Reply
Thread Tools
kingoddball's Avatar
Posts: 1,187 | Thanked: 816 times | Joined on Apr 2010 @ Australia
#1
Hi,
I guess the title explains itself...


Any help?
__________________
The thanks button? Sure! You can press it! I would!

Last edited by kingoddball; 2011-11-10 at 03:43.
 
Posts: 529 | Thanked: 194 times | Joined on Aug 2010 @ UK
#2
Originally Posted by kingoddball View Post
Hi,
I guess the title explains itself...


Any help?
isnt the neopwn suite dead now ??
__________________
METASPLOIT INSTALL N900
Keep the forums clean
Dont forget to say thanks
 
Posts: 502 | Thanked: 366 times | Joined on Jun 2010 @ /dev/null
#3
I guess its similar to making easy debian in a chrooted setup. You just need to create a `container' for filesystem within a file, format it into a linux filesystem, chroot it and dump the stuff from the contents of the neopwn v2 into the `container'.

For now I simply rename the easy debian filename with neopwn v2 whenever I want to use neopwn v2 instead and that is a really lazy method of using neopwn v2. If you wanted to have a proper neopwn setup in a chroot like easy debian, I do recall there was a thread about having multiple chrooted environments.
__________________
 

The Following User Says Thank You to tuxsavvy For This Useful Post:
Posts: 502 | Thanked: 366 times | Joined on Jun 2010 @ /dev/null
#4
You cannot simply use the wireless pentesting tools from NeoPwn v2 with just a stock kernel and stock wireless driver. NeoPwn v2 comes with a *cough* custom *cough* kernel with the *cough* proprietary *cough* wireless kernel modules.

However with power kernel (at least version 46 if I'm not mistaken) and lxp's bleeding edge wireless drivers you can achieve the same effect without having to use NeoPwn v2's kernel and its own drivers.

Thus its not possible to run a different kernel inside a chroot environment unless maybe you use something like kexec. NeoPwn v2 if I'm not mistaken was supposed to be installed on top of the N900's internal rootfs structure (or at least onto microSD{HC} card) though if one does that they lose all the functionality of what N900 is meant to be.

I thought there was a thread that describes how to create a container for chroot image. I guess not.

To create a container you will need to determine how much space you want to allocate to the chrooted distribution. 1GB generally is somewhat the minimum if you want GUI and what not and there's really no maximum (if you convert your eMMC or microSD{HC} card to a native linux filesystem) space you want to allocate (though up to whatever the stated free capacity is noted for the medium you choose of course).

The next step is to get familiar with dd tool if you want a custom sized `container' for the chosen distro. If you want a simpler way and allocate 4GB `container' for the chosen distro and that your storage medium (eMMC) is on FAT32 then the command is this (as root):
Code:
dd if=/dev/zero of=/home/user/MyDocs/test.img
Ideally it is a good idea to choose a suitable filename instead of test.img and you should apply the same naming convention as what qole did which was to also append the filesystem that resides on the `container'.

The next step is to choose the filesystem for the chosen distro. Most people would tend to choose what is normally recommended upon installing a beginner-friendly distro. The filesystem for that would be ext3, I would also tend to choose ext3 as its easy to deal with and the filesystem support is already part of maemo's kernel). To check what filesystem your device support you need to do this:
Code:
cat /proc/filesystems| grep -v nodev| awk '{ print $1 }'
Again it is advisable to not experiment with filesystems you are not familiar with. To create a ext3 filesystem within the container you will need to do this (as root):
Code:
mkfs.ext3 /home/user/MyDocs/test.img.ext3
Notice how I have renamed my test.img to test.img.ext3, if you have not changed your filename from the beginning, you'll need to adapt the filename accordingly. Likewise for those who wants to use fancy filesystems (even though you really don't have much other choices to choose from anyway).

Upon executing mkfs.ext3 you will get a warning that you are not writing to a partition (or a block device) but to a file, and asks do you want to continue. At this point you will need to say yes.

Once the `container' has been created and there is a filesystem within the `container'. You now created a `container' that can be used to put whatever distro of your choice.

To use that `container' you will need to first mount it. You will need to create a directory for a place to have the contents of the `container' exposed. The directory for the `container' that is to be mounted on could be placed anywhere however we will stick with /home/user/MyDocs as that is the easiest way to access it all:
Code:
mkdir /home/user/MyDocs/test
Now we will mount the `container' into that directory. Note that you must tell mount that it has to do it via loop because mount usually does not treat normal files as a raw block. So do this (as root):
Code:
mount /home/user/MyDocs/test.img.ext3 /home/user/MyDocs/test -o loop
.

