A new addition to the Backtrack 5 Linux penetration testing distribution
has been released on the ARM platform. This distribution was created
for the Motorola Xoom Android tablet. However with some simple
modifications I was able to install and run it on my Samsung Galaxy S
(Captivate). This should work on most android devices that have a
decent amount of processing power. There are a few prerequisites to be
able to use this distribution.
First of all you have to have rooted your device and busybox. Secondly
you need a terminal emulator and a VNC client. The last thing that you
will need is a microSD card big enough to fit the image (8 GB). When
preparing the microSD card it does need to be formatted in the ext2
format in order to support the 4+ GB image file. Once you have those
items and prepared your microSD card it’s ready to be inserted into your
device, it will not be recognized as the ext2 file system is not
natively supported by Android devices. So we enter our terminal and
mount the memory card using the -t ext2 option. The
scripts that are included with Backtrack need to be slightly modified to
work with the mount points on your specific device. Once you call the
bootbt shell script the device creates a chrooted environment where
Backtrack is loaded into memory. Before launching the VNC connection it
is also necessary to change a couple environmental variables namely
USER has to be set to root and TMPDIR has now changed to /tmp. At this
point it the startvnc command can be ran using a modified geometry
option to make the desktop display properly on the small screen. I
found 800×480 to work rather well. There are two different free VNC
clients in the Android marketplace AndroidVNC and PocketCloud.
AndroidVNC did not perform as well for me in my tests.
So now that we have the setup out of the way you may be wondering what
tools you are capable of using once this setup has been configured. Some
of the more well known utilities included with the ARM distribution of
Backtrack 5 are as follows:
- Metasploit Framework
- Social Engineers Toolkit
- Nmap scanner
Other high level tool categories include:
- Information Gathering
- Vulnerability Assessment
- Exploitation Tools
- Priviledge Escalation
- Maintaining Access
- Stress Testing
- Forensics
- Reporting Tools
This is all well and good but there are a few limitations that regular
users of Backtrack may notice right away. Specifically the absence of
an entire category of wireless exploration and attacking utilities.
This is based upon the obvious hardware limitations of the smartphone or
tablet running the operating system. Another limitation you will
experience is that the only way to access a network is via a wireless
network connection from within the Android operating system. If you are
unable to connect directly with the Android device initially you may be
limited on what kinds of attack you can perform. However all is not
lost as you are required to have root access to your device and this
will give you the ability to run software that can create a wireless
hotspot. This may create an attack vector that you may not initially
suspect within you organization.
One could expect that mobile attack vectors are now much easier to hide
and may become more prevalent in the future. Companies need to explore
and re-evaluate policies related to connecting external devices to their
networks. Smartphones have become much more powerful than they once
used to be and can provide some of the same capabilities as an external
laptop. If wireless connections are accessible within your organization
what do you have in place to prevent these kinds of attacks on your
internal network. Many organizations have very little to prevent
internal attacks and should consider the addition of intrusion
prevention systems to protect their internal networks. One final
consideration should be given to which resources need to be accessed
from wireless connections and appropriate restrictions should be applied
using access control lists or maybe even creating separate subnets that
have no or extremely limited access to internal resources on your LAN.
This information was presented by myself at The Tech Garden’s Lightning
Talks on June 21st, 2011. The track that I presented in was the
Technology Track. The slides are available for download here:
Lightning Talk slides
