Author:ppolstra The World of Infosec
Born at an early age and causing trouble ever since.
Intro: The Deck - Portable Penetration Testing and Forensics System
The Deck is a full featured penetration testing and forensics system based on the BeagleBoard-xM. It will also run on the BeagleBone. The Deck is an Ubuntu-based Linux distribution. It contains everyone you would ever need and more in a small package. Because the system is low power it can be run for days or weeks from battery power. It should be possible to run The Deck indefinitely from solar power. Having a full set of tools that run on the BeagleBoard-xM and also the BeagleBone allows a lot of flexibility. The Deck is equally suited as a portable penetration testing platform and as a drop box. More information on The Deck can be found here http://ppolstra.blogspot.com/2012/09/introducing-deck-complete-pentesting.html Please note that this website will not allow uploading the 3GB install file for The Deck. The appropriate images can be downloaded from my website listed on the blog or preloaded microSD cards are available from a vendor also listed on my blog (I don't get any money from the vendor, so don't feel like you have to use them, it is up to you to decide if you want to save the hassle). The Deck works equally well on systems with a 7" ULCD7 touchscreen or with an external monitor/TV via the BeagleBoard-xM HDMI or S-video port. My personal setup consists of a BB-xM with the ULCD7 mounted in a Buzz Lightyear lunchbox, a second BB-xM without a display, and a BeagleBone. I connect them together with a USBpowered network hub. I also have 2 Alfa wifi adapters and a directional antenna for wifi hacking. The Deck debuted at 44Con 2012 in London in September 2012. The slides from my 44Con presentation are available at http://www.slideshare.net/ppolstra1/polstra44con2012 You may find these useful if you want to build one of these devices. You might check the website http://44con.com as the audio and video from this presentation may appear there. It was also presented two weeks later at GrrCON in Grand Rapids, Michigan so you might want to check http://grrcon.org for that video as well. You can find out more about this an other projects on my blog http://ppolstra.blogspot.com or by following me on Twitter @ppolstra.
Step 1: Gather Materials
You will need the following to create your own version of The Deck: 1. A BeagleBoard-xM. True it will run on the BeagleBone, but I recommend the BB-xM for the main system and the BBone for drop boxes and such. 2. A microSD card of at least 8GB. The Deck needs about 6GB (yes, there are lots of goodies in there). Personally, I recommend a 16GB or larger card. 3. A linux computer with the ability to write to a microSD card (perhaps with an adapter). 4. You will need to download the install archive (see next step) or alternatively you can buy preloaded cards at https://specialcomp.com/beagleboard/thedeck.htm (Disclaimer: Special Computing offers these products as a convenience and I am not involved with this company). 5. Optional: If you want to have a small self-contained system you might pick up the ULCD7 7" touchscreen. These run about $139 and you can plug the BB-xM right into them. Alternatively, you can hook your BB-xM up to any TV or monitor that supports HDMI or S-Video. 6. A presenter keyboard/mouse combo. I like the Favi unit which you can get for about $25 from Amazon or other retailers. 7. Optional: If you want a small power supply you can make one with the following: 2 9V battery clips, a 7805 voltage regulator, a small capacitor (100 uF is probably good), a 2.1 by 5.5 mm barrel plug, and a few pennies to use as a heat sink. Note that this can be used to power the device without a touchscreen. The touchscreen sucks a lot of power and I'm not responsible for any fires you start trying to run it off this power supply. You can also use any combination of batteries that are above 6V, including rechargeables. 8. Optional: If you aren't getting the display you might want to get a case for your BB-xM. The same source that sells the preloaded microSD cards also sells acrylic cases. They might even sell you a laser engraved one that those in the picture if you ask. There are other sources of cases for the BB-xM as well or you can custom make your own.
