February 25th, 2007
Hacking with Metasploit on a Nokia N800
Earlier this month at the RSA conference, I got a chance to see a demo of Immunity's Silica, a $3600 handheld devide that can search for and join 802.11 (Wi-Fi) access points, scan other connections for open ports, and automatically launch code execution exploits from a built-in exploit platform.
Now comes word from David Maynor that, for the cost of a new Nokia N800 Tablet PC ($399 new), pen testers can use the Metasploit point-and-click attack tool in the most covert manner.
Using a free utility from Maemo.org and a custom-built Ruby package, Maynor found that it was pretty easy to get Metasploit running on the Nokia N800.
"Its not as fast as a laptop but it's still pretty quick," Maynor said, explaining that he was able to break into a Windows 2000 SP4 server using a Metasploit exploit.
He said the six-hour battery life of the device makes it perfect for covert security auditing. "You can turn it on, toss it in a backpack, and just let it gather data," Maynor explained.
"You can turn it [the Nokia N800] into a Metasploit/Bluetooth/Wi-Fi auditing device in a few hours. Just copy Metasploit on to your memory card and you're ready to go."
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
