2020 Book “Reviews” – Part Two

Spook: Science Tackles the Afterlife – Mary Roach
I was going into this expecting Mary to rip apart all the famous (or infamous) “ghost photos” and whatnot with some behind-the-scene knowledge and a little common sense. Instead it covers a select few “paranormal” and unknown scientific-ish topics, sighting research, and covering some anecdotes and research of the authors own. All this is done with smile-inducing witty comments and a constant sense of “get a load of this guy”. I’m looking forward to reading more of Mary Roach’s books.

Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground – Kevin Poulsen
This was a deep dive into Max Ray Butler’s life in the cybercrime world of carding. I really enjoyed this over Brian Kreb’s Spam Nation, which covered a similar topic. Kevin Poulsen focused on the subject at hand, not really getting into morality or any personal anecdotes about the story, like a real journalist. It is an interesting story of the early days of the carding scene and the ease of cybercrime in the days after the dotcom bubble. A very good read if you are interested in infosec.

The One-Straw Revolution – Masanobu Fukuoka
I want to start off with saying I know very little about farming. However, this book is just as much about philosophy as it is about farming. As much as I enjoyed this, I do feel that while the farming technique explained in this book (a natural way to farm a handful of grains), it is extremely specific to the authors location. Regardless, there is a lot of thought provoking ideas in this book.

Bonk: The Curious Coupling of Science and Sex – Mary Roach
Where to start with this one. I guess the first thing to get out of the way is that it is all about penises and vaginas, for the most part. Following the style of the previous Mary Roach book I read, it digs into the history of the science and research of sex, sprinkling in humor here and there. I enjoy the structure of the two I have read so far, so I think I’ll end up reading the rest of this authors library.

Ten Arguments for Deleting Your Social Media Accounts Right Now – Jaron Lanier
The first thing I want to say is, this is what I expected of “How to Do Nothing”. In comparison, this book is a much faster read and has actual content, not just anecdotes and excessive depth into unrelated topics. Jaron touches on the effects of social media on himself and others, the business model behind social media companies, and the potential dangers of allowing them to continue to operate how they currently do. His view and perspective due to his history in “tech” makes a lot of these concerns and points a bit more impactful to me personally. I look forward to reading more from him.

The Coddling of the American Mind – Greg Lukianoff and Jonathan Haidt
First and foremost, parents of non-adult children, read this book now. Read the whole thing. This book covers some pretty big issues still going on in 2020. It covers some pretty scary-when-you-think-about-it patterns arising in the past 5-8 years in schools/children and how they are impacting society as a whole. Additionally, it offers resources for further reading and potential solutions for these issues.

1984 – George Orwell
So, this is a re-read. I am going to make this an “every five year” read, I think. There isn’t much to say about this book that hasn’t been said or thought already. I feel that it is still just as important to read today as it was the last time I read it, which was maybe 10 years ago. If you haven’t read this, read it. Then read Brave New World and Animal Farm.

Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World – Joseph Menn
This was a really fun read into the history of the cDc and other associated groups of the time. While there was a lot of cool stories and information to read, I felt it was really scattered. I often asked myself “wait, when is this happening?” while reading through it. If you exclude the first and last parts of the book, it feels like a solid retelling of history. With those two parts taken into account, it somewhat feels like a “coming out” story for Beto O’Rourke. I’m not sure if I’m reading an advertisement or not. Regardless, if you have any interest in the cDc, it is worth the read.

The Dead Sea Scrolls and the Christian Myth – John Marco Allegro
Preface: I know nothing about Christianity or much about religion in general. To me, this book points out that the bible is made up of several games of telephone, a bit of bad translation, and a sprinkle of tweaks to control the populous. I did have a hard time deciphering some of the language used in excerpts of various religious texts, mostly due to lack of motivation to reread them. The commentary by the author is much more the focus of my purpose for reading this. I am impressed by the work put into the translations of the scrolls/texts the author had access to and the analysis and comparison of all the religious texts cited. I feel that it is a net positive for the world to have someone who will put the effort into working with artifacts like the Dead Sea Scrolls and actually publish his work.

And with that, I finished my previously posted list of books, as well as an additional few. Since it is early October as I’m writing this, I guess there will be a part three to this series. Extra credit, so to speak.

2020 Book “Reviews” – Part One

As I had mentioned in my “2020 Reading List” post, I wanted to try to write some small reviews or thoughts about the books I’ve read throughout the year.

UFOs: Generals, Pilots, and Government Officials Go on the Record – Leslie Kean
A collection of interesting stories/events/etc from reliable witnesses. It was written with a lot of passion and dedication to the truth with no reliance on “little green men” being the answer. I recommend this for anyone interested in the topic of UFOs or maybe those who still think they are a thing of science fiction.

How to Do Nothing: Resisting the Attention Economy – Jenny Odell
To be straight forward, I felt like this was a waste of time to read. It feels more like the author’s journal over the course of her discovering how to deal with the “Attention Economy” rather than a guide or tutorial. Reading it to completion is one way to “do nothing”.

Woke: A Guide to Social Justice – Titania McGrath
It may not need to be said, but this is 100% satire. While it can be hilarious at times, providing tons of good “lines”, some of the “filler” is just ridiculous statements lacking a lot of thought. It is very short and worth hour or two read.

Animal Farm – George Orwell
I really should have read this a long time ago, as it was an assigned reading in high school. I didn’t want to read, what I thought, was a children’s book and just read the Sparknotes on it. Well, I’m making up for it now. It was an interesting quick read but felt lacking in effort or quality compared to the other George Orwell works I’ve read. I feel that it is one of the important books, alongside books like “1984”, “Lord of the Flies”, and “Fahrenheit 451”.

The Metamorphosis – Franz Kafka
My first thought when I finished this was “What did I just read?” It felt like someone’s anxiety ridden fever dream. That someone, in this story, is Gregor. A man who is overworking himself to near death in attempt to keep his “poor” family financially stable. However, in this book, death comes in the form of being transformed into a beetle. While that, in any other story, could be a spoiler, this is page one stuff. It is clear that the author is very familiar with anxious thoughts, as this story is example after example of over-analyzing each situation and Gregor’s constant concern with his family’s financial well being. While this is a short read, I think there are plenty of other books that tell the story just as well and in a much more interesting, modern, and realistic way.

Notes from Underground – Fyodor Dostoevsky
Well, this is a roller coaster. A roller coaster that makes you feel like you learned something afterward. I am impressed with the perspective (that may not be the right word) that this story is told from, which I think is what I am supposed to get out of it. I do feel like I need to read it again. With how short it is, I don’t see that being a problem.

12 Rules for Life: An Antidote to Chaos – Jordan Peterson
I enjoyed this book. While reading it, my internal “voice” would somehow slip into the authors voice, which was hilarious and great at the same time. If you haven’t heard Jordan Peterson talk, do listen to a talk or two of his and I’m sure you will experience the same thing. While parts of it get a little heavy on religious subjects, it never feels preachy or like someone is trying to convert me. Although some chapters feel like they are meandering far away from the “topic” of the chapter, they find its way back once you finally see the bigger picture. Overall, its really good.

Count Zero – William Gibson
I LOVED IT. I loved it just like I loved Neuromancer. William Gibson is great world-weaver. Although there are three distinct stories told through this book, they feel more like tools used to flesh out an amazing cyberpunk world. This is the second of three books in the Sprawl trilogy and it saddens me that I am almost done with them. Mona Lisa Overdrive is next and the reading that will be bittersweet.

The Hardware Hacker: Adventures in Making and Breaking Hardware – bunnie
An interesting collection of adventures in the world of electronics manufacturing and the supply chain involved. It sometimes feels like a a collections of blog posts, but that is because it sort of is. Regardless, it gives a very good view inside the world of producing electronics via Chinese factories and everything related to that process. I would recommend this to anyone who has interest in PCB/electronics manufacturing or anyone who know who bunnie is.

Chaos: Charles Manson, the CIA, and the Secret History of the Sixties – Tom O’Neill
Tin foil hat time. The author starts this book with solid facts indicating some shady stuff happened during the Charles Manson/Manson Family trials. It slowly turns into some almost unbelievable theories on secret CIA projects and how they could be the “cause” of (or at least a major contributor to) the insanity that was the Manson Family. I really enjoyed this book, even if some may see it as crazy conspiracy theories. The facts that are revealed about what the CIA used to do (and probably still do) is where the “crazy” is. The information that Tom finds about how the Manson Family story was twisted to fit one lawyer’s narrative is eye opening. Just because someone ends up with the right answer, it doesn’t mean they got there the right way.

Mona Lisa Overdrive – William Gibson
Just as I predicted, bittersweet. I loved it, as I knew I would. This wraps up the Sprawl Trilogy, connecting many dots from the second book (Count Zero) with a few appearances from the first book’s (Neuromancer) cast. As with all of the Trilogy, the multiple story lines all come together at the end. However, while randomly thinking about what I read, I start to realize small connected details I missed when reading. Without spoiling much, the overarching story of the trilogy, with each story line being orchestrated to achieve one major goal, is awesome. I am going to miss this trilogy.

A Scanner Darkly – Philip K. Dick
At first, this seemed like a it was going to be somewhat of a “film noir” kind of cop story. However, it slowly turned into a drug-crazed recalling of the life of a group of addicts, including all the delusion and paranoia you can imagine. A little over halfway through the book, I honestly started to get somewhat confused with what was going on. Then, without trying to spoil much, a scene in which a cop reviews some surveillance footage came to the same conclusion as I did cleared that up. “WHAT is happening here?” I felt a little better then. It spirals into a bit more chaos from that point and ends with an all too real “well damn, that sucks” kind of ending. Some of the lingo/slang makes it feel somewhat dated. We have changed a lot since the 70s. But, the story is all too relatable. Don’t do drugs kids.

Slaughterhouse-Five – Kurt Vonnegut
I felt like I should have read this in high-school. Judging by the depth and length of the Wikipedia article, I think I am right in feeling that way. Even though it was probably not intended to be, it seems to be a book used for teaching literature classes. While there is humor in the commentary of the stories told throughout the book, I don’t know if it hasn’t aged well or I am just not into it. I’m glad I have read it finally, but I feel like its potential impact didn’t land.

