Skip to main content

My Phone, The File Server

I'm cleaning out my room.

There's so much stuff that could make other people happier than it makes me. If anyone is interested in a variety of things, from fancy knapsacks to Tsum Tsums to dolls, let me know.

But that's not why we're here - We're here because I found my old Moto X phone. I'm not sure why I stopped using it, but I know I replaced it with the Galaxy S5 in 2014, and eventually my mother's hand-me-down LG Stylo until I dropped it and shattered the screen.



And receiving my own LG Stylo 2 this February. If I knew I still had my Moto, I wouldn't have paid money for an upgrade (Assuming it still works on T-Mobile's networks. It should).

So I found the article - What To Do With an Old Smartphone - And besides some usual suggestions - one stood out.

Make Your Phone into a File Server.

 I picked the app FTP Server - It opens the appropriate ports on the phone and grants file access. Of course, you could probably do it a different way without the help of a third party application.

And Lo and behold;




While the default port for FTP is 21, this one is using 2221. Why? I change it to 21 to see if it still works. It doesn't, so I turn it back.

Here are the settings on the application;







It seems that we can only pick one directory to work from at a time. I took a screenshot, placed it in the appropriate folder, and simply saved it from the "server"!


I can also enable a password and username to log in;

This is a private network, so no problems. But one could probably lure people to an open file server in a public place. How could I monitor hits? 



These are the interfaces the application can listen to. PAN and Wifi make sense, but how would outside connections come through on the Loopback? Does Mobile Data have a port to listen on?

Since the phone I'm using (The Stylo 1) Does not have access to the phone network, Mobile's a moot point anyway. I could install this on my active phone, but that doesn't seem smart. I don't do sensitive business on my phone to begin with, but why allow access?

So, why does this work? Because it's in a private network. It's using a private IP address, significant to our network only.

BUT....can I upload something to it from my Macbook?


I've never used the 'Go' option on my Macbook in the five years I've had it until today. 

I can connect to the server easily, using the IP address, port, and login creds.



So, I'll take this image;


And stick it somewhere on the server. Will it show up? 
There's not an upload option in the server settings, so no. But this was certainly a fun and informative thing to play with! 

I'll be sure to use this more in the future, if I can find an option with upload capabilities.


Comments

Popular posts from this blog

Connecting IoT Devices to a Registration Server (Packet Tracer, Cisco)

In Packet Tracer, a demo software made by Cisco Systems. It certainly has changed a lot since 2016. It's almost an Olympic feat to even get started with it now, but it does look snazzy. This is for the new CCNA, that integrates, among other things, IoT and Automation, which I've worked on here before. Instructions here . I don't know if this is an aspect of "Let's make sure people are paying attention and not simply following blindly", or an oversight - The instructions indicate a Meraki Server, when a regular one is the working option here. I have to enable the IoT service on this server. Also, we assign the server an IPv4 address from a DHCP pool instead of giving it a static one. For something that handles our IoT business, perhaps that's safer; Getting a new IPv4 address every week or so is a minimal step against an intruder, but it is a step. There are no devices associated with this new server; In an earlier lab (not shown), I attached them to 'H

Securing Terraform and You Part 1 -- rego, Tfsec, and Terrascan

9/20: The open source version of Terraform is now  OpenTofu     Sometimes, I write articles even when things don't work. It's about showing a learning process.  Using IaC means consistency, and one thing you don't want to do is have 5 open S3 buckets on AWS that anyone on the internet can reach.  That's where tools such as Terrascan and Tfsec come in, where we can make our own policies and rules to be checked against our code before we init.  As this was contract work, I can't show you the exact code used, but I can tell you that this blog post by Cesar Rodriguez of Cloud Security Musings was quite helpful, as well as this one by Chris Ayers . The issue is using Rego; I found a cool VS Code Extension; Terrascan Rego Editor , as well as several courses on Styra Academy; Policy Authoring and Policy Essentials . The big issue was figuring out how to tell Terrascan to follow a certain policy; I made it, put it in a directory, and ran the program while in that directory

Building, Breaking, and Building A CRM with Retool

 I like no- or low-code solutions to things. I've often wanted to simply push a button or move some GUI around and have the code implement itself.  I've thought about building something that's like a customer relationship management (CRM) system for keeping up with my network better than my little spreadsheet where I click links and then go like something. The general idea in this CRM Development is:  To have a GUI to add people to a NRM (Network Relationship Management).       Attach it to a database (MySQL is what I went with eventually using Amazon Relational Database service, but you can use PostGRES, and probably others).     Make sure components are connected to each other in the retool interface. This video is a good start. Watching the tutorial video, heard some SQL commands and went 'Oh no 😳" before going "Wait I know basic SQL", which is good, because you'll see.  When you get set up, there's a plethora of resources you can use -- Incl