Pentest Tools

Published on April 8th, 2016 📆 | 4060 Views ⚑


Embedded Systems Security: BusyBotNet


Busybotnet is a fork of busybox that aims to make many of the security tools that are often only found on full systems available to their resource lacking counterparts we call embedded devices. With the recent surge in popularity of such devices (aka, the explosion of the ‘internet of things’), came many, many security issues. Part of the problem is that it’s difficult to implement cryptography tools on systems with limited resources, and the rest is caused by incompetent OEM’s that never issue updates or bother to patch any of the gaping security holes in their systems. This inevitably leads to the devices being re-purposed by hackers, visa vi botnets… The point of this project is to provide all of the security tools a system admin needs to administer embedded devices in one static binary, hence the term, “Busybotnet”.

This is a dangerous executable in the hands of the wrong person. It contains tools that could be used maliciously. “A script kiddies wetdream”. Don’t leave copies of these binaries lying around without security measures (good file permissions, etc).


`7MM"""Yp,                              `7MM"""Yp,           mm   `7MN.   `7MF'         mm    
  MM    Yb                                MM    Yb           MM     MMN.    M           MM    
  MM    dP `7MM  `7MM  ,pP"Ybd `7M'   `MF'MM    dP  ,pW"Wq.mmMMmm   M YMb   M  .gP"Ya mmMMmm  
  MM"""bg.   MM    MM  8I   `"   VA   ,V  MM"""bg. 6W'   `Wb MM     M  `MN. M ,M'   Yb  MM    
  MM    `Y   MM    MM  `YMMMa.    VA ,V   MM    `Y 8M     M8 MM     M   `MM.M 8M""""""  MM    
  MM    ,9   MM    MM  L.   I8     VVV    MM    ,9 YA.   ,A9 MM     M     YMM YM.    ,  MM    
.JMMmmmd9    `Mbod"YML.M9mmmP'     ,V   .JMMmmmd9   `Ybmd9'  `Mbmo.JML.    YM  `Mbmmd'  `Mbmo 
  01000010 01110101 01110011 01111001 01000010 01101111 01110100 01001110 01100101 01110100


Embedded Systems Security:
BusyBotNet – Compiling & Installation

$ make clean
$ make menuconfig -- Configure your build
-- Choose applets to include --
$ make
To install, run ./busybox --install -s /path/to/wherever


    —  Cross Compiling

Grab the latest buildroot and build it (same as above, $ make clean;make menuconfig;make)

Configure with make menuconfig -- Specifically, tell busybotnet where your toolchain and sysroot are located. 
$ make


Currently Defined Functions:

As you can see, many new features have been added to busybox. Particulary interesting are the cryptography applets. This is an incomplete list of the applets enabled during the last build:

evil@devbox:~/busybotnet$ ./busybox
BusyBox v1.24.1 (2016-03-15 22:49:48 CDT) multi-call binary.
BusyBox is copyrighted by many authors between 1998-2015.
Licensed under GPLv2. See source distribution for detailed
copyright notices.

Usage: busybox [function [arguments]...]
   or: busybox --list[-full]
   or: busybox --install [-s] [DIR]
   or: function [arguments]...

    BusyBox is a multi-call binary that combines many common Unix
    utilities into a single executable.  Most people will create a
    link to busybox for each function they wish to use and BusyBox
    will act like whatever it was invoked as.
[adsense size='1']
Currently defined functions:
    [, [[, acpid, add-shell, addgroup, adduser, adjtimex, aescrypt, arp,
    arping, ash, awk, base64, basename, beep, beer, bindtty, blkid,
    blockdev, boink, bonk, bootchartd, brctl, bunzip2, bzcat, bzip2, cal,
    cat, catv, chat, chattr, chgrp, chmod, chown, chpasswd, chpst, chroot,
    chrt, chvt, cksum, clear, cmp, coke, comm, conseal, conspy, cp, cpio,
    crond, crontab, crypthash, cryptpw, cttyhack, cut, date, dc, dcd3c, dd,
    deallocvt, delgroup, deluser, depmod, devmem, df, dhclient, dhcprelay,
    dhgenprime, diff, dirname, dmesg, dnsamp, dnsd, dnsdomainname,
    dos2unix, dpsc, dpss, du, dumpkmap, dumpleases, ecdsa, echo, echoize,
    ed, egrep, eject, env, envdir, envuidgid, ether-wake, expand, expr,
    fakeidentd, false, fatattr, fbset, fbsplash, fdflush, fdformat, fdisk,
    fgconsole, fgrep, find, findfs, flash_eraseall, flash_lock,
    flash_unlock, flashcp, flock, fold, free, freeramdisk, fsck,
    fsck.minix, fstrim, fsync, ftpd, ftpget, ftpput, fuser, genericsum,
    genkey, getopt, getty, gewse, gewse5, grep, groups, gunzip, gzip, halt,
    hd, hdparm, head, hexdump, hostid, hostname, httpd, hush, hwclock,
    i2cdetect, i2cdump, i2cget, i2cset, id, ifconfig, ifdown, ifenslave,
    ifplugd, ifup, inetd, init, inotifyd, insmod, install, ionice, iostat,
    ip, ipaddr, ipcalc, ipcrm, ipcs, iplink, iproute, iprule, iptunnel,
    jolt, kbd_mode, kill, killall, killall5, kissofdeath, kkill, klogd,
    knbot, land, last, latierra, less, linux32, linux64, linuxrc, ln,
    loadfont, loadkmap, logger, login, logname, logread, losetup, lpd, lpq,
    lpr, ls, lsattr, lsmod, lsof, lspci, lsusb, lzcat, lzma, lzop, lzopcat,
    makedevs, makemime, man, md5sum, mdev, mesg, microcom, mkdir, mkdosfs,
    mke2fs, mkfifo, mkfs.ext2, mkfs.minix, mkfs.vfat, mknod, mkpasswd,
    mkswap, mktemp, modinfo, modprobe, more, mount, mountpoint, mpstat,
    mqtte, mt, mv, nameif, nanddump, nandwrite, nbd-client, nc, nestea,
    netscan, netstat, newtear, nice, nmeter, nohup, nslookup, ntpd, ntpdos,
    od, openvt, orgasm, ottf, passwd, patator, patch, pgrep, pidof, ping,
    ping6, pipe_progress, pivot_root, pkdecrypt, pkencrypt, pkill, pksign,
    pmap, pong, popmaildir, poweroff, powertop, printenv, printf, proxcat,
    ps, pscan, pstree, pubclient, pud, pwd, pwdx, raidautorun, raped,
    rdate, rdev, readahead, readlink, readprofile, realpath, reboot,
    reformime, remove-shell, renice, reset, resize, rev, rm, rmdir, rmmod,
    route, rpm, rpm2cpio, rsadecrypt, rsaencrypt, rsagenkey, rsasign,
    rsaverify, rtcwake, run-parts, runlevel, runsv, runsvdir, rx, script,
    scriptreplay, sed, sendmail, seq, setarch, setconsole, setfont,
    setkeycodes, setlogcons, setserial, setsid, setuidgid, sh, sha1sum,
    sha256sum, sha3sum, sha512sum, showkey, shuf, slattach, sleep, smemcap,
    snmpdos, sockstress, softlimit, sort, spiffit, sping, split,
    start-stop-daemon, stat, stream, strings, stty, su, subclient, sulogin,
    sum, sv, svlogd, swapoff, swapon, switch_root, sync, synk4, synscan,
    sysctl, syslogd, tac, tail, tar, tcpsvd, teardrop, tee, telnet,
    telnetd, test, tftp, tftpd, time, timeout, top, torloris, touch, tr,
    traceroute, traceroute6, true, truncate, tty, ttysize, tunctl,
    ubiattach, ubidetach, ubimkvol, ubirmvol, ubirsvol, ubiupdatevol,
    udhcpc, udhcpd, udpdata, udpspoof, udpsvd, uevent, umount, uname,
    uncompress, unexpand, uniq, unit, unix2dos, unlink, unlzma, unlzop,
    unxz, unzip, uptime, users, usleep, uudecode, uuencode, vconfig, vi,
    vlock, volname, wall, watch, watchdog, wc, wget, which, who, whoami,
    whois, wingatecrash, xargs, xersex, xersextcp, xz, xzcat, yes, zcat,


Source && Download

Leave a Reply

Your email address will not be published.