LSD My Problem Child – Albert Hofmann
This was an extremely interesting read. Albert Hofmann walks the reader through his discoveries of some of the most powerful psychedelics, some of which I was not aware of him finding, his view on the usefulness of them, and hand picked anecdotes of the positive and negative impacts they have made. While his passion and respect for the substances is made clear, it is done in a very modest way, which I’m sure is testament to his personality and intelligence. I was ready for a little more of a chaotic story, but I’m glad it wasn’t.

I’ve been writing these throughout the year as I finish reading each book. I decided that I would finally post this since it is about half way through the year. I’ll do another post at the end of the year with the rest of what I have read. I realized that I was making a pretty big dent in my list early on, so I have been adding more and just reading new things that I stumble upon.

2020 Reading List

To hold my self a bit more accountable to finish my reading list for 2020, I thought I would post it publicly. Maybe I’ll post a little review of each book at the end of the year or maybe as I go. A few of these are going to be a re-read, as I feel its time to remind myself how important they are. These aren’t in any specific order and I may add a few more throughout the year.

  • UFOs: Generals, Pilots, and Government Officials Go on the Record – Leslie Kean
  • How to Do Nothing: Resisting the Attention Economy – Jenny Odell
  • Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World – Joseph Menn
  • 1984 – George Orwell
  • Animal Farm – George Orwell
  • The Dead Sea Scrolls and the Christian Myth – John Allegro
  • The Metamorphosis – Franz Kafka
  • The Hardware Hacker: Adventures in Making and Breaking Hardware – bunnie
  • 12 Rules for Life: An Antidote to Chaos – Jordan Peterson
  • LSD My Problem Child: Reflections on Sacred Drugs, Mysticism and Science – Albert Hoffman
  • Spook: Science Tackles the Afterlife – Mary Roach
  • Woke: A Guide to Social Justice – Titania McGrath
  • Notes from Underground – Fyodor Dostoevsky
  • Slaughterhouse-Five – Kurt Vonnegut
  • Count Zero – William Gibson
  • The One-Straw Revolution: An Introduction to Natural Farming – Masanobu Fukuoka

Unifi Kali Key?

I have used UniFi/Ubiquiti network products for quiet some time now. I’ve deployed their hardware at many past customers and used it for most of my home network. Recently, I had to manually update the firmware on my Cloud Key via a shell and did some poking around on it. It seems to just be an ARM device with Debian and some software installed. Since it accepts POE for power and looks pretty innocuous in a network rack, I thought it would be an interesting device to get some of the Kali tool-set to run on.

To start off, here is a link to the official product page. This device is a purpose built “server”, which runs Ubiquiti’s UniFi controller software, is powered over POE, has an SD card slot, and has a simple web interface for managing the device itself. Ubiquiti offers a “cloud” management system as well, allowing network management over the Internet, hence the name Cloud Key. As for hardware specs, it has 2Gb of RAM, 16Gb onboard MMC storage, and a quad-core ARM CPU. There has been some hardware revisions, it seems, and I believe what I have here is a third generation, which includes USB C for external power and a physical power button.

After powering it up and getting SSHed in, I started snooping around the Debian install.

