A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


www.Irongeek.com: Irongeek's Zaurus Security Tools Page

IronGeek's Zaurus Security Tools Page

Home Wardriving Apps
Wellenreiter II
Scanners and
Packet Tools

General OS Info
Change your MAC Address
All of site as
one big page
Scanners and PAcket Tools


Updated for OZ 3.5.3
Website: http://www.insecure.org/nmap/  

     The only version on Nmap I have found that has be directly ported to the Zaurus is 3.27, but you can get the newer Debian ARM packages (available here: http://packages.debian.org/unstable/net/nmap ) to function with a little work. I'll be using version 3.93-1, which I have at my mirror. Download the following files:


     Or you can also download libssl0.9.7_0.9.7e-r1_arm.ipk and libcrypto0.9.7_0.9.7e-r1_arm.ipk from the OpenZaurus feed at http://www.openzaurus.org/official/unstable/3.5.3/feed/libs/. You can get the Debian packages for nmap, libpcre,  libstdc++5 and libstdc++6 from http://packages.debian.org/unstable/ as of the date of this writing.

     Following these step by step instructions to install Nmap 3.81-2 on your Zaurus. All of them can be performed by secure shelling into your Zaurus or using the keypad at the Opie Terminal window:

1. Copy the five files listed above (in red) to a CF or SD card (I will use the CF card in my examples). Insert the card then change directories into whatever card you put them on.

cd /mnt/cf/

2. Install libcrypto and link it:

ipkg -d ram install libcrypto0.9.7_0.9.7e-r1_arm.ipk
ipkg-link add libcrypto0.9.7

Ignore any errors as long as it says "Successfully done" at the end.

3. Install libssl and link it:

ipkg -d ram install libssl0.9.7_0.9.7e-r1_arm.ipk
ipkg-link add libssl0.9.7

Ignore any errors as long as it says "Successfully done" at the end.

4. Install libstdc++5 and  libstdc++6 and link them:

ipkg --force-depends -d ram install libstdc\+\+5_3.3.6-10_arm.deb
ipkg-link add libstdc\+\+5

ipkg --force-depends -d ram install libstdc\+\+6_4.0.2-2_arm.deb
ipkg-link add libstdc\+\+6

Ignore any errors as long as it says "Successfully done" at the end.

4.5. If  you installed the OZ version of pcre to get Konqueror to work remove it:

ipkg remove pcre

Otherwise just go to step 5.

5. Install libcre3 and link it:

ipkg --force-depends -d ram install libpcre3_6.3-1_arm.deb
ipkg-link add libpcre3

5.5. If you installed the OZ version of pcre to get Konqueror to work (or plan to install it later) symlink libpcre so Konqueror can find it:

ln -s /usr/lib/libpcre.so.3 /usr/lib/libpcre.so.0
ln -s /usr/lib/libpcreposix.so.3 /usr/lib/libpcreposix.so.0
If you install Konqueror later you will have to force depends:
ipkg --force-depends -d ram install konqueror-embedded_20030705-r3_arm.ipk
ipkg-link add konqueror-embedded
Otherwise just go to step 6.
6. Install Nmap 3.93-1 and link it and it's support files:
ipkg -force-depends -d ram install nmap_3.93-1_arm.deb
ipkg-link add nmap

You can find the full man page for Nmap at http://www.insecure.org/nmap/data/nmap_manpage.html but here are a few useful flags:

-P0   Don't ping first, this is useful because a lot of hosts turn of ICMP echo requests now.

-O   Do an OS detection

-e   Specify and interface (eth0, wlan0, etc)

-sV   Version scan, find out the version of the daemon that's listening on an open port.

-A Does the same thing as doing a -O and -sV at the same time. This switch may do some other things in the future, ask Fyodor. :)

Also check out my videos:




Mark Owen sent me the following instructions for getting THC-Hydra to work on the Zaurus. Thanks Mark:

From: Mark Owen [mailto:mr.markowen@gmail.com]
 Sent: Sun 1/16/2005 1:22 PM
 To: openzaurus-users@lists.sourceforge.net
 Cc: irongeek@irongeek.com
 Subject: THC-HYDRA Zaurus howto

Don't know if this will be of any use to anyone but I have
successfully installed THC's hydra ARM binary release on my 3.5.2 5500 Zaurus.

THC-Hydra is a dictionary attack application that supports TELNET, FTP, HTTP, HTTPS, HTTP-PROXY, LDAP, SMB, SMBNT, MS-SQL, MYSQL, REXEC, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ,  SAP/R3, Cisco auth, Cisco enable, and Cisco AAA (incorporated in telnet module).

