcontrollers for hacking that are not included here since this is just part one of my article. I will be including Arduino in my next article along with other products of Pwnie Express.

The point of this article is to show how brilliant the ideas of modern hackers and developers who revolutionized handy hacking and pentesting are, and also to invite enthusiasts to contribute to these projects and try these ideas. So guys, I leave you hanging for this first article about Handy Devices Revolution. More coming soon.

References:

http://www.offensive-security.com/offsec/metasploit-4-on-iphone-4s-and-ipad-2/

http://techtips.salon.com/difference-between-iphone-smartphone-20068.html

http://android.appstorm.net/roundups/developer/15-apps-for-programming-on-android/

http://www.youtube.com/watch?v=ipU2h1u5Ehw

http://pwnpi.net/

http://blog.pwnieexpress.com/post/24967860602/raspberry-pwn-a-pentesting-release-for-the-raspberry

http://www.minipwner.com/index.php/f-bomb-pwnie-wifi-pineapple

http://pwnieexpress.com