Hand Held Auditing Device

[Robert.Clark at cern.ch (Robert Clark)]

H D Moore wrote:
> Metasploit 3 *works* on the Zaurus, the Nokia 770, and the Nokia n800 (so 
> I here), but besides being slow, the UI is just not cut it for a handheld 
> device. Tab completion rocks when you have a full keyboard and it almost 
> pointless when you are trying to hunt and peck with your thumbs :-) If 
> someone decided to build a mini-GUI (similar to the new GTK UI being  
> built now), it would go a long ways toward handheld portability. Even 
> with the best UI in the world, there is only so fast you can input 
> commands using a handheld. The most efficient use of a handheld is to 
> launch pre-configured attacks and monitor the status via a nice UI. 
> Working with a windows command shell (or even meterp) is going to be a 
> real pain no matter what kind of UI you make.
>
> The limitations with the Nokia 770 platform are:
>  * Slow CPU (this is much better with the n800)
>  * Limited RAM (metasploit can be quite piggy sometimes)
>  * Extremely slow storage (even with RS-MMC, maybe 300K/s)
>  * No raw wireless TX support (no fun wifi exploits)
>  * The devices auto-suspends w/o input, without on obvious way to disable
>  * No "real" USB host mode (without external power + cable + storage)
>
> The Zaurus I have (5500) has similar limitations, but at least the storage 
> and WiFi is less of an issue)
>
> -HD
>
> On Wednesday 07 February 2007 00:22, Dave King wrote:
> > A couple of things you might want to know are that you may want to be
> > careful choosing a device if you want metasploit 3 and Nessus 3.x to
> > run on them.  With Metasploit 3 I remember hearing that it doesn't work
> > on the n770 for example (I haven't heard if it works on the n800
> > though). I believe the Silica runs on one of these.  I think it's a
> > ruby slowdown thing but I'm not sure.  I tried to get it to run on an
> > iPaq using familar and had the same problems. 

Hi, There have been lots of good points raised! The pepperpad, though a
very cute toy in itself is too chunky for what I am looking for....

As this is for my dissertation there is more to it than simply building
a Linux handheld to support nessus and metasploit. The real crux of the
work is in building an underlying logic into the 'system' so that true
automated attacks can take place...

A very simplified example (please dont pick at this, this is the general
idea, I'm not saying that the end product will work like this... or even
work ;) ).

The device has three modes - passive and active and evil. Switch it to
passive and walk into an office building. The device logs information
about the wifi and bluetooth available, hops between APs and logs any
'interesting traffic'. The intention is that this may reveal important
infrastructure notes. Such as their networking, printer and possibly
voip infrastructure.

Switching to active starts the enumeration and exploitation process.
Metasploit is far more crucial to this than nessus as for my purposes I
can implement a system that performs the functionality that I want from
nessus without the rest of the bloat.

Evil is exactly that, its evil and most likely wont be in my
dissertation report (unless I can blag it being a vector for social
engineering). Evil will simply do everything it can to temporarily screw
over the infrastructure mass disassociations, bluetooth DoS etc... Might
not be useful for an auditor in the real world but damned fun in a busy
starbucks.

I'm still very much in the ideas and preparation stages at the moment so
all comments / advice are welcome. I'll also be at FOSDEM if anyone
wants to chat about it.

Cheers
-Rob