root@UniFi-CloudKey:~# uname -a
Linux UniFi-CloudKey 3.10.20-ubnt-mtk #2 SMP PREEMPT Mon Jan 8 12:40:11 PST 2018 armv7l GNU/Linux
root@UniFi-CloudKey:~# lspci
pcilib: Cannot open /proc/bus/pci
lspci: Cannot find any working access method.
root@UniFi-CloudKey:~# lscpu
Architecture:          armv7l
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    1
Core(s) per socket:    4
Socket(s):             1
CPU max MHz:           1300.0000
CPU min MHz:           598.0000
root@UniFi-CloudKey:~# lsblk
NAME         MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
mmcblk0rpmb  179:96   0    4M  0 disk
mmcblk0boot0 179:32   0    4M  1 disk
mmcblk0boot1 179:64   0    4M  1 disk
mmcblk0      179:0    0 14.7G  0 disk
|-mmcblk0p1  179:1    0  512K  0 part
|-mmcblk0p2  179:2    0  256K  0 part
|-mmcblk0p3  179:3    0  256K  0 part
|-mmcblk0p4  179:4    0   32M  0 part
|-mmcblk0p5  179:5    0   32M  0 part
|-mmcblk0p6  179:6    0    1G  0 part /mnt/.rofs
|-mmcblk0p7  179:7    0    3G  0 part /mnt/.rwfs
`-mmcblk0p8  179:8    0 10.6G  0 part /srv
mmcblk1      179:128  0  7.4G  0 disk
`-mmcblk1p1  179:129  0  7.4G  0 part /data
mtdblock0     31:0    0   64K  1 disk
mtdblock1     31:1    0  960K  0 disk
root@UniFi-CloudKey:~# free -m
             total       used       free     shared    buffers     cached
Mem:          2017        715       1302          5        124        420
-/+ buffers/cache:        170       1847
Swap:            0          0          0
root@UniFi-CloudKey:~# df -h
Filesystem                     Size  Used Avail Use% Mounted on
aufs-root                      2.9G  354M  2.6G  13% /
udev                            10M     0   10M   0% /dev
tmpfs                          404M  396K  404M   1% /run
/dev/disk/by-label/userdata    2.9G  354M  2.6G  13% /mnt/.rwfs
/dev/disk/by-partlabel/rootfs  291M  291M     0 100% /mnt/.rofs
tmpfs                         1009M     0 1009M   0% /dev/shm
tmpfs                          5.0M     0  5.0M   0% /run/lock
tmpfs                         1009M     0 1009M   0% /sys/fs/cgroup
tmpfs                         1009M     0 1009M   0% /tmp
/dev/mmcblk0p8                  11G  137M   11G   2% /srv
/dev/mmcblk1p1                 7.2G   17M  7.2G   1% /data
root@UniFi-CloudKey:~# apt list --installed
Listing... Done
acl/oldstable,now 2.2.52-2 armhf [installed]
adduser/oldstable,now 3.113+nmu3 all [installed]
apt/oldstable,oldstable,now 1.0.9.8.4 armhf [installed]
apt-transport-https/oldstable,oldstable,now 1.0.9.8.4 armhf [installed]
apt-utils/oldstable,oldstable,now 1.0.9.8.4 armhf [installed]
aufs-tools/oldstable,now 1:3.2+20130722-1.1 armhf [installed]
base-files/now 8+deb8u10 armhf [installed,upgradable to: 8+deb8u11]
base-passwd/oldstable,now 3.5.37 armhf [installed]
bash/oldstable,now 4.3-11+deb8u1 armhf [installed]
binutils/oldstable,now 2.25-5+deb8u1 armhf [installed]
bluez/oldstable,oldstable,now 5.23-2+deb8u1 armhf [installed]
bsdutils/oldstable,now 1:2.25.2-6 armhf [installed]
busybox/oldstable,now 1:1.22.0-9+deb8u4 armhf [installed]
busybox-syslogd/oldstable,now 1:1.22.0-9+deb8u4 all [installed]
ca-certificates/oldstable,now 20141019+deb8u4 all [installed]
cloudkey-webui/now 2.0.10-1 all [installed,local]
coreutils/oldstable,now 8.23-4 armhf [installed]
cpio/oldstable,oldstable,now 2.11+dfsg-4.1+deb8u1 armhf [installed]
cpufrequtils/oldstable,now 008-1 armhf [installed]
cron/oldstable,now 3.0pl1-127+deb8u1 armhf [installed]
cron-apt/oldstable,now 0.9.2 all [installed]
curl/oldstable,oldstable,now 7.38.0-4+deb8u11 armhf [installed]
dash/oldstable,now 0.5.7-4+b1 armhf [installed]
dbus/oldstable,now 1.8.22-0+deb8u1 armhf [installed]
debconf/oldstable,now 1.5.56+deb8u1 all [installed]
debconf-i18n/oldstable,now 1.5.56+deb8u1 all [installed]
debian-archive-keyring/oldstable,now 2017.5~deb8u1 all [installed]
debianutils/oldstable,now 4.4+b1 armhf [installed]
dialog/oldstable,now 1.2-20140911-1 armhf [installed]
diffutils/oldstable,now 1:3.3-1+b1 armhf [installed]
dmeventd/oldstable,now 2:1.02.90-2.2+deb8u1 armhf [installed]
dmsetup/oldstable,now 2:1.02.90-2.2+deb8u1 armhf [installed]
dpkg/oldstable,now 1.17.27 armhf [installed]
e2fslibs/oldstable,now 1.42.12-2+b1 armhf [installed]
e2fsprogs/oldstable,now 1.42.12-2+b1 armhf [installed]
ethtool/oldstable,now 1:3.16-1 armhf [installed]
findutils/oldstable,now 4.4.2-9+b1 armhf [installed]
firmware-atheros/oldstable,now 0.43 all [installed]
freeradius/oldstable,oldstable,now 2.2.5+dfsg-0.2+deb8u1 armhf [installed]
freeradius-common/oldstable,oldstable,now 2.2.5+dfsg-0.2+deb8u1 all [installed]
