Side-Track: Security/Pen-testing Distribution Of Linux For The ZipIt Z2
If you follow my site, you know I dig the idea of mobile pen-test platforms. I'm
also interested in dropboxes, little systems that are cheap enough to leave
behind at a facility and have them remote back out to you (most firewalls are much
weaker on egress than ingress filtering). The ZipIt Z2 is great platform for this
task since it runs Linux and is only $50. I first got a feel for it by watching some
episodes of Hak5. I decided to make my own security userland distribution for
the ZipIt Z2, names Side-Track as a joking nod to Back-Track. I used Opt1k's
RootNexus userland as my base, and made the following changes:
1. Edited inittab so root logs in, and got rid of the user account. Root's password is "toor" by the way, be sure to change it after install.
2. Disabled telnet and ftp, in favor of OpenSSH/SFTP.
3. Updated the WiFi scan script to work.
4. Updated the WiFi connect script to work with SSIDs that have spaces.
5. It now tries to reconnect to the last WPA or open AP you connected to on startup.
6. Updated wireless firmware from:
(much better promiscuous and ARP poisoning support, but still no monitor mode)
7. Mine is a 2GB DD image, as oppose to RootNexus' 1GB.
8. Added the following packages:
Plus all of the associated dependencies.
I may add Metasploit later, but I doubt the ZipIt Z2 is fast enough. Also, some
of the sniffing tools won't be able to keep up if you do ARP Poisoning.
How To install:
If you have problems with these instructions, here are other resources you can use:
which are also covered here:
Stop when you get to the part with phsydiskwrite, I've got a better tool for that. Keep in mind, flashing can leave your ZipIt Z2 in an inoperable condition if things go wrong, I take no responsibility if you brick your ZipIt Z2. Install at your own risk. If you already have the OpenZipit kernel loaded on the ZipIt Z2, you may be able to skip to step 5.
From a Windows Box:
1. Grab My user land image and install files from here:
2. Unzip it, it should contain a file named something like side-track-X.X.img and a folder called "first-sd". You will need a MiniSD card of at least 2GB in size.
3. Copy everything in the "first-sd" folder to an MiniSD card. The card should be formatted as fat16, but fat32 may work. All this folder really contains is the AutoFlasher script, and the kernel from Aliosa27. It will only work for flashing a stock ZipIt Z2. Also, keep an eye on Aliosa27 and the OpenZipit site for newer kernels and AutoFlasher scripts.
4. Insert the MiniSD and boot (you may have to use a paperclip and the reset switch on the left side). In short order, the AutoFlash script should do it's thing.
5. Get the Win 32 Image Writer from here:
It's much easier to use than phsydiskwrite, at least for English only speakers.
6. Use it to write the user land image to an SD card.
5. If you wish to use a card bigger than 2GB, after you write the image to the SD, take it to a Linux box and use Gparted to expand ext3 partition to take up the rest of the space.
(based on Opt1k's notes)
Root password is "toor", for the love of Cthulhu change this after install.
[Options Button] = Enable mouse via d-pad
[Zipit Smiley Face Button] = Tab
[Little Smiley Face] = Esc
(Note: Ctrl key has ... printed on it)
Ctrl +z=prev window
This page may help with other key combos:
Other folks who helped: