The PDA of tungsten

Continuing with the series of articles in which we are seeing how the Palm can be the tool preferred of hacker, after to have seen the necessary tools for the most habitual tasks of networking, we are going to treat techniques to detect networks and to create less conventional connections:

• For the Palm with bluetooth, BtSerial Pro allows to connect them to any device bluetooth, that has supported to the service of port series bluetooth. This allows us to easily connect movable, sensorial telephones, etc. In the same page we can find but gratuitous BtSerial, and BtServer more basic, that allows to create the port series bluetooth in masterful way, so that other devices bluetooth connect him. For example, using BtSerial in a PDA and BtServer in another one, we have a basic system of chat by bluetooth.

Connecting by bluetooth with BtSerial

• With respect to the networks wifi, whenever our Palm has east type of integrated connectivity, like in the Lifedrive or the TX, or we have bought a card SD wifi, we will be able to use the tools that already we saw in this other article on the subject: NetChaser, Wiffi, Wifi-where, etc, that will allow to detect networks us wifi in our environs without having to load with a portable one.

Detecting networks wifi with NetChaser

• For the equipment that has an infrared port (IrDA), the utility will come to us very well TO GO Ping. This program allows to verify the communications between a Palm and any other equipment with infrared port, like printers, movable telephones, or another PDA.

Analyzing a connection by infrared

Finally, a peculiar use of the port infrared is the one to use the Palm like remote control of a car, although of course, in the old models that used this type of connection, since nowadays all the controls work by radio frequency.

It is possible to emulate a control of infrared our Palm

Now already we know like connecting our Palm in a network. In next post of this series we will see all the tools of network analysis that exists for our Palm.

By: Tricks
8 commentaries | Trackback |  To print this post

Carlos, of Lost in Japan, has remembered to me that today is the BlogDay. Thank you very much Carlos to choose the PDA of tungsten! It has animated to participate to me clearly, so I am going to mention five blogs that does not have anything to do with the Palm but that itself by far interest (besides Lost in Japan and all the others blogs which I connect from the PDA of Tungsten,):

BlogDay 2007 (31 of August - 3108)

• SigT is blog where his author, Armonth, publish much interesting information regarding WordPress, the CMS on which works the PDA of Tungsten. But also I like many other things that generally write on the world of computer science and the technology. For that they want to be up-to-date of the new features in the world of Wordpress in Spanish, I recommend the Wordpress Planet, where Anieto and many others also collaborate bloggers with very good hand with this CMS.
• Flashes are blog of surprising histories. I really ask myself which can be the sources that Aberron has to have always material so interesting. Test of its quality is that it has appeared several times mentioned in Microsiervos, and has gained it by own merits.
• Obsolete technology is another one blog that is worth the trouble, with histories not so startling, but with their own “style” that makes interesting, besides emphasizing by the information that contributes. Note when there is somebody behind blog that knows than is spoken.
• Histories of science are another one of my favorites to read long and interesting entrances. Cargadito of scientific anecdotes and details of the life and discoveries of the scientists who have marked the difference in our History, is a very pleasant reading, and with the same sensation at the end of reading something written by which it knows than it speaks.
• In order to finish, Diariomotor is blog that itself to be abreast of the launchings of new models, new spy photos, peculiar histories related to the world of the motor, etc. They do not overload to the reader with so many posts daily as in others blogs of motor, something that is thanked for, and its style turns out pleasant to read, I suppose that for that reason it has gotten to be one from my favorites.

I hope that these recommendations make discover some you blog that you did not know and that you like. Animaos to continue this “meme” recommending other five blogs, and between all we will unearth many that the pain is worth to know.

By: generally
5 commentaries | Trackback |  To print this post

We continue discovering tools to turn the Palm into a tool of hacking. Today we will see like acceding remotely to servants of different types:

• The king of the remote access in graphics mode is VNC, the compatible open standard with Windows, Linux, MacOS, etc. and best client VNC for our Palm is PalmVNC 2,0, of which already we made an analysis in depth at the time.