freeradius-ldap/oldstable,oldstable,now 2.2.5+dfsg-0.2+deb8u1 armhf [installed]
freeradius-utils/oldstable,oldstable,now 2.2.5+dfsg-0.2+deb8u1 armhf [installed]
gcc-4.8-base/oldstable,now 4.8.4-1 armhf [installed]
gcc-4.9-base/oldstable,oldstable,now 4.9.2-10+deb8u1 armhf [installed]
gnupg/oldstable,oldstable,now 1.4.18-7+deb8u5 armhf [installed]
gpgv/oldstable,oldstable,now 1.4.18-7+deb8u5 armhf [installed]
grep/oldstable,now 2.20-4.1 armhf [installed]
gzip/oldstable,now 1.6-4 armhf [installed]
hostname/oldstable,now 3.15 armhf [installed]
htop/oldstable,now 1.0.3-1 armhf [installed]
init/oldstable,now 1.22 armhf [installed]
init-system-helpers/oldstable,now 1.22 all [installed]
initramfs-tools/oldstable,now 0.120+deb8u3 all [installed]
initscripts/oldstable,now 2.88dsf-59 armhf [installed]
insserv/oldstable,now 1.14.0-5 armhf [installed]
iperf/oldstable,now 2.0.5+dfsg1-2 armhf [installed]
iproute/oldstable,now 1:3.16.0-2 all [installed]
iproute2/oldstable,now 3.16.0-2 armhf [installed]
iptables/oldstable,now 1.4.21-2+b1 armhf [installed]
iputils-ping/oldstable,now 3:20121221-5+b2 armhf [installed]
jsvc/oldstable,now 1.0.15-6+deb8u1 armhf [installed]
klibc-utils/oldstable,now 2.0.4-2 armhf [installed]
kmod/oldstable,now 18-3 armhf [installed]
less/oldstable,now 458-3 armhf [installed]
libacl1/oldstable,now 2.2.52-2 armhf [installed]
libapparmor1/oldstable,now 2.9.0-3 armhf [installed]
libapt-inst1.5/oldstable,oldstable,now 1.0.9.8.4 armhf [installed]
libapt-pkg4.12/oldstable,oldstable,now 1.0.9.8.4 armhf [installed]
libasound2/oldstable,now 1.0.28-1 armhf [installed]
libasound2-data/oldstable,now 1.0.28-1 all [installed]
libattr1/oldstable,now 1:2.4.47-2 armhf [installed]
libaudit-common/oldstable,now 1:2.4-1 all [installed]
libaudit1/oldstable,now 1:2.4-1+b1 armhf [installed]
libblkid1/oldstable,now 2.25.2-6 armhf [installed]
libboost-filesystem1.55.0/oldstable,now 1.55.0+dfsg-3 armhf [installed]
libboost-program-options1.55.0/oldstable,now 1.55.0+dfsg-3 armhf [installed]
libboost-system1.55.0/oldstable,now 1.55.0+dfsg-3 armhf [installed]
libboost-thread1.55.0/oldstable,now 1.55.0+dfsg-3 armhf [installed]
libbsd0/oldstable,now 0.7.0-2 armhf [installed]
libbz2-1.0/oldstable,now 1.0.6-7+b3 armhf [installed]
libc-bin/oldstable,oldstable,now 2.19-18+deb8u10 armhf [installed]
libc6/oldstable,oldstable,now 2.19-18+deb8u10 armhf [installed]
libcap-ng0/oldstable,now 0.7.4-2 armhf [installed]
libcap2/oldstable,now 1:2.24-8 armhf [installed]
libcap2-bin/oldstable,now 1:2.24-8 armhf [installed]
libcomerr2/oldstable,now 1.42.12-2+b1 armhf [installed]
libcommons-daemon-java/oldstable,now 1.0.15-6+deb8u1 all [installed]
libcpufreq0/oldstable,now 008-1 armhf [installed]
libcryptsetup4/oldstable,now 2:1.6.6-5 armhf [installed]
libcurl3/oldstable,oldstable,now 7.38.0-4+deb8u11 armhf [installed]
libcurl3-gnutls/oldstable,oldstable,now 7.38.0-4+deb8u11 armhf [installed]
libdb5.3/oldstable,now 5.3.28-9+deb8u1 armhf [installed]
libdbus-1-3/oldstable,now 1.8.22-0+deb8u1 armhf [installed]
libdebconfclient0/oldstable,now 0.192 armhf [installed]
libdevmapper-event1.02.1/oldstable,now 2:1.02.90-2.2+deb8u1 armhf [installed]
libdevmapper1.02.1/oldstable,now 2:1.02.90-2.2+deb8u1 armhf [installed]
libedit2/oldstable,now 3.1-20140620-2 armhf [installed]
libevent-2.0-5/oldstable,oldstable,now 2.0.21-stable-2+deb8u1 armhf [installed]
libexpat1/oldstable,oldstable,now 2.1.0-6+deb8u4 armhf [installed]
libffi6/oldstable,oldstable,now 3.1-2+deb8u1 armhf [installed]
libfreeradius2/oldstable,oldstable,now 2.2.5+dfsg-0.2+deb8u1 armhf [installed]
libgcc1/oldstable,oldstable,now 1:4.9.2-10+deb8u1 armhf [installed]
libgcrypt20/oldstable,now 1.6.3-2+deb8u5 armhf [installed]
libgdbm3/oldstable,now 1.8.3-13.1 armhf [installed]
libglib2.0-0/oldstable,now 2.42.1-1+b1 armhf [installed]
libgmp10/oldstable,now 2:6.0.0+dfsg-6 armhf [installed]
libgnutls-deb0-28/oldstable,now 3.3.8-6+deb8u7 armhf [installed]
libgnutls-openssl27/oldstable,now 3.3.8-6+deb8u7 armhf [installed]
libgpg-error0/oldstable,now 1.17-3 armhf [installed]
libgssapi-krb5-2/oldstable,now 1.12.1+dfsg-19+deb8u4 armhf [installed]
libhogweed2/oldstable,now 2.7.1-5+deb8u2 armhf [installed]
libicu52/oldstable,oldstable,now 52.1-8+deb8u7 armhf [installed]
libidn11/oldstable,now 1.29-1+deb8u3 armhf [installed]
libjson-c2/oldstable,now 0.11-4 armhf [installed]
libk5crypto3/oldstable,now 1.12.1+dfsg-19+deb8u4 armhf [installed]
libkeyutils1/oldstable,now 1.5.9-5+b1 armhf [installed]
libklibc/oldstable,now 2.0.4-2 armhf [installed]
libkmod2/oldstable,now 18-3 armhf [installed]