Step 2: Load your card
You will need to download the archive which includes an install script (and instructions too). 1. Create a directory to work in on your Linux computer "mkdir thedeck". 2. Change to the directory "cd thedeck". 3. Download the archive to your Linux computer using "wget http://www.udcis.org/TheDeck/thedeck-v1.0-44con-ed.tar.gz". 4. Uncompress the archive with "tar xzvf thedeck*.tar.gz" 5. You need to determine the device for your microSD card. If you haven't already done so, insert your microSD card. You can use the setup script to figure out the right device using "sudo ./setup_sdcard.sh --probe-mmc". Make a note of the device letter. 6. Now you can load the card. If you are loading a card for a system with the ULCD7 the command is "sudo ./setup_sdcard.sh --mmc /dev/sdX --uboot beagle_xm --addon ulcd" Where X is your drive letter (don't add any numbers!) If you do not have the ULCD7 just leave off the last part and use "sudo ./setup_sdcard.sh --mmc /dev/sdX --uboot beagle_xm" or if you are installing on a BeagleBone "sudo ./setup_sdcard.sh --mmc /dev/sdX --uboot bone" 7. Go do something else for a while! Installing to a class 4 card takes about 1.5 hours. If you have a faster card it will take less time, maybe as little as 20 minutes for a class 10 card.
Step 3: First boot
Now you are ready to boot up the system for the first time. 1. Install the microSD card into the BB-xm (or BBone). 2. Attach any peripherals before you power it up. This is especially important for any monitors. 3. Power it up. 4. It should boot. Note that the first boot may take a little longer than normal. 5. The "Demo User" with user name ubuntu has a password of "temppwd" which you will need to login. 6. Once you are logged in go exploring. You should have all the fun tools installed. You may wish to update your copy of Metasploit and possibly the OS itself. 7. At a terminal change to the Metasploit directory "cd msf". Then update your exploits "sudo ./msfupdate". 8. To update the OS "sudo apt-get update && sudo apt-get upgrade".
Step 4: Go forth and pwn!
Everything you could want is installed already in The Deck. Most of the packages are stored in reasonable places. This is a bit different from what is done in other distributions such as BackTrack. Things that don't easily fall into a standard place (like password crackers) are stored in the /pentest directory. the screenshots give you an idea of just some of the things you can do. Several tools which debuted at DEFCON XX in July 2012 are included in The Deck. If you think something should be included make your case, or better yet port it then tell me about it. :-)
Step 5: Optional: install addons
The first addon for The Deck is the 4Deck. The 4Deck allows you to create a magic hub that automatically mounts every USB mass storage device connected to it read only. You can install it on The Deck by downloading the install script using "wget http://www.udcis.org/TheDeck/4deck-v1.0.tar.gz", uncompressing the archive with "tar xzvf 4deck*.tar.gz". Note that this should be done ON THE BEAGLEBOARD not on your Linux desktop or laptop. Follow the install instructions included and you should be in business.
Step 6: Optional: Create a battery power supply
Put the 7805 flat on the table. The leftmost pin is the positive for your battery (6-14 volts), the middle pin is ground, and the right pin is +5V. If you are using 9V batteries attach the red wires to the left pin and the black wires to the middle pin. Attach the outer connector for your 2.1 by 5.5 mm barrel plug to the middle pin and the inner conductor to the right pin. Connect your optional capacitor to the middle and right pins. If you use an electrolytic capacitor be careful since they are polarized, so make sure the + side is connected to the right pin. For a heat sink most any small piece of metal will work. I used 3 pennies with a hole drilled in them bolted and soldered to the 7805 heat sink. There are variations on this supply. Note that the higher your voltage is over 5V the more heat (and waste) you will have. If your supply voltage is too high you might consider something better than the 7805. The biggest pluses for the 7805 is that it is cheap and small. As previously noted, do not use this supply with the touchscreen. The touchscreen uses a lot of power and you might start a fire. At a minimum you will burn through batteries pretty quickly.
BeagleBone : Ubuntu OS & LXDE GUI by waymond91
Bypass BIOS Boot or OS Login to "most" any computer ... with console access by erckgillis
MyLittlePwny Make a self powered pentesting box out of the Raspberry Pi for around $100 by Bellerophon2200