Smartphones We start off with the most common device in today’s generation – the smartphone. There are a lot of smartphone systems that have revolutionized the market today like the iOS, Android, Blackberry, Symbian, Meego OS and Windows. Penetration testers however usually pick Android or iPhone devices not just because they are the two most popular ones, or that they have cool apps and functionalities, but because they are very handy for hacking and penetration testing. The Metasploit 4, for example, has been tested fully for the iPhone 4S, and the official website of Offensive Security has detailed instructions on how to install it with your jailbroken iPhone, which can be found here.
Then there are also a lot of Android apps today that can be used for ARP spoofing, sniffing, session hijacking, port scanning, vulnerability assessment, network monitoring, forensic analysis and other cool stuff. One such is the dSploit application which is a free Android Network Penetration Suite released by evilsocket. For me, dSploit totally rocks not only because it is free but because of its functionality and uniqueness. Aside from penetration testing tools and arsenals, smartphones take pride in free applications for coding and editing or IDEs (Integrated Development Environment) that can be used for programming such as DroidEdit, AIDE, Terminal IDE, Android Java Editor, C4droid, and Code Peeker. In some cases, other venturers boot their smartphones with BackTrack 5 Linux which is a popular penetration testing distribution. This is possible because there is an ARM version that can be downloaded here, although it is not really advisable booting it in your smartphone if your phone has a small memory and storage. To lessen the amount of used memory resources and prevent a hang up, just install free Android applications that can be used for penetration testing. Take note that you need a rooted phone if you plan on converting your phone into an arsenal. Tablet Computers or PC’s In terms of size, tablets and PCs are larger than smartphones, but in terms of usability in the field of penetration testing, they just have the same functionality (although not totally). If it runs on Android, then you can install dSploit, Droidsheep, zAnti, and Netspoof. BackTrack 5 ARM version runs smooth on Samsung Galaxy S too; all you need to do is to have these prepared:
A new microSD, 8 GB or more and you need to format it A rooted device Full Busybox Install (if you install titanium backup you get Busybox) Terminal Emulator for your Android A VNC client
Here is the link for the detailed tutorial on how to install BackTrack 5 ARM version in your Samsung Galaxy Tab. If you have an iPad, then you can have Metasploit 4 installed too. Working with IDEs in tablet computers is easier than working with your smartphone because the touch screen keyboard is larger than that of a smartphone’s. Overall, it minimizes the hassle and frustration. The difference between a smartphone and a tablet is that the tablet has a bigger screen and more RAM and system resources. It may be larger but it is still handier than your laptop. Raspberry Pi Raspberry Pi is a ARM GNU / Linux box or a credit card size mini computer that can be plugged in to your TV using an HDMI cable and to your USB type keyboard. Aside from office work, programming, personal usage, and gaming, it is also used by enthusiasts out there as a penetration testing box by installing Ubuntu or Debian Linux and a couple of tools for information gathering, vulnerability assessment, exploitation, maintaining access, reverse engineering, social engineering, forensic analysis and VOIP analysis. There are also two known penetration testing distros suited for Raspberry Pi today, PwnPi and Raspberry Pawn from Pwnie Express. PwnPi is a Linux-based penetration testing drop box distribution which has 181 network security tools pre-installed and uses Xfce as its window manager. Following is a list of the tools in PwnPi as categorized by the lead developer: Information Gathering
