Notices


Reply
Thread Tools
Posts: 50 | Thanked: 120 times | Joined on Apr 2010 @ Poland
#1
So... I use my N900 primarily as PMP, VNC client and pentesting device these days. Here's a couple of scripts I cobbled together to make things easier.

# msscan | DOWNLOAD
Comprises of two simple yet useful shell scripts: msscan and msexploit.
msscan relies on nmap in order to scan network for MS08_067 vulnerability.
Don't use nmap 5.59BETA1 from extras-testing; use either 5.50 from extras or this one (hastily compiled & packaged 6.20BETA1).

Usage (either as user with sudo and full path or as root):
msscan - scans the network you're currently connected to
msscan 192.168.1.0/24 - scans specified network
msscan 192.168.1.18 - scans single machine

msexploit runs Metasploit framework targetting specified machine with MS08_067 exploit. It assumes framework is located in /opt/msf. Any version should work, I currently use 4.2.0. I suggest to thin out exploits dir to only include essential things, it will take ages to load the modules tree otherwise.

Usage (doesn't need root):
msexploit 192.168.1.18


# mon-toggle | DOWNLOAD
Tapping on the icon loads/unloads packet injection modules (assumed to reside in /opt/packet-injection-modules/`uname -a`/) and toggles monitor mode. If you have aircrack suite installed it uses airmon-ng start wlan0, if not - iwconfig wlan0 mode monitor.
Originally the icon changed to reflect current state of interface but - as it would tend to wear out emmc (writing to .desktop file, gtk-icon-cache-update on each occasion) - I decided to drop it.


# battlow.sh
Sometimes I don't use my N900 for a long time, so I made it drop me a line when it's hungry (with a little help of Alarmed):

#!/bin/sh

JUICE=`lshal | grep charge_level.percentage | cut -d ' ' -f 5`
CHARGING=`lshal | grep maemo.rechargeable.charging_status | cut -d ' ' -f 5`
UNLOCKED=`dbus-send --system --print-reply --dest=com.nokia.mce --type=method_call /com/nokia/mce/request com.nokia.mce.request.get_tklock_mode | grep unlocked`

if [ $JUICE -lt 9 ] && [ $CHARGING = "'off'" ] && [ -z $UNLOCKED ]; then
USERNAME=your_username
PASSWD=your_password
FROM=from_address
TO=to_address
ICD=connection_icd

dbus-send --system --dest=com.nokia.mce --type=method_call /com/nokia/mce/request com.nokia.mce.request.req_device_mode_change string:"normal"
sleep 10
dbus-send --system --type=method_call --dest=com.nokia.icd /com/nokia/icd com.nokia.icd.connect string:$ICD uint32:0
sleep 10
echo "Subject: FEED ME! ($JUICE)" | /usr/sbin/sendmail -au$USERNAME -ap$PASSWD -f $FROM -H 'exec openssl s_client -quiet -tls1 -CApath /etc/certs/common-ca/ -connect smtp.gmail.com:465' $TO
sleep 10
dbus-send --print-reply --system --dest=com.nokia.icd2 /com/nokia/icd2 com.nokia.icd2.disconnect_req uint32:0x8000
sleep 2
if [ -f /etc/dbus-scripts.d/tklock ]; then
dbus-send --system --dest=com.nokia.mce --type=method_call /com/nokia/mce/request com.nokia.mce.request.req_device_mode_change string:"offline"
fi
fi
__________________
.:different kinds of pop

Last edited by trompkins; 2012-12-02 at 19:21. Reason: modified battlow.sh to play nice with tklock mod
 

The Following 4 Users Say Thank You to trompkins For This Useful Post:
Posts: 50 | Thanked: 120 times | Joined on Apr 2010 @ Poland
#2
One more thing. Handy if you don't need your N900 to be online at all times and, in fact, prefer it to be mostly offline (except when you actually use it hands-on). It activates offline mode on device lock -- unless there's wlan/gprs connection active or bluetooth is on -- and reverts to normal mode on device unlock. Relies on dbus-scripts.

/etc/dbus-scripts.d/tklock:
Code:
/usr/sbin/offline * * com.nokia.mce.signal tklock_mode_ind locked
/usr/sbin/online * * com.nokia.mce.signal tklock_mode_ind unlocked
/usr/sbin/online:
Code:
#!/bin/sh

PMODE=`dbus-send --system --print-reply --dest=com.nokia.mce --type=method_call /com/nokia/mce/request com.nokia.mce.request.get_device_mode | grep normal`

if [ -z "$PMODE" ]; then
    dbus-send --system --dest=com.nokia.mce --type=method_call /com/nokia/mce/request com.nokia.mce.request.req_device_mode_change string:"normal"
else
    GONLINE=`dbus-send --system --print-reply --dest=com.nokia.phone.SSC --type=method_call --print-reply /com/nokia/phone/SSC com.nokia.phone.SSC.get_modem_state | grep online`
    if [ -z "$GONLINE" ]; then
	dbus-send --system --dest=com.nokia.phone.SSC --type=method_call --print-reply /com/nokia/phone/SSC com.nokia.phone.SSC.set_radio boolean:true
    fi
fi
/usr/sbin/offline:
Code:
#!/bin/sh

WCONN=`dbus-send --system --dest=com.nokia.wlancond --type=method_call --print-reply /com/nokia/wlancond/request com.nokia.wlancond.request.connection_status | grep "true"`
GCONN=`dbus-send --system --dest=com.nokia.csd.GPRS --type=method_call --print-reply /com/nokia/csd/gprs/0 com.nokia.csd.GPRS.Context.GetStatus | grep "true"`
BCONN=`dbus-send --system --print-reply --type=method_call --dest=org.bluez $(dbus-send --system --print-reply --dest=org.bluez / org.bluez.Manager.DefaultAdapter | awk -F'"' '/at/ {print $2}') org.bluez.Adapter.GetProperties | grep -A 1 Powered | grep true`
MON=`iwconfig | grep "Mode:Monitor"`

if [ -z "$WCONN" ] && [ -z "$GCONN" ] && [ -z "$BCONN" ] && [ -z "$MON" ]; then
    dbus-send --system --dest=com.nokia.mce --type=method_call /com/nokia/mce/request com.nokia.mce.request.req_device_mode_change string:"offline"
else
    if [ -z "$GCONN" ]; then
	dbus-send --system --dest=com.nokia.phone.SSC --type=method_call --print-reply /com/nokia/phone/SSC com.nokia.phone.SSC.set_radio boolean:false
    fi
fi
__________________
.:different kinds of pop

Last edited by trompkins; 2012-12-03 at 01:09.
 

The Following 4 Users Say Thank You to trompkins For This Useful Post:
Reply

Thread Tools

 
Forum Jump


All times are GMT. The time now is 09:23.