libkrb5-3/oldstable,now 1.12.1+dfsg-19+deb8u4 armhf [installed]
libkrb5support0/oldstable,now 1.12.1+dfsg-19+deb8u4 armhf [installed]
libldap-2.4-2/oldstable,now 2.4.40+dfsg-1+deb8u3 armhf [installed,upgradable to: 2.4.40+dfsg-1+deb8u4]
liblocale-gettext-perl/oldstable,now 1.05-8+b1 armhf [installed]
liblockfile-bin/oldstable,now 1.09-6 armhf [installed]
libltdl7/oldstable,now 2.4.2-1.11 armhf [installed]
liblvm2cmd2.02/oldstable,now 2.02.111-2.2+deb8u1 armhf [installed]
liblzma5/oldstable,now 5.1.1alpha+20120614-2+b3 armhf [installed]
liblzo2-2/oldstable,now 2.08-1.2 armhf [installed]
libmagic1/now 1:5.22+15-2+deb8u3 armhf [installed,upgradable to: 1:5.22+15-2+deb8u4]
libmount1/oldstable,now 2.25.2-6 armhf [installed]
libncurses5/now 5.9+20140913-1+deb8u2 armhf [installed,upgradable to: 5.9+20140913-1+deb8u3]
libncursesw5/now 5.9+20140913-1+deb8u2 armhf [installed,upgradable to: 5.9+20140913-1+deb8u3]
libnettle4/oldstable,now 2.7.1-5+deb8u2 armhf [installed]
libnfnetlink0/oldstable,now 1.0.1-3 armhf [installed]
libnl-3-200/oldstable,now 3.2.24-2 armhf [installed]
libnl-route-3-200/oldstable,now 3.2.24-2 armhf [installed]
libonig2/oldstable,now 5.9.5-3.2+deb8u1 armhf [installed]
libopts25/oldstable,now 1:5.18.4-3 armhf [installed]
libp11-kit0/oldstable,now 0.20.7-1 armhf [installed]
libpam-modules/oldstable,now 1.1.8-3.1+deb8u2+b1 armhf [installed]
libpam-modules-bin/oldstable,now 1.1.8-3.1+deb8u2+b1 armhf [installed]
libpam-runtime/oldstable,now 1.1.8-3.1+deb8u2 all [installed]
libpam-usermapper/now 0.1 armhf [installed,local]
libpam0g/oldstable,now 1.1.8-3.1+deb8u2+b1 armhf [installed]
libparted2/oldstable,now 3.2-7 armhf [installed]
libpcap0.8/oldstable,now 1.6.2-2 armhf [installed]
libpci3/oldstable,now 1:3.2.1-3 armhf [installed]
libpcre3/oldstable,now 2:8.35-3.3+deb8u4 armhf [installed]
libpcrecpp0/oldstable,now 2:8.35-3.3+deb8u4 armhf [installed]
libperl4-corelibs-perl/oldstable,now 0.003-1 all [installed]
libperl5.20/oldstable,oldstable,now 5.20.2-3+deb8u11 armhf [installed]
libpopt0/oldstable,now 1.16-10 armhf [installed]
libprocps3/oldstable,oldstable,now 2:3.3.9-9+deb8u1 armhf [installed]
libpsl0/oldstable,now 0.5.1-1 armhf [installed]
libpython-stdlib/oldstable,now 2.7.9-1 armhf [installed]
libpython2.7/oldstable,now 2.7.9-2+deb8u1 armhf [installed]
libpython2.7-minimal/oldstable,now 2.7.9-2+deb8u1 armhf [installed]
libpython2.7-stdlib/oldstable,now 2.7.9-2+deb8u1 armhf [installed]
libqdbm14/oldstable,now 1.8.78-5+b1 armhf [installed]
libreadline5/oldstable,now 5.2+dfsg-2 armhf [installed]
libreadline6/oldstable,now 6.3-8+b3 armhf [installed]
librtmp1/oldstable,oldstable,now 2.4+20150115.gita107cef-1+deb8u1 armhf [installed]
libsasl2-2/oldstable,oldstable,now 2.1.26.dfsg1-13+deb8u1 armhf [installed]
libsasl2-modules-db/oldstable,oldstable,now 2.1.26.dfsg1-13+deb8u1 armhf [installed]
libselinux1/oldstable,now 2.3-2 armhf [installed]
libsemanage-common/oldstable,now 2.3-1 all [installed]
libsemanage1/oldstable,now 2.3-1+b1 armhf [installed]
libsepol1/oldstable,now 2.3-2 armhf [installed]
libslang2/oldstable,now 2.3.0-2 armhf [installed]
libsmartcols1/oldstable,now 2.25.2-6 armhf [installed]
libsnappy1/oldstable,now 1.1.2-3 armhf [installed]
libsqlite3-0/oldstable,now 3.8.7.1-1+deb8u2 armhf [installed]
libss2/oldstable,now 1.42.12-2+b1 armhf [installed]
libssh2-1/oldstable,oldstable,now 1.4.3-4.1+deb8u1 armhf [installed]
libssl1.0.0/oldstable,now 1.0.1t-1+deb8u9 armhf [installed]
libstdc++6/oldstable,oldstable,now 4.9.2-10+deb8u1 armhf [installed]
libsystemd0/oldstable,now 215-17+deb8u7 armhf [installed]
libtasn1-6/oldstable,oldstable,now 4.2-3+deb8u3 armhf [installed]
libtext-charwidth-perl/oldstable,now 0.04-7+b4 armhf [installed]
libtext-iconv-perl/oldstable,now 1.7-5+b2 armhf [installed]
libtext-wrapi18n-perl/oldstable,now 0.06-7 all [installed]
libtinfo5/now 5.9+20140913-1+deb8u2 armhf [installed,upgradable to: 5.9+20140913-1+deb8u3]
libudev1/oldstable,now 215-17+deb8u7 armhf [installed]
libusb-0.1-4/oldstable,now 2:0.1.12-25 armhf [installed]
libusb-1.0-0/oldstable,now 2:1.0.19-1 armhf [installed]
libustr-1.0-1/oldstable,now 1.0.4-3+b2 armhf [installed]
libuuid1/oldstable,now 2.25.2-6 armhf [installed]
libv8-3.14.5/oldstable,now 3.14.5.8-8.1 armhf [installed]
libwrap0/oldstable,now 7.6.q-25 armhf [installed]
libx11-6/oldstable,now 2:1.6.2-3+deb8u1 armhf [installed]
libx11-data/oldstable,now 2:1.6.2-3+deb8u1 all [installed]
libxau6/oldstable,now 1:1.0.8-1 armhf [installed]
libxcb1/oldstable,now 1.10-3+b1 armhf [installed]
libxdmcp6/oldstable,now 1:1.1.1-1+b1 armhf [installed]
