June 12, 2017 | Article | No Comments
It’s been a while after my latest post about “building something”.
Lately I want to download some files from vulnhub site. Since some months ago I accidentally delete my collection (which are not touched often), I have to redownload most of them (16 pages). Manual download is not an option as I rarely stay at home with rather stable home connection. It is also not possible for me to use torrent when I am doing onsite pentesting. Therefore I decide to build a dedicated box for torrent activity.
The next section is about the requirements I need and the solution I have. If, for whatever reason, you want to know the steps of building then you can skip the next section.
What I want is a small box with sufficient resource, supplied by stable connection. It would sits in my room, connected to internet and can be remotely controlled wherever I am. PC is overkill for this task, besides I don’t have working PC right now. The alternative is single board computer. From many options I have (Raspberry Pi, Beagleboard, ODROID, etc) I pick ODROID. It might be subjective but my ODROID XU4 has 2 slots of USB3, which some SBCs don’t have.
Storing downloaded files on a single SD card is not wise. I use one of my external HDD as storage, connected via USB3, should be fast enough.
There exists some implementation of bittorent client for linux. But I use Transmission. It works fine.
When I said “the box should be able to remotely controlled wherever I am”, I didn’t mean to give it a dedicated IP address. It’s obviously mandatory for us to keep our box behind the firewall. So for this goal, I need a rendezvous point, a tunnel, a middleman which will redirect all traffic between my box and me. It’s not port forwarding on router. I don’t have access to that. To solve this, I can use socat or ssh tunnel for creating two open end tunnel. However, I need simple and reliable solution so I use service for that. Either ngrok, PageKite, and Forward are suitable but I choose ngrok.
0. Minimal Setup
I use ODROID XU4 as BSC. You can read the user manual here.
The operating system I choose is Ubuntu minimal, which can be downloaded here. I only need linux as base system and no need fancy GUI so ubuntu minimal is perfectly fine.
Consult the user manual to burn the image to uSD card. Though some aspect is different you can use this article as guide.
1. Component Installation
Don’t forget to update the package list and confirm that we have working connection
apt-get install transmission-cli transmission-common transmission-daemon
Like other service, transmission is composed of a daemon (transmission-daemon) that manage all bittorrent activities and clients. The transmission-cli is a client program, use CLI.
Check whether the service is working fine.
service transmission-daemon start service transmission-daemon stop service transmission-daemon reload
Don’t forget to enable it.
systemctl enable transmission-daemon
Next we need to install ntfs-3g package to mount NTFS partition. We also need unzip to unzip files and screen to create a background job elegantly.
apt-get install ntfs-3g unzip screen
2. Disk Configuration
In this article, I mount my disk on /mnt/disk0. I also create a directory on /mnt/disk0/transmission with following subdirectories for torrent operation.
mkdir /mnt/disk0 ntfs-3g /dev/sda1 /mnt/disk0 mkdir /mnt/disk0/transmission cd /mnt/disk0/transmission mkdir completed incomplete torrents
3. Configuration Script
Transmission daemon need a configuration script in /etc/transmission-daemon/settings.json to run properly. If the service is restarted or stopped then started, a new configuration file is created (overwriting the old one) so if we have customed the script then we need to reload the script. However accident might happen, thus we move the original file to safe location and link it.
mv /etc/transmission-daemon/settings.json /opt/transmission-settings.json ln -s /opt/transmission-settings.json /etc/transmission-daemon/settings.json
Next we configure it. There are some settings I change so you should adjust it to your case (trunked)
"download-dir": "/mnt/disk0/transmission/completed", ... "incomplete-dir": "/mnt/disk0/transmission/incomplete", "incomplete-dir-enabled": true, ... "rpc-authentication-required": true, "rpc-bind-address": "0.0.0.0", "rpc-enabled": true, "rpc-password": "[email protected]", "rpc-port": 9091, "rpc-username": "ursa", "rpc-whitelist": "127.0.0.1,*.*.*.*", "rpc-whitelist-enabled": true, ... "umask": 2, ... "watch-dir": "/mnt/disk0/transmission/", "watch-dir-enabled": true
To enable remote connection, we need RPC. It will listen on port 9091, ready for taking command. I don’t want the box is left without authentication so we need to supply one. On my In this example I need to supply “ursa” as username and “[email protected]” as the password.
4. Setting up Rendezvous Point
To use ngrok service we are obligated to have valid identity there. Sign up here to begin. You need to get an API key which will be used by ngrok.
Download the “agent” into our box. As the ODROID is an ARM board, we need the ARM version of ngrok. Extract and authenticate.
wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip unzip ngrok-stable-linux-arm.zip mv ngrok /usr/local/bin/ngrok ngrok authtoken <your auth token here>
Ngrok need tio remain running for functioning tunnel.In some case it is not possible therefore we need to run ngrok on detachable session. Screen is used for that.
There we are on a screen session. Run the ngrok, create a tunnel for tcp port of 9091.
ngrok tcp 9091
Read the endpoint described there. It should be a domain of ngrok with some port.
To exit, first CTRL+A and then press D. We are out of screen session but the ngrok is still running on that session.
Download Transmission Remote GUI. Click on Torrent – Connect to Transmission – New connection. Fill the URL offered by ngrok earlier and don’t forget to enable authentication.odroid