I am going to use it for testing in-house servers and password  vulnerability demonstration to clients.  I recommend it for only LEGAL USE AS USING IT OTHERWISE CAN GET YOU IN SERIOUS TROUBLE! It required a little sym linking but it works rather well overall. The program's site is at http://thc.org/thc-hydra/ I've created the following step by step howto on its installation. It  requires libssh, libssl-dev, and libssl to run correctly. This howto expects you to know how to download and install them.

 Just run the following commands to successfully install it. cd

wget http://thc.org/thc-hydra/hydra-4.5-arm.tar.gz

gunzip hydra-4.5-arm.tar.gz

tar xvf hydra-4.5-arm.tar

cd hydra-4.5-arm

ipkg install libssh_0.1_arm.ipk #Could not find in feed but includedin download

ln -s /usr/lib/libssl.so.0.9.7 /usr/lib/libssl.so.0.9.6

ln -s /usr/lib/libcrypto.so.0.9.7 /usr/lib/libcrypto.so.0.9.6

echo /lib/libgcc_s.so.1 > /etc/ld.so.preload

ipkg install hydra_4.5_arm.ipk

hydra -h



 If you have any problems feel free to e-mail me back.

  Mark Owen



Updated for OZ 3.5.1
Website: http://nemesis.sourceforge.net

     Nemesis is packet injection utility. It allows you to spoof other hosts and generally cause confusion on the network. I just took the Debian ARM packages and renamed them with a .ipk on the end. The package comes with the following utilitys:


I wanted to get the newest package I could find (nemesis_1.32+1.4beta3-2_arm.deb) to work but I can't find a version on Libnet0 that I can install on my Zaurus. I decided to use the older version, 1.32-5. To install from the CF card do the following commands:

ipkg -force-depends -d ram install /mnt/cf/nemesis_1.32-5_arm.ipk

then symlink everything someplace in you path:

ln -s /mnt/ram/usr/sbin/n* /bin/

Since the libpcap libray files have a different name in OZ 3.5.1  we have to do the following symlink so nemesis can find it:

ln -s /usr/lib/libpcap.so.0.7 /usr/lib/libpcap.so.0

One cool use is to fake out an IDS system. If I used the command

nemesis-tcp -x 1025 -y 22 -S -D

it would make it look as if Microsoft.com was attacking the target host. Here is a example of a script I wrote that can be used to make it look like another host is doing a port scan:

frame.sh (just copy the content below)

for port in 21 22 23 25 80 138 139 6776 10008 31337
nemesis-tcp -x 1025 -y port -fS -S $1 -D $2

copy all that into a text file, chmod +x it and use it by issuing a command like

frame.sh Farmed_ip Target_IP

You will most likely want to change your MAC address first.

A note on modems and wardialing from a Zaurus:

Knightmare sent me some notes on wardialing from the Zaurus, and since I had no better category to post them in I'll put them here:

Hi Irongeek,

The Trendnet Compact Flash   56k V.90 Modem arrived friday.  I have
spent most of the day working with it, and managed to wardial a
test PBX we have here. Some notes on my endeavour are:

it was detect out the box on OpenZaurus 3.5.4, OZ popped up with a
dialog box asking to configure it.

I use minicom to wardial, with a war-dialing SALT script from
http://www.textfiles.com/uploads/wardial.txt which is for DOS Telix,
but is compatible with minicom.  You do need to edit the exchange to
scan by hand, but a quick sed/nano 1 line edit is an easy trade off.

This script uses minicom, and is confirmed as working with the UK
phone system, and I would guess other european systems too, which is
quite helpful.

For the actual brute force attacks on mailbox passwords, I used THC
login hacker (login_hacker-1.1.tar.gz) This is also a minicom script,
so cuts down on dependencies, as well as being easy to edit.

A really odd thing I noticed was with the modem's kernel module;
8390.o is missing. I will need to hunt around and perhaps compile a
module for this.  Although the device is seen by OZ 3.5.4, and works
for a wardial; dial-up Internet doesn't work due to the missing
8390.o file.  I have no idea why this doesn't prevent the modem from
doing a wardial.  It's the wierdest thing I have seen on a Linux box

I found a post stating how a guy made this modem work for dialup
with his 5500, but I cannot seem to find the link again, and my
browser cache at work was cleared.  When I find the posting again, I
will forward on an update.

Hopefully this info has been of some use to you.  If you do decide to
add it on the site, could I ask you to use my Handle Knightmare, and
not to post my email address...?  Thanks.

PS: The 770 is schedules for delivery soon, so I will post a seperate
email with info on that.

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast