Hack Chip. Going low profile (part 3 of /n)
So with the basic hardware mods out of the way .This post is going to be about some more software and environment customizations I have done to build my Hack Chip.
1.Mosh:the mobile shell.
We all use ssh to get to servers and boxes across the globe , now regular ssh clients work fine but I am in love with Mosh. Mosh is a ssh client that is aimed to be used on the go. It supports roaming, unstable connections etc. I have pretty much switched over to using Mosh for all my ssh needs. To install mosh ,
chip@192.168.0.4$ sudo apt-get install mosh
and your done. If you want you can alias ssh to be mosh by editing the .bashrc file in the home directory (/home/chip/.bashrc)
just add :
alias ssh=’/usr/bin/mosh’
to the end of the file, to reload the environment without rebooting you can issue :
chip@192.168.0.4$ source .bashrc
and now ssh will be using Mosh.
2.Hastebin
We all use pasties, but rather than using any open paste site , I run my own hastebin server. Hastebin is a great simple pasties server to share some code or dump some output to. If you want to run your own server head over to seejohnrun’s github and install the server. The idea is to host the Haste server somewhere online (not on the Hack Chip) so you can easily dump the information to another location you can access later. The beauty of hastebin is you can pipe any standard output to the server to be a pastie. Which often comes in handy in debugging or simple recon.
cat /var/log/messages | haste
Once you have a server up and running you have multiple clients to choose from for whatever environment you need. Now there are some client available but you can also use a hastebin server by setting up a simple bash script.
#!/bin/bash
#config server detailsx
server_ip=[IP_OF_SERVER]
port=[PORT_OF_SERVER]# end of server config
# — — — -read output per line — -
while read OUT
do
finalOUT=”$finalOUT
$OUT”
done#the above weird formating is to force a new line in the variable holding the data posted to the server.
# — post it to the hastebin —
getkey=$(wget -qO- — post-data “$finalOUT” http://$server_ip:$port/documents)
# — parse the returned json to get the key
uri=`echo $getkey | grep -m 1 “key” | sed -E ‘s/^ *//;s/.*: *”//;s/”,?//;s/}//’`
# — echo out the full url
echo “http://$server_ip:$port/$uri"
save the file as haste.sh somewhere (in my case I have a directory for my scripts. /home/chip/scripts/) then chmod +x it.
Setup the script as an alias in the .bashrc file and it will give you an url to the paste. I like to keep an record of the pasties so in my .bashrc I have it setup as:
alias haste=’/home/chip/haste.sh | tee -a pastHastes.txt’
This way i have a flat file with all the urls. Calling haste is simple
chip@192.168.0.4$ cat /var/log/messages | haste
which will spit out:
http://111.111.11.111:7777/aiwx88
the url to the paste.
3.Horst
Horst is a elegant lightweight wifi scanner/analyzer. The interface is beautiful and it seems to be the best fit for the low resolution screen of the Hack Chip. You can install horst as a package (sudo apt-get install horst) but building it from source will give you the latest. The one caveat I have found out is that you need to specify the WEXT=1 option in the building to support the driver:
1.Download/clone the source from the Horst github
(git clone -b stable https://github.com/br101/horst)
2.Expand the file and cd into the directory (tar xvf, cd )
3. make WEXT=1
4. sudo make install
Now to further horst to be a good fit for the Hack Chip, I decided to change the font and size to make the interface fit better. I have decided to use Google’s Open Sans font as it was recommended by my UX friend. To install the font, download the font and save it somewhere in /usr/share/fonts/truetype/somedirectory then in the /usr/share/pockethome/config.js launch vala-terminal with:
“shell”: “vala-terminal -h -fs 7 -f OpenSans-Regular -g 20 20 -e wifimenu”
the -fs 7 defines the size and -f OpenSans-Regular defines the font to be used. (ignore the wifimenu for now , more about it later in this post)
4. Going low profile.
Some have pointed out that having the Sena UD100 as the bluetooth adaptor makes the Hack Chip stand out in a public setting as a hacker tool. I guess from a opsec perspective not the ideal. Also with the limited capabilities of the Hack Chip we aren't fully utilizing the capabilities of the adapter anyway. So you can use a regular low profile bluetooth adaptor with BlueHydra too. This way instead of a hacker you will look like a retrogaming hipster.
5.wifimenu.sh
The Hack Chip isn’t meant to replace any real hacking tool, its more meant to be a quick way to determining your surroundings either in an engagement or “hostile network”. It perfectly suited for a quick glance around the network environment but it won’t do what the wifi cactus (mad respect to d4rkm4tter for upping the game) or what the hak5 wifi pineapple family does. A linux laptop with some alfa cards will blow the Hack Chip away, but the Hack Chip can be run (not suggesting you do it) in a fully packed Tokyo subway. So to make scanning the surrounding easier I have written a script that combines some of the wifi tools into a single menu easily accessed by a menu. ( the script is based of some menu bash script I found online,way back and have been using as a template. )
menu driven shell script sample template
## ----------------------------------
# Step #1: Define variables
# ----------------------------------
RED='033[0;41;30m'
STD='033[0;0;39m'
# ----------------------------------
# Step #2: User defined function
# ----------------------------------
pause(){
read -p "Press [Enter] key to continue..." fackEnterKey
}
one(){
clear
nmcli d wifi
break
}
# do something in two()
two(){
clear
sudo ifconfig wlan0 down
sudo iwconfig wlan1 mode monitor
now=$(date +'%mm-%dd-&Y')
sudo xterm -maximized -e horst -i wlan1 -o /home/chip/dumps//horst-$now.txt
break
}
three(){
clear
sudo ifconfig wlan0 down
sudo iwconfig wlan1 mode monitor
sudo airodump-ng wlan1
break
}
four(){
clear
sudo iwlist scan
break
}
five(){
clear
echo "Bringing if up and down"
sudo ifconfig wlan0 up
echo "changing wlan1 mode"
sudo iwconfig wlan1 mode managed
sudo sleep 5
echo "Restarting Network Manager"
sudo service network-manager restart
break
}
# function to display menus
show_menus() {
clear
echo "~~~~~~~~~~~~~~~~~~~~~"
echo "HACK CHIP WIFI TOOLS"
echo "~~~~~~~~~~~~~~~~~~~~~"
echo "1. Network Manger cli wifi scan"
echo "2. horst"
echo "3. Airodump-ng"
echo "4. iwlist scan"
echo "5. Restart Network Manger"
echo "6. Exit"
}
read_options(){
local choice
read -p "Enter choice [ 1 - 6] : " choice
case $choice in
1) one ;;
2) two ;;
3) three ;;
4) four ;;
5) five ;;
6) exit 0;;
*) echo -e "${RED}Error...${STD}" && sleep 2
esac
}
# ----------------------------------------------
# Step #3: Trap CTRL+C, CTRL+Z and quit singles
# ----------------------------------------------
trap '' SIGINT SIGQUIT SIGTSTP
# -----------------------------------
# Step #4: Main logic - infinite loop
# ------------------------------------
while true
do
show_menus
read_options
done
The script will output a list of tools you can launch by selecting them by number. Since most of the tools will reset the wlan0 adaptor I have also included a way to reset the network-manager to get the Hack Chip back online to the network. (a bit easier than going back to the settings screen turning wifi on and off or issuing the command via the terminal)
To launch the script form the Hack Chip launcher just issue it as a command passed to the vala-terminal . (see told you I would explain what wifimenu was) You will have to made wifimenu a command call by some mean.
“shell”: “vala-terminal -h -fs 7 -f OpenSans-Regular -g 20 20 -e wifimenu”
Thats it for today.
Minor update: turns out xterm is a better fit for the wifimenu and tools so the config.json is now.
“shell”: “xterm -fullscreen -e wifimenu”
Next Episode: The unknown frontier (honestly haven’t figured out yet were to go from here)