Nmap
Updated for OZ 3.5.3
Website: http://www.insecure.org/nmap/
The only version on Nmap I have found that has be directly ported to the Zaurus is 3.27, but you can get the newer Debian ARM packages (available here: http://packages.debian.org/unstable/net/nmap ) to function with a little work. I'll be using version 3.93-1, which I have at my mirror. Download the following files:
libssl0.9.7_0.9.7e-r1_arm.ipk
libcrypto0.9.7_0.9.7e-r1_arm.ipk
libstdc++5_3.3.6-10_arm.deb
libstdc++6_4.0.2-2_arm.deb
libpcre3_6.3-1_arm.deb
nmap_3.93-1_arm.deb
Or you can also download libssl0.9.7_0.9.7e-r1_arm.ipk and libcrypto0.9.7_0.9.7e-r1_arm.ipk from the
OpenZaurus feed at
http://www.openzaurus.org/official/unstable/3.5.3/feed/libs/. You
can get the Debian packages for nmap, libpcre, libstdc++5 and libstdc++6 from
http://packages.debian.org/unstable/ as of the date of this writing.
Following these step by step instructions to install Nmap 3.81-2 on your Zaurus. All of them can be performed by secure shelling into your Zaurus or using the keypad at the Opie Terminal window:
1. Copy the five files listed above (in red) to a CF or SD card (I will use the CF card in my examples). Insert the card then change directories into whatever card you put them on.
cd /mnt/cf/
2. Install libcrypto and link it:
ipkg -d ram install libcrypto0.9.7_0.9.7e-r1_arm.ipk
ipkg-link add libcrypto0.9.7
Ignore any errors as long as it says "Successfully done" at the end.
3. Install libssl and link it:
ipkg -d ram install libssl0.9.7_0.9.7e-r1_arm.ipk
ipkg-link add libssl0.9.7
Ignore any errors as long as it says "Successfully done" at the end.
4. Install libstdc++5 and libstdc++6 and link them:
ipkg --force-depends -d ram install libstdc\+\+5_3.3.6-10_arm.deb
ipkg-link add libstdc\+\+5ipkg --force-depends -d ram install libstdc\+\+6_4.0.2-2_arm.deb
ipkg-link add libstdc\+\+6
Ignore any errors as long as it says "Successfully done" at the end.
4.5. If you installed the OZ version of pcre to get Konqueror to work remove it:
ipkg remove pcre
Otherwise just go to step 5.
5. Install libcre3 and link it:
ipkg --force-depends -d ram install libpcre3_6.3-1_arm.deb
ipkg-link add libpcre3
5.5. If you installed the OZ version of pcre to get Konqueror to work (or plan to install it later) symlink libpcre so Konqueror can find it:
ln -s /usr/lib/libpcre.so.3 /usr/lib/libpcre.so.0
ln -s /usr/lib/libpcreposix.so.3 /usr/lib/libpcreposix.so.0
If you install Konqueror later you will have to force depends:
ipkg --force-depends -d ram install konqueror-embedded_20030705-r3_arm.ipk
ipkg-link add konqueror-embedded
Otherwise just go to step 6.
6. Install Nmap 3.93-1 and link it and it's support files:
ipkg -force-depends -d ram install nmap_3.93-1_arm.deb
ipkg-link add nmap
You can find the full man page for Nmap at http://www.insecure.org/nmap/data/nmap_manpage.html but here are a few useful flags:
-P0 Don't ping first, this is useful because a lot of hosts turn of ICMP echo requests now.
-O Do an OS detection
-e Specify and interface (eth0, wlan0, etc)
-sV Version scan, find out the version of the daemon that's listening on an open port.