After running that command you should now be able to dump the contents of the distro you choose to install. For now we will do NeoPwn v2 chroot.

The first thing you will need to do is to extract the contents of w00t.tar.gz into the `container'. For simplicity sake, the w00t.tar.gz is placed in /home/user/MyDocs:
Code:
tar -zxvf /home/user/MyDocs/w00t.tar.gz -C /home/user/MyDocs/test
Once the contents has been extracted you now have NeoPwn v2 chroot. I suggest you should first close the chroot:
Code:
umount /home/user/MyDocs/test
if you have easy debian installed you can simply rename that easy debian chroot filename into some other filename (for the time being), and rename you NeoPwn v2 chroot into the filename for that debian chroot.

Of course not many features that debian chroot provided would be covered by NeoPwn v2 image.

Running NeoPwn v2 or any other distro inside chroot environment requires a program that appears within qole's easy debian which handles mouse/keyboard grabbing.

Also I could probably upload a premade 4GB NeoPwn v2 if there's enough interest (I'm with a service provider that only offers me 7GB a month, any excess amounts will be charged at AUD$0.10 to my bill at the end of the month. So you can see that I'm not willing unless there is actually enough interest).

I have not covered how to create shortcuts and what not for NeoPwn v2 though I may cover such topics if and once I have experimented with it on mine.
__________________

Last edited by tuxsavvy; 2011-11-19 at 08:25. Reason: When mounting files, you must specify loop. I completely forgot about this point.
 

The Following 2 Users Say Thank You to tuxsavvy For This Useful Post:
Posts: 1,163 | Thanked: 1,873 times | Joined on Feb 2011 @ The Netherlands
#5
What do you mean with a premade NeoPwn? I am looking for an easy debian with pentesting tools installed, is that what you mean by that?
 
Posts: 502 | Thanked: 366 times | Joined on Jun 2010 @ /dev/null
#6
Originally Posted by mr_pingu View Post
What do you mean with a premade NeoPwn? I am looking for an easy debian with pentesting tools installed, is that what you mean by that?
Yes, though neopwn itself is already mostly made, I've just converted its normal setup into a chroot environment.

Though my setup is far from complete, it is enough however to be able to get one able to add the rest of whatever features they need in the end such as proper automated chroot scripts, desktop icons (so you can simply tap and get into neopwn chroot just like easy debian without having to rename files, prior to using its own icons/setup).

Again, I must stress however that you cannot expect wireless penetration functionality to work fully (with tools from aircrack-ng suite such as airodump-ng, aireplay-ng, etc) with a stock kernel and a neopwn environment. You will at least require kernel power (version 46 if I'm not mistaken) with lxp's bleeding edge wireless drivers loaded and/or installed. A chroot environment does not mean it is like a virtual machine which will boot the chroot's kernel, etc.
__________________
 

The Following User Says Thank You to tuxsavvy For This Useful Post:
Posts: 1,163 | Thanked: 1,873 times | Joined on Feb 2011 @ The Netherlands
#7
Originally Posted by tuxsavvy View Post
Again, I must stress however that you cannot expect wireless penetration functionality to work fully (with tools from aircrack-ng suite such as airodump-ng, aireplay-ng, etc) with a stock kernel and a neopwn environment. You will at least require kernel power (version 46 if I'm not mistaken) with lxp's bleeding edge wireless drivers loaded and/or installed. A chroot environment does not mean it is like a virtual machine which will boot the chroot's kernel, etc.
There is a V46-wl1 which and in the repos from version 47, injection is supported... I am planning to make an ED image with all pentesting tools installed; eg. zenmap, wireshark, aircrack-ng, dsniff, ettercap, mdk3 and what more. The problem is everytime I run apt-get upgrade, the devices IO stalls at some moment and reboots =( So I still have no ED with pentesting tools...
 
Posts: 502 | Thanked: 366 times | Joined on Jun 2010 @ /dev/null
#8
lxp's drivers should work with power kernel v46 and above (I have not tested pk49 but in theory it may work). You really don't need neopwn's outdated proprietary kernel version to use its injection capabilities.

Not too sure what you meant by ED image.