arping bing-ip2hosts-0.2 chaosreader darkstat dmitry dnstracer dnswalk enum4linux frox ike-scan lynis metagoofil-blackhat netmask ngrep pscan SearchEngineAssessmentToolkit squid sslsniff sslstrip swaks tcpdump tcpflow tcpspy tcptraceroute theHarvester
Penetration
ExploitDB Fasttrack S.E.T sqlbf inguma isr-evilgrade metasploit (with db_autopwn) msfencode msfpayload msfvenom mysqloit sqlbrute sqlmap sqlninja wfuzz
Radio Network Analysis
airbase-ng aircrack-ng airdecap-ng airdecloak-ng airdriver-ng aireplay-ng airmon-ng airodump-ng airserv-ng airtun-ng besside-ng bluesmash bluetracker bluewho btscanner ghettotooth giskismet hcidump hcitool ivstools kismet makeivs-ng obexftp packetforge-ng prismstumbler reaver setbtaddr ussp-push wash wavemon weplab
Privilege Escalation
bkhive chntpw dsniff etherape ettercap fcrackzip john medusa netsed ophcrack packeth packit pdfcrack pw-inspector samdump2 ssldump tcpick tcpreplay thc-hydra wireshark yersinia
Network Mapping
arp-fingerprint arp-scan fping hostmap hping3 knocker nbtscan netdiscoverer nmap nmapsi4 onesixtyone p0f pbnj pnscan scapy sslscan tcptraceroute thc-amap xprobe zenmap
VoIP Analysis
fuzzer sipcrack sipdump sipp sipsak svcrack svcrash svmap svreport svwar torturer voiphopper voipong
Maintaining Access
6tunnel cryptcat dns2tcp ftp-proxy httptunnel iodine netcat openvpn proxychains ptunnel socat stunnel4 tinyproxy udptunnel videlia vinetto wipe
Digital Forensic
aimage chkrootkit foremost galleta magicrescue mboxgrep scalpel scrub
Vulnerability Identification
bfbtester curl fimap flasm lsat netwox nikto openvas-client openvas-server ovaldi ratproxy skipfish smb-nat smbclient w3af wapiti wbox
Reverse Engineering
dissy splint
Miscellanious
ccrypt httrack ipcalc macchanger makepasswd otp pentbox-1.5 sendemail u3-tool w3m
Stress Testing
mz siege
Raspberry Pwn on the other hand includes the following penetration testing tools: SET, Fasttrack, kismet, aircrack-ng, nmap, dsniff, netcat, nikto, xprobe, scapy, wireshark, tcpdump, ettercap, hping3, medusa, macchanger, nbtscan, john, ptunnel, p0f, ngrep, tcpflow, openvpn, iodine, httptunnel, cryptcat, sipsak, yersinia, smbclient, sslsniff, tcptraceroute, pbnj, netdiscover, netmask, udptunnel, dnstracer, sslscan, medusa, ipcalc, dnswalk, socat, onesixtyone, tinyproxy, dmitry, fcrackzip, ssldump, fping, ike-scan, gpsd, darkstat, swaks, arping, tcpreplay, sipcrack, proxychains, proxytunnel, siege, sqlmap, wapiti, skipfish, and w3af. For me, Raspberry Pi is an ideal box for handy penetration testing because you can buy it for just $25 USD or $35 USD. Minipwner If you are into war driving and war walking, then Minipwner is for you. It is a customized TP-Link TL-WR703N router which has a 4GB flash drive in order to expand its storage capability. It includes 802.11n Wireless N and a Gig Ethernet port and runs on an OpenWRT flavor. It is also a penetration testing drop box which has the following pre-installed tools or software:
Nmap – a network scanner
Tcpdump – a sniffer
Netcat – the hacker’s Swiss army knife
aircrack – used for wireless network analysis, auditing, and cracking
kismet – used for network analysis
perl – a Scripting language
openvpn – Virtual Private Network (OpenVPN) Client and Server
dsniff – a suite of sniffing and spoofing tools, including arpspoof
nbtscan – NetBIOS Network Scanner
snort – Sniffer, Packet Logger, Intrusion Detection System (IDS)
karma – Wireless Sniffing Tool but it does not work well yet
samba2-client – Windows File Sharing Client
elinks – text-based web browser
yafc – File Transfer Protocol Client
openssh-sftp – Secure File Transfer Client
