A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Scanners and PAcket Tools


Updated for OZ 3.5.3
Website: http://www.insecure.org/nmap/  

     The only version on Nmap I have found that has be directly ported to the Zaurus is 3.27, but you can get the newer Debian ARM packages (available here: http://packages.debian.org/unstable/net/nmap ) to function with a little work. I'll be using version 3.93-1, which I have at my mirror. Download the following files:


     Or you can also download libssl0.9.7_0.9.7e-r1_arm.ipk and libcrypto0.9.7_0.9.7e-r1_arm.ipk from the OpenZaurus feed at http://www.openzaurus.org/official/unstable/3.5.3/feed/libs/. You can get the Debian packages for nmap, libpcre,  libstdc++5 and libstdc++6 from http://packages.debian.org/unstable/ as of the date of this writing.

     Following these step by step instructions to install Nmap 3.81-2 on your Zaurus. All of them can be performed by secure shelling into your Zaurus or using the keypad at the Opie Terminal window:

1. Copy the five files listed above (in red) to a CF or SD card (I will use the CF card in my examples). Insert the card then change directories into whatever card you put them on.

cd /mnt/cf/

2. Install libcrypto and link it:

ipkg -d ram install libcrypto0.9.7_0.9.7e-r1_arm.ipk
ipkg-link add libcrypto0.9.7

Ignore any errors as long as it says "Successfully done" at the end.

3. Install libssl and link it:

ipkg -d ram install libssl0.9.7_0.9.7e-r1_arm.ipk
ipkg-link add libssl0.9.7

Ignore any errors as long as it says "Successfully done" at the end.

4. Install libstdc++5 and  libstdc++6 and link them:

ipkg --force-depends -d ram install libstdc\+\+5_3.3.6-10_arm.deb
ipkg-link add libstdc\+\+5

ipkg --force-depends -d ram install libstdc\+\+6_4.0.2-2_arm.deb
ipkg-link add libstdc\+\+6

Ignore any errors as long as it says "Successfully done" at the end.

4.5. If  you installed the OZ version of pcre to get Konqueror to work remove it:

ipkg remove pcre

Otherwise just go to step 5.

5. Install libcre3 and link it:

ipkg --force-depends -d ram install libpcre3_6.3-1_arm.deb
ipkg-link add libpcre3

5.5. If you installed the OZ version of pcre to get Konqueror to work (or plan to install it later) symlink libpcre so Konqueror can find it:

ln -s /usr/lib/libpcre.so.3 /usr/lib/libpcre.so.0
ln -s /usr/lib/libpcreposix.so.3 /usr/lib/libpcreposix.so.0
If you install Konqueror later you will have to force depends:
ipkg --force-depends -d ram install konqueror-embedded_20030705-r3_arm.ipk
ipkg-link add konqueror-embedded
Otherwise just go to step 6.
6. Install Nmap 3.93-1 and link it and it's support files:
ipkg -force-depends -d ram install nmap_3.93-1_arm.deb
ipkg-link add nmap

You can find the full man page for Nmap at http://www.insecure.org/nmap/data/nmap_manpage.html but here are a few useful flags:

-P0   Don't ping first, this is useful because a lot of hosts turn of ICMP echo requests now.

-O   Do an OS detection

-e   Specify and interface (eth0, wlan0, etc)

-sV   Version scan, find out the version of the daemon that's listening on an open port.

-A Does the same thing as doing a -O and -sV at the same time. This switch may do some other things in the future, ask Fyodor. :)

Also check out my videos:




Mark Owen sent me the following instructions for getting THC-Hydra to work on the Zaurus. Thanks Mark:

From: Mark Owen [mailto:mr.markowen@gmail.com]
 Sent: Sun 1/16/2005 1:22 PM
 To: openzaurus-users@lists.sourceforge.net
 Cc: irongeek@irongeek.com
 Subject: THC-HYDRA Zaurus howto

Don't know if this will be of any use to anyone but I have
successfully installed THC's hydra ARM binary release on my 3.5.2 5500 Zaurus.

THC-Hydra is a dictionary attack application that supports TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ,  SAP/R3, Cisco auth, Cisco enable, and Cisco AAA (incorporated in telnet module).

