The market of mobile phones and tablet computers flooded the millions of devices running Android. Sometimes I wonder, how could Ken Thompson and Dennis Ritchie imagined that their creation, which is about 44 years old, will affect the core of Linux, Google, Apple and so on. Now we are surrounded by a sea of devices with Unix-like operating systems. These devices can easily fit in your pocket, have multi-core processors and are able to gain access to the systems of SCADA in a few clicks. There was a golden time for handheld tools pentesting!
In this article, I will discuss the process of turning Android devices into a powerful pocket tool pentestera. If you want to exercise with your Android-based device to intercept and modify network traffic, this article should be useful to you. (If interested, please check out this , this , this , this and this link.) To implement his plan, it will take Android-powered device that supports OTG, with a special ROM, in addition, you will likely need an external wireless USB-adapter (if you are looking for a device to crack WEP-key that does not require an external wireless adapter, I highly recommend the use of Nokia N900).
(Note: If you want to do wireless sniffing, try the app AndroidPCAP , which I tested on my Nexus 7 and the wireless USB-based adapter RTL8187).
Before we continue the transformation of your Android-based device, you should make backup copies of all important data. Recommend a look here . Backups are necessary because Android-powered device will “rutovat” (gain administrative access), and some of the methods rootingfor certain types of devices can wipe out your data.
Installing chroot-environment Kali Linux ARM rutovannom on Android-device, which is about 6 GB of free space.
Install Terminal Emulator
I created the image of Kali Linux ARM, which can be easily mounted by downloading here:
Remark. Wednesday of this image gives you about 2GB of space available, so be economical.
Extract the 7z archive and make sure you have the folder at / sdcard / kali
This folder should be based on a script ‘kali’ and the image file ‘kali.img’
To mount the file kali.img, as root, run the command sh / sdcard / kali / kali
Optional: If you want to open a terminal emulator when passed on Wednesday chroot, follow these steps:
Open the Terminal Emulator
Go to settings
Select Initial Command
Enter the following: su-c “cd / sdcard / kali && sh kali”
Now, if you use terminal emulation software, you’ll be taken directly to the chroot-environment Kali. If you want to get out of the environment and return to the command line of Android, simply run the command exit.
More. If you want to have access to the files in the directory / sdcard / chroot-environment of Kali, you can configure your device server Openssh, listens on all interfaces. Then, in the chroot-environment, follow mkdir / media / sdcard /, and then connect to your ssh-server on the loopback interface to save the key ssh. After that you will be able to use (or even register in the file. Bashrc its automatic start) in chroot-like environment script
http://zitstif.no-ip.org/mountsdcard.py # You will need to change the user name and password.
I must warn you that this is not the image of Kali was created based on the use of the window manager and general any GUI tools. In my humble opinion, the use of Kali Linux graphical interface is not required. For penetration testing will be sufficient command-line utilities like nmap, netcat, w3af_console, sqlmap, xsser, and metasploit.
Once you get into the chroot-environment Kali Linux, run the following command:
apt-get update && apt-get upgrade && msfupdate
In addition to the chroot-environment Kali Linux, I also recommend you install the tools from the following list:
Of course, this list is not complete, but I think this is a very good set of tools to start.