Tag: Backtrack 4

Weaponizing the Nokia N900 – Part 3.5

by on Feb.13, 2011, under Posts

Due to my love of hand held devices that can be used for penetration testing, I have obtained a Nokia N900 for relatively cheap on eBay. A brand new N900 will burn you a hole about the size of $399 USD in your pocket. However, I obtained mine (a refurbished one) for about $285.

Granted this device is now 2 years old but in my opinion it can be setup as a solid security assessment tool. I thought I would write a de facto continuation of the “Weaponizing the Nokia N900″ series that Infosec island has done. (I hope they don’t mind ūüôā )

With the N900 being an old man, in terms of technology, one can spruce it up a bit via overclocking. I would highly suggest to check out:


I have mine overclocked to 750MHZ and it seems to be running just fine. Metasploit will load in about a minute or so. Which is not nearly as bad as running Metasploit on the N810 (which I was able to do by just following the same instructions for getting Metasploit to run on the N900). The N810, the last time I checked, took 15 minutes to load Metasploit.

Bear in mind that my tips imply that you have already enabled all the extra repositories as needed, if you haven’t done so check out:


As stated and shown before, there have been guides on weaponizing the N900. However some of these guides have failed to explain certain issues that I would like to address:

1.) The ettercap-ng package from the repositories is totally broken. I ended up having to download ettercap from this forum post and follow the instructions on it appropriately:


2.) sslstrip will work, and you have to follow the comments addressed on this web page to get it setup along with a few other things:


a.) You have to install iptables  (apt-get install iptables)

b.) You have to install another python package, (apt-get install python-openssl)

3.) The Metasploit package comes in in a tar.bz2 format. For some odd reason, the version of tar (the busy-box version) cannot do ‘-xjf’. So either you have to install the gnu version of tar or put metasploit on a computer that can extract it and put it into a format that can be decompressed on the n900.

4.) I wasn’t able to find netcat in the repositories. If you’re in the same boat, you’ll have to port it over or get a chroot environment setup. (easydebian)

Lastly, here is my original way of weaponizing the n900 even more so.

You’ll need a MicroSD card that you’re currently not using and you don’t mind wiping it and making it bootable. Also, you’re going to need BackBox iso (yes.. not BackTrack 4, I will explain later) and unetbootin.

Obtain BackBox from:


Obtain unetbootin from:


1.) Install your Microsd card into the N900, by removing the back plate.

2.) Connect your n900 via the USB cable that came with it to your N900.

3.) When you get a prompt on your n900 from connecting it to your computer, choose the Mass storage device mode.

4.) Now, 2 drives should show up, (depending on if you’re using Windows or if you have automount setup under Linux). The drive that is the size of your MicroSD card, is your MicroSD card. (I know.. DUH)

5.) Fire up unetbootin, select Diskimage option, locate where you downloaded the BackBox iso and select it.

6.) Make sure you have the correct drive selected and finally click ‘OK’.

7.) Once the process is done, reboot your computer.

8.) Hit F2 (or it could be other keys, like F9) for your BIOS or better yet if there is an option for a boot menu, hit that key.

9.) Select to boot off of the N900 (some BIOS will show two and not differentiate the two, while other BIOS will state that there is a removable n900. If you’re not sure, just change your boot order to have both N900’s as the first and second boot devices. If your BIOS shows the removable N900, this is the one you want to boot off of.)

10.) Your computer should now be booting off your MicroSD card which is in your N900.

The real cool thing here, is that you can still use your N900 while the computer has booted off of your N900. So you can still make phone calls or surf the net with it.

Now you may be asking yourself, “Why would I want to do this?”. I ran through a couple scenarios in my head, the first, is if you only have one USB drive that is currently in use running, say L0phtcrack on one workstation, but you want to multitask and still explore the network further. Well you have your handy and now bootable N900. Lastly, it seems as if most computers (from my experience) don’t have a MicroSD card slot but have USB ports.

Finally, I naturally tried BackTrack 4, but it would not boot and it would shove me to a busybox shell. I didn’t feel like dealing with finding a fix at the time, so I thought I would find a different distro.

If I do more interesting and original things with my N900, I will post more.

As usual more to come…

8 Comments :, , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , more...

New Section

by on Feb.13, 2010, under Posts


I’ve added a new section, that has a link to very useful web pages that come with BackTrack 4 final.