I am going to use it for testing in-house servers and password  vulnerability demonstration to clients.  I recommend it for only LEGAL USE AS USING IT OTHERWISE CAN GET YOU IN SERIOUS TROUBLE! It required a little sym linking but it works rather well overall. The program's site is at http://thc.org/thc-hydra/ I've created the following step by step howto on its installation. It  requires libssh, libssl-dev, and libssl to run correctly. This howto expects you to know how to download and install them.

 Just run the following commands to successfully install it. cd

wget http://thc.org/thc-hydra/hydra-4.5-arm.tar.gz

gunzip hydra-4.5-arm.tar.gz

tar xvf hydra-4.5-arm.tar

cd hydra-4.5-arm

ipkg install libssh_0.1_arm.ipk #Could not find in feed but includedin download

ln -s /usr/lib/libssl.so.0.9.7 /usr/lib/libssl.so.0.9.6

ln -s /usr/lib/libcrypto.so.0.9.7 /usr/lib/libcrypto.so.0.9.6

echo /lib/libgcc_s.so.1 > /etc/ld.so.preload

ipkg install hydra_4.5_arm.ipk

hydra -h



 If you have any problems feel free to e-mail me back.

  Mark Owen



Updated for OZ 3.5.1
Website: http://nemesis.sourceforge.net

     Nemesis is packet injection utility. It allows you to spoof other hosts and generally cause confusion on the network. I just took the Debian ARM packages and renamed them with a .ipk on the end. The package comes with the following utilitys:


I wanted to get the newest package I could find (nemesis_1.32+1.4beta3-2_arm.deb) to work but I can't find a version on Libnet0 that I can install on my Zaurus. I decided to use the older version, 1.32-5. To install from the CF card do the following commands:

ipkg -force-depends -d ram install /mnt/cf/nemesis_1.32-5_arm.ipk

then symlink everything someplace in you path:

ln -s /mnt/ram/usr/sbin/n* /bin/

Since the libpcap libray files have a different name in OZ 3.5.1  we have to do the following symlink so nemesis can find it:

ln -s /usr/lib/libpcap.so.0.7 /usr/lib/libpcap.so.0

One cool use is to fake out an IDS system. If I used the command

nemesis-tcp -x 1025 -y 22 -S -D

it would make it look as if Microsoft.com was attacking the target host. Here is a example of a script I wrote that can be used to make it look like another host is doing a port scan:

frame.sh (just copy the content below)

for port in 21 22 23 25 80 138 139 6776 10008 31337
nemesis-tcp -x 1025 -y port -fS -S $1 -D $2

copy all that into a text file, chmod +x it and use it by issuing a command like

frame.sh Farmed_ip Target_IP

You will most likely want to change your MAC address first.

A note on modems and wardialing from a Zaurus:

Knightmare sent me some notes on wardialing from the Zaurus, and since I had no better category to post them in I'll put them here:

Hi Irongeek,

The Trendnet Compact Flash   56k V.90 Modem arrived friday.  I have
spent most of the day working with it, and managed to wardial a
test PBX we have here. Some notes on my endeavour are:

it was detect out the box on OpenZaurus 3.5.4, OZ popped up with a
dialog box asking to configure it.

I use minicom to wardial, with a war-dialing SALT script from
http://www.textfiles.com/uploads/wardial.txt which is for DOS Telix,
but is compatible with minicom.  You do need to edit the exchange to
scan by hand, but a quick sed/nano 1 line edit is an easy trade off.

This script uses minicom, and is confirmed as working with the UK
phone system, and I would guess other european systems too, which is
quite helpful.

For the actual brute force attacks on mailbox passwords, I used THC
login hacker (login_hacker-1.1.tar.gz) This is also a minicom script,
so cuts down on dependencies, as well as being easy to edit.

A really odd thing I noticed was with the modem's kernel module;
8390.o is missing. I will need to hunt around and perhaps compile a
module for this.  Although the device is seen by OZ 3.5.4, and works
for a wardial; dial-up Internet doesn't work due to the missing
8390.o file.  I have no idea why this doesn't prevent the modem from
doing a wardial.  It's the wierdest thing I have seen on a Linux box

I found a post stating how a guy made this modem work for dialup
with his 5500, but I cannot seem to find the link again, and my
browser cache at work was cleared.  When I find the posting again, I
will forward on an update.

Hopefully this info has been of some use to you.  If you do decide to
add it on the site, could I ask you to use my Handle Knightmare, and
not to post my email address...?  Thanks.

PS: The 770 is schedules for delivery soon, so I will post a seperate
email with info on that.

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast