Big corporations trying to improve the user experience by making everything around simplify, increasing performance and connections with “IoT’s”. Today with the Android operating system installed on the most robust smartphones, we have their strengths and weaknesses.
A Linux system, have their limitations and permissions. The user that makes the “Root” on the mobile device, will have full access to the system from view, edit and delete files and folders from the Android system and even install tools of various features.
In this article, I will introduce to you how easy it is to have a smartphone with pentest tools and performing network scan, wireless scan, sniffer, Vulnerability Scanner and others.
Preparing Android Smartphone for Penetration Testing
Let us start preparing your smartphone to perform the invasion test. By Google Play itself, we have two apps (paid and free) to have the Android system bash terminal.
Once the application installs, we will have to do the “Root” mode to have full access to the Android system. Therefore, we can install the pentest and monitoring tools.
Apt-get is a powerful package management system that is used to work with Ubuntu’s APT (Advanced Packaging Tool) library to perform the installation of new software packages, removing existing software packages, upgrading of existing software packages.
First, we will use Linux repositories distributions for pentest, in this example, I am using the Kali Linux distro. Once we do the “apt-get update” command, we will have reliable fonts tools.
Apt-get is a powerful package management system that is used to work with Ubuntu’s APT (Advanced Packaging Tool) library to perform the installation of new software packages, removing existing software packages, upgrading of existing software packages.
Also Read Android Application pentest Checklist
Tools that we Get after Updating List
- NMAP: Security Scanner, Port Scanner, & Network Exploration Tool.
- Bettercap: Powerful tool to perform MITM Attacks
- Setoolkit: Allows to perform many Social Engineering Activities.
We will test the “NMAP” tool first on the network where the smartphone is connected.
NMAP
Command # nmap 192.168.0.0/24
With NMAP installed, we have several ways to scan the network and test some services that are on servers. At this simple lab, we performed a network scan and identified two network assets (but without any vulnerable service to attack).
Let’s begin the “sniffer” at the network to find important credentials at applications that are not using encryption to communicate. Let us do a test with the “bettercap” tool.
bettercap
Insert Command # bettercap –sniffer
We got the login credentials at access router.
In addition to HTTP, we also obtain the HTTPS but will not be covered in this article.
With the weakest link of information security being the USER, he will always be subject to attacks and even without realizing that the Web Site digital certificate will be changed to that of the attacker doing the MITM attack.
We may not use the smartphone 100% like a laptop with thousands of intrusion tools; of course, we will have several limitations because it is a smartphone. However, of course, we can use the mobile in bridge mode, as known as “Pivoting”.
You can use a VPS as a command control and use pivoting on android to perform pentest.
Another Spoofing method, using tools to perform this technique and obtaining Apache2 on Android, we can insert a malicious page so that the user can insert their login credentials on the page and thus gain access to it.
Setoolkit
Insert Command Insert Command # service apache2 start && /usr/share/setoolkit/setoolkit
We validate that the apache service is working correctly.
As soon as we change the test page from apache and leave the fake Google page for this test, we will insert the email and password to make sure that the attack works.
Once the victim inserts their credentials on the fake page, he will be redirected to the Google page without realizing it was “hacked.”
In this, his credentials were captured and inserted into a plain text file for better viewing. Resulting in the loss of login, the cracker can access your emails and files quietly.
References
Original Source & Credits
BORBOLLA, Renato Basante Born in São Paulo, Brazil. He is A Network Administrator, Pen Tester, Security and Computer Forensics consultant.
Disclaimer
All the Content of this Article Belongs to above Original Author. “GBHackers On Security” won’t take any credits. This article is only for an Educational purpose. Any actions and or activities related to the material contained on this Website is solely your responsibility. The misuse of the information in this website can result in criminal charges brought against the persons in question.