Leave a Comment :, , , , more...

Installing Backtrack 4 (after Windows XP and Ubuntu) + MORE

by on Feb.08, 2010, under Posts

Now, I don’t mind booting off of a flash drive that has BackTrack installed on it via unetbootin , but having the ability to triple boot between 3 operating systems via grub was just too tempting.

Keep in mind that most guides suggest to install Windows XP, then Backtrack and finally Ubuntu. This is the simple way and a lot less hassle, but my guide is geared towards individuals like myself who’ve installed Windows and Ubuntu and then, finally decided they wanted to install BackTrack.

The first task that I needed to do was, to make an empty partition on my laptop’s hard drive. I decided to shrink my Windows XP partition even more via a wonderful too called: Easeus Partition manager.


I shrank down my Windows XP partition so I would have an empty partition of about 17 gigs for BackTrack 4.

Doing this, changed my partition numbers under Ubuntu, so I had to change my partition number for Ubuntu under menu.lst. Without doing this, grub loader could not find the necessary files to boot Ubuntu. (If you’re wondering how I did this, you can change boot settings on the fly with grub, by invoking ‘e’ at the boot menu.)

I then followed this guide pretty closely:

Here is the text-only cached version from google:

(Hopefully this link works, because recently I’ve noticed that the remote-exploit forums have been inaccessible.)

This guide got me to the point where, I had everything copied over that was necessary for BackTrack 4 to run. However, the suggested method for modifying my menu.lst for BackTrack 4 was not quite what I expected.

For BackTrack 4 to boot for me from the grub boot loader, I had to make my menu.lst entry look like this:

title           Backtrack 4 Final
root            (hd0,4)
kernel          /boot/vmlinuz- rw root=/dev/hda5
initrd          /boot/initrd.img-

Now, your hd location will most likely be different, but the point I’m trying to make here, is that the kernel and initrd settings are completely different from what the guide suggested in the forum.

After making these changes, I was able to get into BackTrack 4, but there were more problems to come!


I own a Gateway MT3707, which for it’s WLAN card, it has a Realtek RTL8185 wifi card. I haven’t had much luck with getting it to work with the Linux drivers in the past, so I’ve resorted to ndiswrapper.

BackTrack did have some drivers for my wifi card, but they didn’t work what so ever. So, I did give ndiswrapper a try but it did not work.

This is what worked for me:

Firstly, edit /etc/modprobe.d/blacklist and add: blacklist r8187, blacklist r8180 and blacklist ndiswrapper .

Secondly, with an ethernet cable attached to my laptop, I downloaded the drivers from Realtek, which are for Linux.


Again, in the past these drivers haven’t worked for me, but Realtek was kind enough to update them.

After following the directions and rebooting, I thought I was on my way to getting on my wireless network. Lo and behold, ..no this wasn’t true.

By doing:

iwlist wlan0 scan

I was getting a weird permissions error, which was odd because I was root. So, just for the fun of it I tried using dhclient.

dhclient wlan0

I then, received NO DHCP Leases (basically I couldn’t get an IP address). Using iwlist again just for a last resort, I did get results and no errors (which was quite weird).

After setting my essid via iwconfig, I was finally able to get onto my network!

At a later time, I booted back into BackTrack 4 and tried getting back on to my network. Yet again, I was getting the same permissions error when I used iwlist and then it would lead to no results. The only odd way to mend this was to run dhclient first and then use iwlist to look for wifi networks.

To make a weird fix for this, I added this file to /etc/init.d/ :

(Name fixme)


dhclient wlan0 &> /dev/null &
sleep 3.5;
kill $(ps -A | grep dhclient | awk '{print $1}' | head -n1);
exit 0;

Make this file executable by using chmod and then use sysv-rc-conf (or chkconfig if you want) to make sure that it runs at the following levels (which worked for me): 2, 3, 4, 5 and S.

This will run dhclient in the erroneous way for you and then kill it, that way you’ll be able to use iwlist to view your networks. I honestly think this has the affect of the ‘pump’ command.

Lastly, I should note, that for my wifi card to work in BackTrack 4, I can’t reboot from another operating system into BackTrack 4 and have it work. I have to totally power off my laptop and then boot into BackTrack 4 and then my wifi card will work. This was kind of a pain. I hope this helps some one.

More to come.

3 Comments :, , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!