Security-Distro

Published on January 6th, 2015 📆 | 4889 Views ⚑

0

Kali Linux NetHunter 1.1 Released – Android Penetration Testing Platform


https://www.ispeech.org
Offensive Security have obsessively been building Kali on weird and wonderful ARM hardware and today, we are proud to reveal their latest creation – the Kali Linux NetHunter 1.1. NetHunter is a Android penetration testing platform for Nexus devices built on top of Kali Linux, which includes some special and unique features. Of course, you have all the usual Kali tools in NetHunter as well as the ability to get a full VNC session from your phone to a graphical Kali chroot, however the strength of NetHunter does not end there.

[adsense size='1']

 

  • 802.11 Wireless Injection and AP mode support with multiple supported USB wifi cards.
  • Capable of running USB HID Keyboard attacks, much like the Teensy device is able to do.
  • Supports BadUSB MITM attacks. Plug in your Nethunter to a victim PC, and have your traffic relayed though it.
  • Contains a full Kali Linux toolset, with many tools available via a simple menu system.
  • USB Y-cable support in the Nethunter kernel – use your OTG cable while still charging your Nexus device!
  • Software Defined Radio support. Use Kali Nethunter with your HackRF to explore the wireless radio space.

OPEN SOURCE, BASED ON KALI LINUX

As an experienced penetration tester or security professional, it is imperative that you trust the tools you work with. One way to achieve this trust is by having full transparency and familiarity with the code you are running. You are free to read, investigate, and change our build scripts for the NetHunter images. All of this goodness from the house of Offensive Security and developers of Kali Linux!

CONFIGURATION MANAGEMENT

The Kali NetHunter configuration interface allows you to easily configure complex configuration files through a local web interface. This feature, together with a custom kernel that supports 802.11 wireless injection and preconfigured connect back VPN services, make the NetHunter a formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are!

HID KEYBOARD AND ‘BADUSB’ ATTACKS

[adsense size='1']

NetHunter images support programmable HID keyboard attacks, (a-la-teensy), as well as “BadUSB” network attacks, allowing an attacker to easily MITM an unsuspecting target by simply connecting their device to a computer USB port. In addition to these built in features, Nethunter has a whole set of native Kali Linux tools available for use, many of which are configurable through a simple web interface.

 

Supported Devices

The Kali NetHunter image is currently compatible with the following Nexus devices:





  • Nexus 4 (GSM) – “mako”
  • Nexus 5 (GSM/LTE) – “hammerhead”
  • Nexus 7 [2012] (Wi-Fi) – “nakasi”
  • Nexus 7 [2012] (Mobile) – “nakasig”
  • Nexus 7 [2013] (Wi-Fi) – “razor”
  • Nexus 7 [2013] (Mobile) – “razorg”
  • Nexus 10 (Tablet) – “mantaray”
  • OnePlus One 16 GB – “bacon”
  • OnePlus One 64 GB – “bacon”

 

Backdooring Executables Over HTTP

This is probably one of the coolest features/tools introduced to Kali in the past month – an updated version of the “BackDoor Factory (BDF)”, and it’s accompanying “BackDoor Factory Proxy” toolset.

We packaged these tools in Kali especially for use with the NetHunter platform – and our tests with these tools have shown some impressive results.

To those who are not familiar with the BackDoor Factory framework – written by@midnite_runr, it allows us to inject shellcode of our choice in various binary files while the BFD Proxy allows us to backdoor these binary files over an HTTP connection on the fly. By now, you should be grasping the possibilities of this toolset, especially when combined with a mobile platform such as NetHunter

[adsense size='1']

Simply put, we can now quickly use our NetHunter devices to run MANA, an improved wireless AP client hijacking toolset in conjunction with BDF to produce a mind numbing effect – transparently hijacking wireless client connections and injecting malicious code into any binary files downloaded from the Internet over HTTP. Here’s a video of MANA and BDF proxy in action:

 

Important Concepts

  • Kali NetHunter runs within a chroot environment on the Android device so, for example, if you start an SSH server via an Android application, your SSH connection would connect to Android and not Kali Linux. This applies to all network services.
  • When configuring payloads, the IP address field is the IP address of the system where you want the shell to return to. Depending on your scenario, you may want this address to be something other than the NetHunter.
  • Due to the fact that the Android device is rooted, Kali NetHunter has access to all hardware, allowing you to connect USB devices such as wireless NICs directly to Kali using an OTG cable.

Source && Download

 

Tagged with:



Comments are closed.