Overall, it is a small but cool war driving tool that can be easily carried in a pocket, hidden behind a telephone, jeans, or hanging from a jack by a short Ethernet cable. Minipwner can be bought for $99 USD and can only be shipped to US purchasers (how sad) but you can actually build a customized one as long as you secure a TP-Link TL-WR703N router which costs $22.34 USD and follow the instructions which can be found here. PwnPhone I already mentioned that smartphones are handy devices that can be used for hacking and penetration testing but I think it’s also a good thing to highlight PwnPhone, which is a mobile phone-based penetration testing platform from Pwnie Express. This platform includes tools like Aircrack-NG, Metasploit, Kismet, GrimWEPa, SET, Fasttrack, Ettercap, nmap, and many more. This mobile phone has a built-in wireless chipset that supports packet injection, monitor mode, and promiscuous mode which means it can be used for wireless cracking. This phone costs $995.00 USD. Pwn Plug Wireless Some people may describe this device as an ordinary power plug or something that has got to do with the Internet connection (but not a router LOL). But beware; Pwn Plug Wireless is another product of Pwnie Express which is a known company for selling pen testing drop boxes. Pwn Plug Wireless is a commercial-grade penetration testing drop box that is pre-loaded with Debian 6, Metasploit, SET, Fast-Track, w3af, Kismet, Aircrack-ng, SSLstrip, nmap, Hydra, dsniff, Scapy, Ettercap, Bluetooth / VoIP / IPv6 tools, weevely, sqlmap, sqlninja, fimap, goohost, hping3, john, mdk3, and other known penetration testing tools. It also comes with a simple web-based administration interface called Plug UI. Pwn Plug Wireless costs $695.00 USD though, so I would still vouch for a Raspberry Pi. WiFi Pineapple WiFi Pineapple is a hot spot honeypot penetration testing platform that has the ability to perform Man-in-the-Middle attacks. Here is a brief specification and functionality of WiFi Pineapple as described by the device’s official website:
Fast Linux Kernel 3.2-based Jasager firmware (built on OpenWRT)
Built on the Atheros AR9331 SoC running at 400 MHz (2x speed of previous models)
802.11 b/g/n 150 Mbps wireless
2x Ethernet, one with PoE (Power-Over-Ethernet)
USB 2.0 for expanded storage, WiFi Interfaces and Mobile Broadband
Six common stealth deployment scenarios for secure remote target monitoring
MITM attack tools: Karma, DNS Spoof, SSL Strip, URL Snarf, Ngrep and more
Wireless cracking and deauth attacks with the Aircrack-NG suite
Autostart service like karma and reverse SSH for instant attack on power-up
Simple Mobile Broadband, Android Tethering, and Reverse SSH setups
Hands-off deployment of locally hosted payloads in standalone mode
Community-built modules add functionality with web interfaces for additional tools:nmap, tcpdump, java attacks, WiFi Jammer, bandwidth monitor, sslstrip, dynamic DNS, site survey and many more.
Stealth Access Point for Man-in-the-Middle attacks
Mobile Broadband (3G USB) and Android Tethering
Manage from afar with persistent SSH tunnels
Relay or Deauth attack with auxiliary WiFi adapter
Web-based management simplify MITM attacks
I am planning to buy WiFi Pineapple but sad to say, it is only available to US buyers. Even though its fourth hardware version has been released, this device still costs $99.99 USD which is manageable for all enthusiasts. I just wish that the Philippines would soon have these kinds of drop boxes. Final Words for Part One There are still a lot of penetration testing drop boxes and microcontrollers for hacking that are not included here since this is just part one of my article. I will be including Arduino in my next article along with other products of Pwnie Express. The point of this article is to show how brilliant the ideas of modern hackers and developers who revolutionized handy hacking and pentesting are, and also to invite enthusiasts to contribute to these projects and try these ideas. So guys, I leave you hanging for this first article about Handy Devices Revolution. More coming soon. References: http://www.offensive-security.com/offsec/metasploit-4-on-iphone-4s-and-ipad-2/ http://techtips.salon.com/difference-between-iphone-smartphone-20068.html http://android.appstorm.net/roundups/developer/15-apps-for-programming-on-android/ http://www.youtube.com/watch?v=ipU2h1u5Ehw http://pwnpi.net/ http://blog.pwnieexpress.com/post/24967860602/raspberry-pwn-a-pentesting-release-for-the-raspberry http://www.minipwner.com/index.php/f-bomb-pwnie-wifi-pineapple http://pwnieexpress.com http://hakshop.myshopify.com/products/wifi-pineapple
