Android, OS

How to turn Android-powered device into a tool for pentesting?

The market of mobile phones and tablet computers flooded the millions of devices running Android. Sometimes I wonder, how could Ken Thompson and Dennis Ritchie imagined that their creation, which is about 44 years old, will affect the core of Linux, Google, Apple and so on. Now we are surrounded by a sea of devices with Unix-like operating systems. These devices can easily fit in your pocket, have multi-core processors and are able to gain access to the systems of SCADA in a few clicks. There was a golden time for handheld tools pentesting!

In this article, I will discuss the process of turning Android devices into a powerful pocket tool pentestera. If you want to exercise with your Android-based device to intercept and modify network traffic, this article should be useful to you. (If interested, please check out this , this , this , this and this link.) To implement his plan, it will take Android-powered device that supports OTG, with a special ROM, in addition, you will likely need an external wireless USB-adapter (if you are looking for a device to crack WEP-key that does not require an external wireless adapter, I highly recommend the use of Nokia N900).

(Note: If you want to do wireless sniffing, try the app AndroidPCAP , which I tested on my Nexus 7 and the wireless USB-based adapter RTL8187).

Before we continue the transformation of your Android-based device, you should make backup copies of all important data. Recommend a look here . Backups are necessary because Android-powered device will “rutovat” (gain administrative access), and some of the methods rootingfor certain types of devices can wipe out your data.

Installing chroot-environment Kali Linux ARM rutovannom on Android-device, which is about 6 GB of free space.

Install BusyBox
Install Terminal Emulator
I created the image of Kali Linux ARM, which can be easily mounted by downloading here:

MD5: d60c5a52bcea35834daecb860bd8a5c7
sha1: f62c2633d214de9edad1842c9209f443bcea385d


MD5: be61799f8eb2d98ff8874daaf572a1d5
SHA-1: f9c6a820349530350bbb902d17ae6b4a5173937c

Remark. Wednesday of this image gives you about 2GB of space available, so be economical.

Extract the 7z archive and make sure you have the folder at / sdcard / kali
This folder should be based on a script ‘kali’ and the image file ‘kali.img’
To mount the file kali.img, as root, run the command sh / sdcard / kali / kali
Optional: If you want to open a terminal emulator when passed on Wednesday chroot, follow these steps:

Open the Terminal Emulator
Go to settings
Select Initial Command
Enter the following: su-c “cd / sdcard / kali && sh kali”
Now, if you use terminal emulation software, you’ll be taken directly to the chroot-environment Kali. If you want to get out of the environment and return to the command line of Android, simply run the command exit.

More. If you want to have access to the files in the directory / sdcard / chroot-environment of Kali, you can configure your device server Openssh, listens on all interfaces. Then, in the chroot-environment, follow mkdir / media / sdcard /, and then connect to your ssh-server on the loopback interface to save the key ssh. After that you will be able to use (or even register in the file. Bashrc its automatic start) in chroot-like environment script # You will need to change the user name and password.

I must warn you that this is not the image of Kali was created based on the use of the window manager and general any GUI tools. In my humble opinion, the use of Kali Linux graphical interface is not required. For penetration testing will be sufficient command-line utilities like nmap, netcat, w3af_console, sqlmap, xsser, and metasploit.

Once you get into the chroot-environment Kali Linux, run the following command:

apt-get update && apt-get upgrade && msfupdate

In addition to the chroot-environment Kali Linux, I also recommend you install the tools from the following list:

  • 2X Client – Client for Remote Desktop
  • AndFTP – ftp / sftp client
  • androidVNC – vnc viewer client
  • AndSMB – Samba client for Android
  • AnyTAG NFC Launcher – automated phone by scanning NFC-tags
  • APG – OpenGPG for Android
  • CardTest – testing of credit cards with NFC support
  • Checksum – GUI tools for computing a hash md5 and sha
  • ConnectBot – Powerful ssh-client
  • DNS Lookup – Do show the DNS and WHOIS records
  • Dolphin Browser – browser that allows you to easily change the value UserAgent
  • DroidSQLi – utility to automate MySQL SQL-injection
  • dSploit – Set Network pentestinga on Android
  • Electronic Pickpocket – allows you to read credit cards with NFC-enabled via a wireless connection
  • Exif Viewer – can be cleaned and shows exif-image data
  • Fast Notepad – a simple but useful text editor
  • Find My Router’s Password – as the name suggests, picks up the router’s password (mostly from the list of default passwords)
  • Fing – equivalent Windows-utility Look @ LAN
  • Goomanager – follow the link for more information
  • Hacker’s Keyboard – Not enough easily accessible keys CTRL? This app is for you!
  • HashPass – computes a hash of the text data
  • HEX Editor – a very useful hex-editor for Android
  • inSSIDer – Wireless Scanner
  • Intercepter-NG – multifunction network utility: sniffer, sniffer cookie, arp-spoofer
  • IP Detective info – gives detailed information on an IP-address
  • IP Webcam – allows you to turn Android-powered device in the IP-camera tracking
  • Network Signal Info – GUI for iwconfig
  • NFC Reader – allows to read data from the NFC-high technology, including a card-key
  • NFC retag – re-use of write-protected NFC-tags like keycards, ID badges, etc.
  • NFC TagInfo – another reader information on NFC
  • OpenVPN Connect – VPN-client open source
  • Orbot – tor client for Android
  • Packet Injection – a graphical interface for scapy from poorman
  • ProxyDroid – allows you to set the device socks5-proxy
  • Root Browser – excellent file manager for Android
  • Routerpwn – check your router security
  • SandroProxy – analogue Webscarab
  • Secret Letter – steganographic tool from poorman
  • SSHDroid – openssh-server for Android
  • Supersu – control administrative access programs
  • Teamviewer – remote control of Windows, OSX, and Linux systems
  • Terminal Emulator – no comment
  • tPacketCapture – packet sniffer that does not require root privileges
  • VirusTotal Uploader – check your malicious fillings (payloads)
  • Voodoo OTA RootKeeper – allows you to save administrative access to the device even after the OTA-update
  • Wifi File Transfer – access to the files on your phone from your web browser
  • WifiFinder – simple wireless scanner
  • WiGLE Wifi Wardriving – application for vardrayvinga (locating and wireless access points)

Of course, this list is not complete, but I think this is a very good set of tools to start.

Tagged ,