Acceding to the writing-desk of Windows by means of VNC

• For that they want to use Terminal Server or Remote Desktop in a machine Windows with this installed service, Mobile TS exists. It is of payment, but we can lower to a version demo to prove it.
• Win-Hand Anywhere is a propietary tool, but it promises good results with a great ease of use: to cross any firewall that has installed in the network, to work with any way of connection, or Bluetooth, WiFi, 1xRT, GPRS, USB, among others, to work on any Palm with 3,0 PalmOS or superior and a PC with Windows 95 or superior, etc.

Acceding to the writing-desk of our PC from the Palm

• RemoteGin is another program of payment that supports to remote access to a machine Windows through Internet. It is optimized for networks wifi and great screens.
• 
  Handling our Palm from the writing-desk of the PC
  • For that they are thinking about using a Palm like element of interaction with a developing software, surely PalmPanel is to them from utility. One is framework for development of applications that allows to use the Palm like graphics terminal of appliances and services based on GNU (Linux/BSD/etc). In the Palm a small client of only 30Kb settles, in the servant framework allows to quickly develop easy and graphical interfaces in Python, that use the Palm like light client (thin-client) of graphics terminal.

  
  Example of application running in the Palm from a servant

  Our Palm not only can be client of these services installed in other equipment, but it can also work like servant.

  • for httpd PalmOS is a small Web server (HTTP). By defect it serves the memos, contacts, calendar, documents, and a summary of the data bases installed in the Palm.
  • WirelessModem works like pseudo servant proxy. It is a small application that allows to use the Treo like a wireless adapter wifi (for the Palm with wifi) or wireless modem (for Palms with a plan of data GSM/CDMA). Unfortunately it has stopped being available in the page of the developer, reason why it will be necessary to obtain it by other means.
  • mFTP is a servant FTP for our Palm. The author was tired of which the Hotsync by network was to him so slow, so it developed east servant to be able to transfer archives from his Palm of fast and simple way.
  • Finally, a called servant FTP PalmFTPserver created by habitual a Palmero companion of the forums of PDAExpertos exists, that has evolved towards PalmMultiServer, an integrated servant FTP and HTTP, del who are screen captures, although I have not found version to unload.

  
  PalmMultiServer acting like servant FTP in the Palm

  It exists more software for PalmOS related to servants, but fodder that this compilation gives an idea than we can be found, that it is not little. In following post we will continue seeing like removing to all the party to our Palm for tasks from hacking and networking.

  By: Tricks
  14 commentaries | Trackback |  To print this post

Crackear passwords is a work that always has been vitally important when acceding to protected apparatuses: as much to accede of nonauthorized way, like reclaiming the access when our password has forgotten to us, or it has been changed indeed by an attacker. They can be used therefore to try to enter a servant whose file of passwords has been it jeopardize, or indeed to verify that our security system is reliable before passing it to production.

He is advisable to know, nevertheless, that 99% of the attacks that become to a system protected by passwords, can be rejected simply choosing well our passwords. A always chosen bad password will be the weak point of the system, as it were already spoken in posts dedicated to how creating and administering good passwords with the Palm.

A good password will protect our system to a great extent

Returning to the subject from this post, for these necessities related to crackear passwords, there is a great number of tools for the Palm. We see some:

• PalmCrack with list of words deals with to burst a file of UNIX passwords (that uses the Crypt function (), therefore will not be worth for one BSD), CISCO (type 7, it will not be worth for encryption type 5), or Windows NT (hashes of password NT LANMAN, not hashes MD4 of answer to challenge). If the program finds a list of words it will use, it to try to crackear the passwords. , Whichever by all means better it is this list, more effective will be the program. If it does not find a list of words, will try an attack by brute force. In order to create our own list we can use script in Perl PCMwDB.

