{"id":811,"date":"2013-05-11T20:55:15","date_gmt":"2013-05-12T01:55:15","guid":{"rendered":"http:\/\/zitstif.no-ip.org\/?p=811"},"modified":"2015-04-16T21:27:32","modified_gmt":"2015-04-17T02:27:32","slug":"steps-toward-weaponizing-the-android-platform","status":"publish","type":"post","link":"http:\/\/zitstif.no-ip.org\/?p=811","title":{"rendered":"Steps Toward Weaponizing the Android Platform"},"content":{"rendered":"

(4\/16\/2015) – NOTE: THIS SOLUTION HAS BEEN KIND OF SUPERSEDED BY https:\/\/www.kali.org\/kali-linux-nethunter\/ , if nethunter doesn’t work for you then continue on with this post:<\/strong><\/p>\n

The mobile and tablet market have been flooded by millions upon millions of Android based devices. I wonder if Ken Thompson or Dennis Ritchie<\/a> would have ever imagined that their invention from\u00a0nearly\u00a044 years ago would have influenced the likes of the Linux kernel, \u00a0Google, Apple, and beyond. We are now in a sea of Unix-like devices that now can easily fit in individuals pockets, which have multiple core processing power and can easily access SCADA<\/a> systems with a few keystrokes. \u00a0It has never been a better time for pocket sized penetration testing devices.<\/p>\n

In this article I will be covering ways that one can turn their Android based device into a powerful pocket sized penetration testing tool. If you’re looking to do wireless sniffing or packet injection with your Android based device, this article will be of little help. (If interested please see this<\/a>, this<\/a>, this<\/a>, this<\/a>, and this<\/a>.) To do so, one needs a specific Android device that supports OTG, with a custom ROM, and you’ll most likely need an external USB wireless adapter. (Honestly, if you’re looking for a device for cracking WEP keys without any external USB wireless adapters, then I highly still recommend the Nokia N900.)<\/p>\n

(NOTE: If you’re strictly looking to do wireless sniffing, \u00a0there is AndroidPCAP<\/a> which I have tested with my Nexus 7 and a RTL8187 based wireless USB adapter.)<\/p>\n

Firstly, before progressing on towards the weaponizing of your Android device, please take the time to back up any vital information. Have a look at this<\/a>. \u00a0Reason being, is that you’ll need to root your Android based device. Depending on your device and the method of rooting, rooting your device and unlocking the bootloader can wipe your device.<\/p>\n

Setting up Kali Linux ARM Chroot on your rooted Android based device that has about 6GB of free space<\/em><\/strong><\/p>\n

1.) Install BusyBox<\/a>
\n2.) Install Terminal Emulator<\/a>
\n3.) I created a Kali Linux ARM IMG that one can easily mount and it can be downloaded here:
\nhttp:\/\/goo.gl\/qmGle<\/a>
\nhttps:\/\/archive.org\/details\/Kali.nogui.armel.zitstif.chroot.482013<\/a><\/p>\n

<\/a>kali.nogui.armel.zitstif.chroot.482013.7z<\/strong><\/p>\n

md5: d60c5a52bcea35834daecb860bd8a5c7
\nsha1: f62c2633d214de9edad1842c9209f443bcea385d<\/p>\n

kali.img<\/strong><\/p>\n

MD5: be61799f8eb2d98ff8874daaf572a1d5
\nSHA-1: f9c6a820349530350bbb902d17ae6b4a5173937c<\/p>\n

NOTE: This image gives you about 2GB of free space in the environment to play with so use with care.<\/em><\/p>\n

4.) Extract the 7z file and make sure that there’s a folder in this following location: \/sdcard\/kali
\n5.) In this folder you should have shell script named ‘kali’ and the ‘kali.img’ image file.
\n6.) To mount the kali.img file as root do this: sh \/sdcard\/kali\/kali
\n<\/em>
\nOptional:<\/em> If you want Terminal Emulator to open up and go directly to the chroot environment do as follows:
\n1.) Open up Terminal Emulator
\n2.) Go to preferences
\n3.) Tap on Initial Command
\n4.) Enter this: su -c “cd \/sdcard\/kali && sh kali”<\/em><\/p>\n

Now if you tap on Terminal Emulator, you’ll go directly to your Kali chroot environment. If you want to leave the environment and back to the Android command line, simply type exit.<\/em><\/p>\n

Optional: <\/em>If you want to access files from \/sdcard\/ from your Kali chroot envrionment, one way is to have an Openssh server on your Android device that listens on all interfaces. Then under your chroot envrionment do: mkdir \/media\/sdcard\/ <\/em>and then connect to your ssh server on your loopback interface to store the ssh key. Then you could use a script like this in your chroot environment (or even edit your .bashrc file to run it automatically):<\/p>\n

http:\/\/zitstif.no-ip.org\/mountsdcard.py<\/a> #You’ll need to edit the username and password appropriately for your situation.<\/p>\n

I should warn you that this Kali image is not setup with the idea of using a window manager or really any GUI tools. In my humble opinion to take advantage of Kali Linux, you don’t need a GUI. Using the terminal to access tools like nmap<\/em>, netcat<\/em>, w3af_console<\/em>, sqlmap, xsser,<\/em> and metasploit<\/em> will be sufficient to get one started on their penetration test.<\/p>\n

