A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle




Side-Track: Security/Pen-testing Distribution Of Linux For The ZipIt Z2

Side-Track: Security/Pen-testing Distribution Of Linux For The ZipIt Z2

         If you follow my site, you know I dig the idea of mobile pen-test platforms. I'm also interested in dropboxes, little systems that are cheap enough to leave behind at a facility and have them remote back out to you (most firewalls are much weaker on egress than ingress filtering). The ZipIt Z2 is great platform for this task since it runs Linux and is only $50. I first got a feel for it by watching some episodes of Hak5. I decided to make my own security userland distribution for the ZipIt Z2, names Side-Track as a joking nod to Back-Track. I used Opt1k's RootNexus userland as my base, and made the following changes:
 


1. Edited inittab so root logs in, and got rid of the user account. Root's password is "toor" by the way, be sure to change it after install.
2. Disabled telnet and ftp, in favor of OpenSSH/SFTP.
3. Updated the WiFi scan script to work.
4. Updated the WiFi connect script to work with SSIDs that have spaces.
5. It now tries to reconnect to the last WPA or open AP you connected to on startup.
6. Updated wireless firmware from:
http://cozybit.com/projects/gspi8686/
(much better promiscuous and ARP poisoning support, but still no monitor mode)
7. Mine is a 2GB DD image, as oppose to RootNexus' 1GB.
8. Added the following packages:

 


 

cron
curl
driftnet
dsniff
etherape
ettercap
hping3
locate
man
netcat
netdiscover
netwox
ngrep
nikto
nmap
ntp
openssh-server
perl
ptunnel
python
rdesktop
ruby
samba-tools
samba4-clients
secure-delete
socat
sqlmap
tcpdump
tcpreplay
tcpxtract
traceroute
w3af
w3af-console
wget
whois
zenmap

    Plus all of the associated dependencies. I may add Metasploit later, but I doubt the ZipIt Z2 is fast enough. Also, some of the sniffing tools won't be able to keep up if you do ARP Poisoning.
 

Download
http://www.irongeek.com/downloads/side-track-0.2.zip


How To install:
If you have problems with these instructions, here are other resources you can use:
http://sourceforge.net/apps/mediawiki/openzipit/index.php?title=AutoFlasher_Software
which are also covered here:
http://hunterdavis.com/archives/227#more-227
and here:
http://www.hak5.org/mod/unlocking-linux-on-the-zipit-z2-a-50-hacktop

Stop when you get to the part with phsydiskwrite, I've got a better tool for that. Keep in mind, flashing can leave your ZipIt Z2 in an inoperable condition if things go wrong, I take no responsibility if you brick your ZipIt Z2. Install at your own risk. If you already have the OpenZipit kernel loaded on the ZipIt Z2, you may be able to skip to step 5.

From a Windows Box:

1. Grab My user land image and install files from here:
http://www.filedropper.com/side-track-02

2. Unzip it, it should contain a file named something like side-track-X.X.img and a folder called "first-sd". You will need a MiniSD card of at least 2GB in size.

3. Copy everything in the "first-sd" folder to an MiniSD card. The card should be formatted as fat16, but fat32 may work. All this folder really contains is the AutoFlasher script, and the kernel from Aliosa27. It will only work for flashing a stock ZipIt Z2. Also, keep an eye on Aliosa27 and the OpenZipit site for newer kernels and AutoFlasher scripts.

4. Insert the MiniSD and boot (you may have to use a paperclip and the reset switch on the left side). In short order, the AutoFlash script should do it's thing.

5. Get the Win 32 Image Writer from here:
https://launchpad.net/win32-image-writer
It's much easier to use than phsydiskwrite, at least for English only speakers.

6. Use it to write the user land image to an SD card.

5. If you wish to use a card bigger than 2GB, after you write the image to the SD, take it to a Linux box and use Gparted to expand ext3 partition to take up the rest of the space.


Usability notes:
(based on Opt1k's notes)
Root password is "toor", for the love of Cthulhu change this after install.

Keys:

[Options Button] = Enable mouse via d-pad
[Zipit Smiley Face Button] = Tab
[Little Smiley Face] = Esc

Shortcut Keys:
(Note: Ctrl key has ... printed on it)
Ctrl +f=fullscreen
Ctrl +z=prev window
Ctrl +l=close
Ctrl +d=desktop

This page may help with other key combos:
http://thebigredswitch.comuf.com/ZipIt/zipitkeymap-template.pdf

Useful Links:
http://zipit.rootnexus.org/
http://www.hak5.org/mod/unlocking-linux-on-the-zipit-z2-a-50-hacktop
http://hunterdavis.com/archives/category/zipit-hacking
http://aliosa27.net/projects/zipit2/
http://quantumlime.com/zipit
http://linux.zipitwireless.com/

Other folks who helped:
@n0b0d4
@Snubs
@hak5darren

 


ZIPIT Z2 All-In-One Wi-Fi Messenger (Black)

 

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast