mailing list archives
Hand Held Auditing Device
From: Robert.Clark at cern.ch (Robert Clark)
Date: Wed, 07 Feb 2007 09:33:14 +0100
H D Moore wrote:
Metasploit 3 *works* on the Zaurus, the Nokia 770, and the Nokia n800 (so
I here), but besides being slow, the UI is just not cut it for a handheld
device. Tab completion rocks when you have a full keyboard and it almost
pointless when you are trying to hunt and peck with your thumbs :-) If
someone decided to build a mini-GUI (similar to the new GTK UI being
built now), it would go a long ways toward handheld portability. Even
with the best UI in the world, there is only so fast you can input
commands using a handheld. The most efficient use of a handheld is to
launch pre-configured attacks and monitor the status via a nice UI.
Working with a windows command shell (or even meterp) is going to be a
real pain no matter what kind of UI you make.
The limitations with the Nokia 770 platform are:
* Slow CPU (this is much better with the n800)
* Limited RAM (metasploit can be quite piggy sometimes)
* Extremely slow storage (even with RS-MMC, maybe 300K/s)
* No raw wireless TX support (no fun wifi exploits)
* The devices auto-suspends w/o input, without on obvious way to disable
* No "real" USB host mode (without external power + cable + storage)
The Zaurus I have (5500) has similar limitations, but at least the storage
and WiFi is less of an issue)
On Wednesday 07 February 2007 00:22, Dave King wrote:
A couple of things you might want to know are that you may want to be
careful choosing a device if you want metasploit 3 and Nessus 3.x to
run on them. With Metasploit 3 I remember hearing that it doesn't work
on the n770 for example (I haven't heard if it works on the n800
though). I believe the Silica runs on one of these. I think it's a
ruby slowdown thing but I'm not sure. I tried to get it to run on an
iPaq using familar and had the same problems.
Hi, There have been lots of good points raised! The pepperpad, though a
very cute toy in itself is too chunky for what I am looking for....
As this is for my dissertation there is more to it than simply building
a Linux handheld to support nessus and metasploit. The real crux of the
work is in building an underlying logic into the 'system' so that true
automated attacks can take place...
A very simplified example (please dont pick at this, this is the general
idea, I'm not saying that the end product will work like this... or even
work ;) ).
The device has three modes - passive and active and evil. Switch it to
passive and walk into an office building. The device logs information
about the wifi and bluetooth available, hops between APs and logs any
'interesting traffic'. The intention is that this may reveal important
infrastructure notes. Such as their networking, printer and possibly
Switching to active starts the enumeration and exploitation process.
Metasploit is far more crucial to this than nessus as for my purposes I
can implement a system that performs the functionality that I want from
nessus without the rest of the bloat.
Evil is exactly that, its evil and most likely wont be in my
dissertation report (unless I can blag it being a vector for social
engineering). Evil will simply do everything it can to temporarily screw
over the infrastructure mass disassociations, bluetooth DoS etc... Might
not be useful for an auditor in the real world but damned fun in a busy
I'm still very much in the ideas and preparation stages at the moment so
all comments / advice are welcome. I'll also be at FOSDEM if anyone
wants to chat about it.