Tuesday, April 26, 2011

HOW TO running metasploit on your N900

12:39 AM |

First post is a nice HOWTO; running metasploit on your N900. Both msfconsole and msfweb will work beautifully, albeit WEBrick is ridiculously slow in serving up requests for some reason.

Firstly, you’ll need to add the extras-testing and extras-devel repository. If you don’t know how to do that, I suggest you cup both hands and place your head inside the void – you lose at the game of life. Stop crying, the above links will tell you how to activate.
Once you’ve updated your package list to include the above repos, you’ll need to install libopenssl-ruby (libopenssl-ruby1.8 might work too). You’ll also need the following ruby packages, I’ve modified and optified them to save as much space as possible:
ruby-sqlite3_1.2.1_armel.deb Install them using ‘dpkg’ and then you’ll need to sym/softlink the libcrypto and libssl shared objects, so that any packages compiled against 0.9.7 that don’t force fault on explicit versions, will still work.
ln –s /usr/lib/libcrypto.so.0.9.8 /usr/lib/libcrypto.so.0.9.7
ln –s /usr/lib/libssl.so.0.9.8 /usr/lib/libssl.so.0.9.7
Now, if you have subversion installed, you can checkout the metasploit daily source snapshot. If you don’t use SVN, well – I’ve trimmed down, streamlined and modified a few files from the most recent svn co; no aux, no externals, no docs, no msfweb data at all.
H.D Moore has advised me that the metasploit team will be looking into embedded functionality in the near future. He recently got an N900 of his own so - boom, there goes the neighborhood.
If you don’t want to use db functionality, skip installing ruby-sqlite3 and save yourself the 100KB of space. If you do checkout from svn, you’ll run into a lot of stdout’d errors due to version inconsistencies with rails, sqlite and ruby. Annoying, but merely warnings. Fix it yourself by patching out the deprecation stuff, or use my tarball.
Now, go do whatever it is you do with these awesome tools;

Metasploit on the N900. Successful exploitation.
That IS a meterpreter shell in my pocket AND I am happy to see you.

Leave A Comment