libxext6/oldstable,now 2:1.3.3-1 armhf [installed]
libxi6/oldstable,now 2:1.7.4-1+deb8u1 armhf [installed]
libxml2/oldstable,oldstable,now 2.9.1+dfsg1-5+deb8u6 armhf [installed]
libxrender1/oldstable,now 1:0.9.8-1+b1 armhf [installed]
libxtables10/oldstable,now 1.4.21-2+b1 armhf [installed]
libxtst6/oldstable,now 2:1.2.2-1+deb8u1 armhf [installed]
linux-image-3.10.20-ubnt-mtk/now 2.1 armhf [installed,local]
login/oldstable,oldstable,now 1:4.2-3+deb8u4 armhf [installed]
logrotate/oldstable,now 3.8.7-1+b1 armhf [installed]
lsb-base/oldstable,now 4.1+Debian13+nmu1 all [installed]
lsb-release/oldstable,now 4.1+Debian13+nmu1 all [installed]
lsof/oldstable,now 4.86+dfsg-1 armhf [installed]
lvm2/oldstable,now 2.02.111-2.2+deb8u1 armhf [installed]
mawk/oldstable,now 1.3.3-17 armhf [installed]
mime-support/oldstable,now 3.58 all [installed]
mongodb-clients/oldstable,now 1:2.4.10-5+deb8u1 armhf [installed]
mongodb-server/oldstable,now 1:2.4.10-5+deb8u1 armhf [installed]
mount/oldstable,now 2.25.2-6 armhf [installed]
mtd-utils/oldstable,now 1:1.5.1-1 armhf [installed]
multiarch-support/oldstable,oldstable,now 2.19-18+deb8u10 armhf [installed]
ncurses-base/now 5.9+20140913-1+deb8u2 all [installed,upgradable to: 5.9+20140913-1+deb8u3]
ncurses-bin/now 5.9+20140913-1+deb8u2 armhf [installed,upgradable to: 5.9+20140913-1+deb8u3]
net-tools/oldstable,now 1.60-26+b1 armhf [installed]
netbase/oldstable,now 5.3 all [installed]
nginx-common/oldstable,oldstable,now 1.6.2-5+deb8u5 all [installed]
nginx-light/oldstable,oldstable,now 1.6.2-5+deb8u5 armhf [installed]
openssh-client/oldstable,now 1:6.7p1-5+deb8u5 armhf [installed]
openssh-server/oldstable,now 1:6.7p1-5+deb8u5 armhf [installed]
openssh-sftp-server/oldstable,now 1:6.7p1-5+deb8u5 armhf [installed]
openssl/oldstable,now 1.0.1t-1+deb8u9 armhf [installed]
oracle-java8-jdk/now 8u151 armhf [installed,local]
parted/oldstable,now 3.2-7 armhf [installed]
passwd/oldstable,oldstable,now 1:4.2-3+deb8u4 armhf [installed]
pciutils/oldstable,now 1:3.2.1-3 armhf [installed]
perl/oldstable,oldstable,now 5.20.2-3+deb8u11 armhf [installed]
perl-base/oldstable,oldstable,now 5.20.2-3+deb8u11 armhf [installed]
perl-modules/oldstable,oldstable,now 5.20.2-3+deb8u11 all [installed]
php5-cli/oldstable,now 5.6.36+dfsg-0+deb8u1 armhf [installed]
php5-common/oldstable,now 5.6.36+dfsg-0+deb8u1 armhf [installed]
php5-fpm/oldstable,now 5.6.36+dfsg-0+deb8u1 armhf [installed]
php5-json/oldstable,now 1.3.6-1 armhf [installed]
procps/oldstable,oldstable,now 2:3.3.9-9+deb8u1 armhf [installed]
psmisc/oldstable,now 22.21-2 armhf [installed]
python/oldstable,now 2.7.9-1 armhf [installed]
python-minimal/oldstable,now 2.7.9-1 armhf [installed]
python2.7/oldstable,now 2.7.9-2+deb8u1 armhf [installed]
python2.7-minimal/oldstable,now 2.7.9-2+deb8u1 armhf [installed]
readline-common/oldstable,now 6.3-8 all [installed]
rfkill/oldstable,now 0.5-1 armhf [installed]
sed/oldstable,now 4.2.2-4+deb8u1 armhf [installed]
sensible-utils/oldstable,oldstable,now 0.0.9+deb8u1 all [installed]
ssl-cert/oldstable,now 1.0.35 all [installed]
startpar/oldstable,now 0.59-3 armhf [installed]
sudo/oldstable,now 1.8.10p3-1+deb8u5 armhf [installed]
systemd/oldstable,now 215-17+deb8u7 armhf [installed]
systemd-networkd-fallbacker/now 0.3 armhf [installed,local]
systemd-sysv/oldstable,now 215-17+deb8u7 armhf [installed]
sysv-rc/oldstable,now 2.88dsf-59 all [installed]
sysvinit-utils/oldstable,now 2.88dsf-59 armhf [installed]
tar/oldstable,oldstable,now 1.27.1-2+deb8u1 armhf [installed]
tcpdump/oldstable,oldstable,now 4.9.2-1~deb8u1 armhf [installed]
tzdata/now 2017c-0+deb8u1 all [installed,upgradable to: 2018e-0+deb8u1]
ubnt-archive-keyring/now 1.0-1 all [installed,local]
ubnt-freeradius-setup/now 0.1 all [installed,local]
ubnt-mtk-initramfs/now 1.1 all [installed,local]
ubnt-tools/now 0.9.7-1 armhf [installed,local]
ubnt-unifi-setup/now 0.2.1 all [installed,local]
ucf/oldstable,now 3.0030 all [installed]
udev/oldstable,now 215-17+deb8u7 armhf [installed]
unifi/now 5.6.29-10253 all [installed,upgradable to: 5.8.28-11052-1]
usbutils/oldstable,now 1:007-2 armhf [installed]
util-linux/oldstable,now 2.25.2-6 armhf [installed]
vim-common/oldstable,now 2:7.4.488-7+deb8u3 armhf [installed]
vim-tiny/oldstable,now 2:7.4.488-7+deb8u3 armhf [installed]
vlan/oldstable,now 1.9-3.2 armhf [installed]
wget/oldstable,oldstable,now 1.16-1+deb8u5 armhf [installed]
x11-common/oldstable,now 1:7.7+7 all [installed]
xz-utils/oldstable,now 5.1.1alpha+20120614-2+b3 armhf [installed]
zlib1g/oldstable,now 1:1.2.8.dfsg-2+b1 armhf [installed]