palmCrack allows to crackear passwords of several systems

• MD5 can calculate hash MD5, or also try to break it by brute force. Recommended PalmOS 5.
• Hydra is a crackeador of login (authentication), flexible, fast and tensile, that supports protocols telnet, FTP, HTTP, HTTPS, HTTP-PROXY, SMB, SMBNT, MS-SQL, MYSQL, REXEC, CVS, SNMP, SMTP-AUTH, SOCKS5, VNC, POP3, IMAP, NNTP, PCNFS, ICQ, SAP/R3, LDAP2, LDAP3, Teamspeak, Cisco auth, Cisco inable, LDAP2 and Cisco AAA (impressive list).
• NotSync demonstrates the simplicity with which the password of system of a Palm can be obtained and be decoded. This tool imitates the initial steps of hotsync, through port of infrared, to obtain this indeed. The program is the test of concept of the called document “Palm OS Password Retrieval and Decoding” and although he is not available already in his Web, surely can be obtained by other means.
• Palm OS Password Lockout Bypass for PalmOS 3.5.2 and inferiors. Using a back door of the operating system, it can secure to the password and other data of the Palm, still being blocked.
• If you have forgotten the password your Palm, installs Security not to eliminate the password without losing the blocked registries. System Password Cleaner is worth for the same. Crackea Sword or replaces the password of the Palm Pilot without knowing the existing one. Like the previous one, it serves to enter the Palm when you have forgotten the password, without losing your confidential information. He is shareware. pCack is another option, only valid for previous PalmOS 3.5.1 or. Palm Password Cracker does the same but in the PC, without needing installing nothing in the Palm. I have not been able to find it in Internet, although surely it is in favor of some side.

Different ways exist to jump the password of the Palm

• Finally, a curiosity that leaves the world of software to jump to hardware. There are programs that by means of a mathematical algorithm reduce the number of possible combinations for a MasterLock padlock, of the 64,000 original ones to 64. SkeletonKey and Pmaster are two examples, although they need like parameter one of the numbers of the combination.

A padlock Masters Lock

As we see, very prolific the world of cracking of passwords, even for the Palm. In next post we will continue seeing how turn our Palm into the definitive tool for hacking.

By: Tricks
10 commentaries | Trackback |  To print this post

Continuing our compilation of software for our Palm turns that it into a tool of hacking, today we will see as we can realise transferences of files. There are manifolds ways to transfer files to and from our Palm, following the protocol that we use:

• For transferences by means of FTP, some of the gratuitous clients who exist for Palm are LFtp, VSFtp and vPalmFtp. As servant we can use our own PC, installing for example the Filezilla Server.

Acceding to a servant FTP from the Palm

• In machines Windows usually he is used protocol SMB to share archives and directories. How no, for Palm several clients SMB like Palm SMB Client, FilePoint and SMBMate exist, that now became WiFile, of payment but with support of FTP, SMB and WebDav.

With Wifile we can accede to the shared resources wirelessly

• Another possibility is that we need to unload contents via Web (protocol HTTP). For it exists LGet, that keep pages directly Web in format DOC, and Downloader, that allows us to directly unload files of the Web in the memory card. HttpTester on the other hand does not serve to unload content, but rather to realise tests of commandos GET, HEAD, PUT and DELETE, reason why it will be helpful for developers that are working with applications Web.
• Once we have the archives in our Palm, to manage Filez recommends them, since he is excellent and gratuitous. You can read the analysis in depth that was made at the time of this program in this blog.
• Clearing the incredible thing, we were with Onager, graphical surroundings for the client of networks P2P Mldonkey (who connects to the networks eDonkey, Bittorrent, Kazaa, Gnutella and Overnet, among others). Ideal for which the 24 hours have a computer without keyboard nor screen unloading and want to accede to him from the Palm.

It manages your unloadings of eDonkey, bittorrent, etc from the Palm

• Finally, also clients of virtual network exist private (VPN), who allow to connect themselves of safe way to other networks (like connecting from house to the office) through an uncertain network (Internet). MergicVPN uses protocol PPTP (Point to Point Tunneling Protocol), whereas MovianVPN uses IPSec.

More difficult still: connection SSH on VPN from the Palm

The possibilities counting on a as small equipment as a Palm, but on the access to as complete network as the one of a PC, are infinite. In next post we will see more functionalities of the Palm like tool of hacking.

By: Tricks
15 commentaries | Trackback |  To print this post