Once you’re in the Kali Linux chroot environment, please do the following:<\/p>\n

apt-get update && apt-get upgrade<\/em> && msfupdate<\/em><\/p>\n

In addition to setting up the Kali Linux chroot environment, here are a list of other tools and a quick description of each that I recommend you to install:<\/p>\n

2X Client<\/a> – Remote desktop client
\nAndFTP<\/a> – ftp\/sftp client
\nandroidVNC<\/a> – vnc viewer client
\nAndSMB<\/a> – Android Samba client
\nAnyTAG NFC Launcher<\/a> – Automate your phone by scanning NFC tags
\nAPG<\/a> – OpenGPG for Android
\nCardTest<\/a> – \u00a0Test your NFC enabled credit cards
\nChecksum<\/a> – \u00a0basically a GUI tool for md5sum and shasum tools
\nConnectBot<\/a> – powerful ssh client
\nDNS Lookup<\/a> – perform DNS and WHOIS lookups
\nDolphin Browser<\/a> – a browser that easily allows you to change your UserAgent
\nDroidSQLi<\/a> – automated MySQL injection tool
\ndSploit<\/a> – Android Network Penetration Suite
\nElectronic Pickpocket<\/a> – \u00a0wirelessly read NFC enabled cards
\nExif Viewer<\/a> – shows exif data from photos and can remove this information
\nFast notepad<\/a> – simple but useful notepad application
\nFind My Router’s Password<\/a> – title explains it all (mostly for default passwords)
\nFing<\/a> – very similar to Look@LAN tool for Windows
\nGoomanager<\/a> – \u00a0see link for more information
\nHacker’s Keyboard<\/a> – \u00a0Miss the easily accessible CTRL key? This app is for you
\nHashPass<\/a> – translate text into hashes
\nHex Editor<\/a> – \u00a0a very usable hex editor for Android
\ninSSIDer<\/a> – wireless network scanner
\nintercepter-NG<\/a> – multi-function network tool, sniffer, cookie intercepter, arp poisoner
\nIP info Detective <\/a>– find out all sorts of info on an IP address
\nIP Webcam<\/a> – turn your Android device into an IP security camera
\nNetwork Signal Info<\/a> – basically a graphical tool for iwconfig
\nNFC Reader<\/a> – used for reading various NFC technologies including some keycards
\nNFC ReTAG<\/a> – Re-use\/recycle write protected NFC Tags such as hotel key-cards, access badges, etc
\nNFC TagInfo<\/a> -another NFC reader
\nOpenVPN Connect<\/a> – open vpn client
\nOrbot<\/a> – tor on Android
\nPacket Injection<\/a> – poorman’s GUI version of scapy
\n<\/a>ProxyDroid<\/a> – use your socks5 proxy with this application
\nRoot Browser<\/a> – great file manager for Android
\nRouterpwn<\/a> – test how secure your router is
\nSandroProxy<\/a> – kind of like Webscarab
\nSecret Letter<\/a> – a \u00a0poorman’s stegonagraphy tool
\nSSHDroid<\/a> – openssh server for android
\nSupersu<\/a> – manage what programs access root functions
\nTeamviewer<\/a> – remotely control Windows, OSX, and Linux based systems
\nTerminal Emulator<\/a> – no explanation needed
\ntPacketCapture <\/a>– packet sniffer that doesn’t require root
\nVirusTotal Uploader<\/a> – test your malicious payloads
\nVoodoo OTA RootKeeper<\/a> – maintain root access even after updates
\n Wifi File Transfer<\/a> – access files on your phone from a web browser via an http server
\n WifiFinder<\/a> – simple wireless scanner
\n WiGLE Wifi wardriving <\/a>– wardriving\/warwalking application<\/p>\n

Of course this is probably not complete, but I believe this is a very good suite of tools to get one started. If you can think of any more tools or if you have any suggestions, please feel free to leave a comment below.<\/p>\n","protected":false},"excerpt":{"rendered":"

(4\/16\/2015) – NOTE: THIS SOLUTION HAS BEEN KIND OF SUPERSEDED BY https:\/\/www.kali.org\/kali-linux-nethunter\/ , if nethunter doesn’t work for you then continue on with this post: The mobile and tablet market have been flooded by millions upon millions of Android based devices. I wonder if Ken Thompson or Dennis Ritchie would have ever imagined that their … Continue reading Steps Toward Weaponizing the Android Platform<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[653,601,654,649,85,646,652,9,604,645,643,644,642,650,41,656,26,640,391,254,651,232,657,647,648,655],"class_list":["post-811","post","type-post","status-publish","format-standard","hentry","category-posts","tag-android-monitor-mode","tag-android-packet-injection","tag-android-wireless-sniffing","tag-androidpcap","tag-apple","tag-backtrack-6","tag-dennis-ritchie","tag-google","tag-google-play","tag-kali-arm","tag-kali-chroot","tag-kali-chroot-on-android","tag-kali-on-android","tag-ken","tag-linux","tag-metasploit-on-android","tag-netcat","tag-nexus-7","tag-nmap","tag-scada","tag-thompson","tag-usb","tag-w3af_onsole-on-android","tag-weaponizing-android","tag-weaponizing-the-android-platform","tag-xsser-on-android"],"_links":{"self":[{"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/posts\/811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=811"}],"version-history":[{"count":59,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/posts\/811\/revisions"}],"predecessor-version":[{"id":861,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=\/wp\/v2\/posts\/811\/revisions\/861"}],"wp:attachment":[{"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=811"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/zitstif.no-ip.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}