I eventually found some interesting Ubnt-* tools. These are used to do some firmware and service related tasks. It looks like some features are duplicated in different tools.

root@UniFi-CloudKey:~# ubnt-unifi-setup
Usage: /usr/sbin/ubnt-unifi-setup start|stop
root@UniFi-CloudKey:~# ubnt-systool
Ubiquiti system tools, v1.0
Usage: /sbin/ubnt-systool  []
  supported commands:
     timezone 
     hostname 
     network  
     fwupdate 
     fwupdatestatus
     resetbutton <true|false>
     pwcheck
     chpasswd
     adminname 
     reboot
     poweroff
     reset2defaults
     cleanup
     led          
root@UniFi-CloudKey:~# ubnt-tools
Ubiquiti system tools
Copyright 2006-2015, Ubiquiti Networks, Inc. <support@ubnt.com>

This program is proprietary software; you can not redistribute it and/or modify
it without signed agreement with Ubiquiti Networks, Inc.

	bgnd
	ubnt-discover
	infctld
	pwcheck
	fwupdate
	fwinfo
	fsync
	hwaddr
	sysusermerge

With all that out of the way, I decided to try to just add the Kali repo and install something from it. First I need to install nano, I guess.

I added the Kali repo, added the gpg key for their repo, updated package lists, then tried to install metasploit.

echo "deb http://http.kali.org/kali kali-rolling main non-free contrib" >> /etc/apt/sources.list
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 7D8D0BF6
apt update
apt install metasploit-framework

And metasploit works!

With that being a success, there are a few issues that need to be addressed. First, the UniFi controller software is still running, possibly spewing packets to the network, looking for APs and switches. That, along with some other unneeded software, can easily be removed. Two, due to how the onboard MMC storage is partitioned, the root filesystem only has about 1.5G left after the MSF install. I’m sure I can find a way to use other partitions or SD card for storage. I’ll work on that later, since its not breaking anything yet. Three, I need to set up an automatic reverse shell, since the intent is to not be logging into this thing locally. And lastly, some encrypted storage probably wouldn’t be a bad idea as well.

Part two is coming soon…