-A Does the same thing as doing a -O and -sV at the same time. This switch may do some other things in the future, ask Fyodor. :)
Also check out my videos:
http://www.irongeek.com/i.php?page=videos/nmap1
http://www.irongeek.com/i.php?page=videos/nmap2
| THC-Hydra Mark Owen sent me the following instructions for getting THC-Hydra to work on the Zaurus. Thanks Mark: From: Mark Owen [mailto:mr.markowen@gmail.com] Don't know if this will be of any use to anyone but I have THC-Hydra is a dictionary attack application that supports TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, Cisco auth, Cisco enable, and Cisco AAA (incorporated in telnet module). I am going to use it for testing in-house servers and password vulnerability demonstration to clients. I recommend it for only LEGAL USE AS USING IT OTHERWISE CAN GET YOU IN SERIOUS TROUBLE! It required a little sym linking but it works rather well overall. The program's site is at http://thc.org/thc-hydra/ I've created the following step by step howto on its installation. It requires libssh, libssl-dev, and libssl to run correctly. This howto expects you to know how to download and install them. Just run the following commands to successfully install it. cd wget http://thc.org/thc-hydra/hydra-4.5-arm.tar.gz gunzip hydra-4.5-arm.tar.gz tar xvf hydra-4.5-arm.tar cd hydra-4.5-arm ipkg install libssh_0.1_arm.ipk #Could not find in feed but includedin download ln -s /usr/lib/libssl.so.0.9.7 /usr/lib/libssl.so.0.9.6 ln -s /usr/lib/libcrypto.so.0.9.7 /usr/lib/libcrypto.so.0.9.6 echo /lib/libgcc_s.so.1 > /etc/ld.so.preload ipkg install hydra_4.5_arm.ipk hydra -h #DONE!
If you have any problems feel free to e-mail me back. Mark Owen
|
||
| Nemessis
Updated for OZ 3.5.1 Nemesis is packet injection utility. It allows you to spoof other hosts and generally cause confusion on the network. I just took the Debian ARM packages and renamed them with a .ipk on the end. The package comes with the following utilitys:
I wanted to get the newest package I could find (nemesis_1.32+1.4beta3-2_arm.deb) to work but I can't find a version on Libnet0 that I can install on my Zaurus. I decided to use the older version, 1.32-5. To install from the CF card do the following commands:
then symlink everything someplace in you path:
Since the libpcap libray files have a different name in OZ 3.5.1 we have to do the following symlink so nemesis can find it:
One cool use is to fake out an IDS system. If I used the command
it would make it look as if Microsoft.com was attacking the target host. Here is a example of a script I wrote that can be used to make it look like another host is doing a port scan:
copy all that into a text file, chmod +x it and use it by issuing a command like
You will most likely want to change your MAC address first. |
A note on modems and wardialing from a Zaurus:
Knightmare sent me some notes on wardialing from the Zaurus, and since I had no better category to post them in I'll put them here:
| Hi Irongeek, The Trendnet Compact Flash 56k V.90 Modem arrived friday. I have spent most of the day working with it, and managed to wardial a test PBX we have here. Some notes on my endeavour are: it was detect out the box on OpenZaurus 3.5.4, OZ popped up with a dialog box asking to configure it. I use minicom to wardial, with a war-dialing SALT script from http://www.textfiles.com/ but is compatible with minicom. You do need to edit the exchange to scan by hand, but a quick sed/nano 1 line edit is an easy trade off. This script uses minicom, and is confirmed as working with the UK phone system, and I would guess other european systems too, which is quite helpful. For the actual brute force attacks on mailbox passwords, I used THC login hacker (login_hacker-1.1.tar.gz) This is also a minicom script, so cuts down on dependencies, as well as being easy to edit. A really odd thing I noticed was with the modem's kernel module; 8390.o is missing. I will need to hunt around and perhaps compile a module for this. Although the device is seen by OZ 3.5.4, and works for a wardial; dial-up Internet doesn't work due to the missing 8390.o file. I have no idea why this doesn't prevent the modem from doing a wardial. It's the wierdest thing I have seen on a Linux box yet! I found a post stating how a guy made this modem work for dialup with his 5500, but I cannot seem to find the link again, and my browser cache at work was cleared. When I find the posting again, I will forward on an update. Hopefully this info has been of some use to you. If you do decide to add it on the site, could I ask you to use my Handle Knightmare, and not to post my email address...? Thanks. PS: The 770 is schedules for delivery soon, so I will post a seperate email with info on that. |