Are you using your eMMC space to create the image or are you using your microSD{HC} card's space to create the image. If you are using microSD{HC} card to create the image and if your microSD{HC} card is rated class 10 you will need a kernel patch to make the card work. Apparently its some issue with the way the kernel (< v47 iinm) handles writing which is probably too slow and the write queues are all choked up.
__________________
 

The Following User Says Thank You to tuxsavvy For This Useful Post:
Posts: 1,163 | Thanked: 1,873 times | Joined on Feb 2011 @ The Netherlands
#9
ED = Easy Debian, as much more programms are available in easy debian you can run much more pentesting tools than in maemo, also because of depencies.

Oh, I didn't know about that, will look for a fix for class 10 microSDHC as I am using a class 10 card.
 
Posts: 502 | Thanked: 366 times | Joined on Jun 2010 @ /dev/null
#10
I thought I saw there was a thread for this and it was by kingoddball but I guess I could have been completely mistaken. I have created a pwnieexpress chroot just a moment ago and I now I would like to share with the rest of the community.

Because most of what I have wrote in my second post on this thread covers all the initial areas of what you will need to do to create a chroot `container' in the first place. I will not bother re-documenting the whole thing again.

There are however ways to create a 4GB `container' without having to do excessive I/O thrashing on your poor N900. On a linux PC with say more than 4.5GB spare space (flash drives can also suffice here) you can either repartition the spare space as a temporary partition with FAT32 or if the partition is FAT32 you just need to create the `container' within that FAT32 partition and wait for the message to say `file too large' from dd. Once you have created the 4GB.img `container' for instance, you can simply compress it with say something like lzma to make the image really small. From there on you can copy the 4GB.img.lzma into various filenames of your choice as you already have a the generic `container' made.

Also creating the whole chroot can be done from the computer, though you cannot test it from your computer as the binaries are obviously compiled for ARM platform.

Now because I won't cover creating `containers' and you have ext2 `container' ready to use. We shall get right into extracting contents of pwnieexpress images into that `container' (obviously you would also need to mount the `container' as well).

For my convenience sake, you should do the whole thing as root.

First extract the contents of the tarball from their website (hosted by github ironically):
Code:
tar -zxvf pwnphone_image-7.6.2011.tar.gz
Once extracted you have two directories, one named pwnimage and the other systemBackups. Seeing that it has systemBackups directory it would be safe for one to assume that the normal (desirable) install would be to use the backupmenu route. In this case we prefer pwnieexpress to be running within the chroot environment.

We extract the contents of rootfs and optfs from the pwnieexpress's systemBackups directory into the `container'. In my case I have the `container' mounted to /mnt/maemo1 so my case would be like this:
Code:
cd systemBackups/
tar -xvf 20110704-2022-rootfs.tar -C /mnt/maemo1
mkdir /mnt/maemo1/home
tar -xvf 20110704-2022-optfs.tar -C /mnt/maemo1/home
The contents of the optfs is a little weird, so we should clean up some of the remnants of optfs being outputted into /mnt/maemo1/home:
Code:
cp -Rv /mnt/maemo1/home/usr/* /mnt/maemo1/
cp -Rv /mnt/maemo1/home/usr/.* /mnt/maemo1/
rm -rf /mnt/maemo1/home/usr
rm -rf /mnt/maemo1/lost+found
Now the rest of the steps should be fairly straight forward, we more or less copy the ideas from the install.sh provided by the pwnieexpress:
Code:
cd ..
cd home_user
cp -a .kismet/ .msf3/ .opera/ .subversion/ .wireshark/ .zenmap/ /mnt/maemo1/home/user/
cp tracker.cfg /mnt/maemo1/home/user/.config/tracker/tracker.cfg
cp -a MyDocs/qtirreco/ /mnt/maemo1/home/user/MyDocs/
cp -a MyDocs/pwnphone/ /mnt/maemo1/home/user/MyDocs/
chmod 777 /mnt/maemo1/home/user/MyDocs/pwnphone
For the entire process we have used root to do all the work, so the permissions are all screwed up within the `container'. A simple chown command will set the correct permissions up:
Code:
chown -R 29999:29999 /mnt/maemo1/home/user/*
chown -R 29999:29999 /mnt/maemo1/home/user/.*
Those who wants to package extra stuff such as the deb files provided in pwnieexpress tarball and other stuff can do so by placing them in /mnt/maemo1/home/user/MyDocs. Do note however that you only have a total of 2.5G (if you used 4GB `container').

To close the `container' we simply umount it:
Code:
umount /mnt/maemo1
__________________
 

The Following 2 Users Say Thank You to tuxsavvy For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 17:14.