Latest revision as of 21:02, 1 May 2019

Main Nethunter documentation is here: https://github.com/offensive-security/kali-nethunter/wiki

Notes

Nexus 7

We installed NetHunter on a Nexus 7.

Nexus 7 2013 (flo)
Android version:
5.1.1 or 6.0.1
CM 13.0

Installation

Following instructions here: To install, need to use the NetHunter rootkit: https://github.com/offensive-security/nethunter-LRT

The installation procedure looks like this:

Get tooling
Get stock image for Nexus from Google
Install NetHunter rootkit
Use the NetHunter rootkit to install NetHunter on the device
Flash device with stock image
"Recover" into Kali NetHunter

Tooling

Will need adb and fastboot utilities installed.

Plug the tablet into the computer with a USB cable and turn on USB debugging.

Mac

brew cask install android-platform-tools

Debian

$ apt-get install android-tools-adb
$ apt-get install android-tools-fastboot

Prepare to Root Device

The table here (https://github.com/offensive-security/kali-nethunter/wiki) lists hardware and corresponding android software version numbers.

Get Kali Nethunter version from here (https://www.offensive-security.com/kali-linux-nethunter-download/) corresponding to your hardware.

Get the factory image corresponding to the phone from here (https://developers.google.com/android/images?hl=en) and pick out the version number that matches. The version I got was "razor".

Get twrp file for asus nexus 7 here (https://twrp.me/Devices/), I used the 2013 "flo" Nexus file (https://dl.twrp.me/flo/twrp-3.2.1-0-flo.img.html)

Get the latest SuperSU sudo app for rooting the tablet (http://www.supersu.com/download), use the recovery flashable zip file.

Now you're ready to install nethunter-LRT, so clone the nethunter-LRT and put the above materials into their appropriate locations:

Gitlab repo: https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-lrt

Listing folders in the nethunter-LRT folder shows:

LICENSE
README.md
common.sh
kaliNethunter
oemUnlock.sh
stockImage
stockNexusFlash.sh
stockOpoFlash.sh
superSu
turtleme
twrpFlash.sh
twrpImage

The stock factory image should go in the stockImage folder, the twrp file should go in the twrpImage folder, the SuperSU image should go in the superSu folder, like so:

$ ls -R stockImage/ superSu/ twrpImage/ kaliNethunter/
stockImage/:
razor-mob30x-factory-52684dff.zip

superSu/:
SuperSU-v2.82-201705271822.zip

twrpImage/:
twrp-3.2.1-0-flo.img

kaliNethunter/
nethunter-flo-lollipop-3.0.zip

Enable Developer Mode

Enable developer options by going to Settings > About Tablet > scroll down to the very bottom to Build Number and tap it 7 times. This will unlock developer options. This is really dumb, but welcome to Android, where you will die of cleverness.

Root Device

Unlock device:

./oemUnlock.sh

Flash back to stock image:

./stockNexusFlash.sh

Use custom recovery TWRP plus SuperSU plus Kali NetHunter:

./twrpFlash.sh

Post Installation

Post Installation Checklist

https://github.com/offensive-security/kali-nethunter/wiki#50-post-installation-setup

Hardware

Note that if you want to do any wireless attacks (using wifite, hostapd, or aircrack), the on-board wifi card cannot be put into monitor mode, so you have to use an on the go (OTG) cable with a USB wifi dongle.

This was the main problem I had initially.

Attacks

Nmap Scan

To do an Nmap scan, open the apps and open the NetHunter app.

In the top left, click the three parallel lines (the hamburger menu).

Click Nmap.

Can connect to a network, e.g., 192.168.0.X, and scan the IP range 192.168.0.0/24

Nmap scan enables multiple checkboxes that you can use to turn flags on/off

DuckHunter HID

Main article: RubberDucky

Link: https://github.com/offensive-security/kali-nethunter/wiki/NetHunter-DuckHunter

Similar to a Rubber Ducky USB attack, this takes scripts written for the Rubber Ducky and makes them work with Kali NetHunter HID.

Flags

@@ Line 1: / Line 1: @@
-=resources=
+Main Nethunter documentation is here: https://github.com/offensive-security/kali-nethunter/wiki
-notes on kali nethunter here: https://github.com/offensive-security/kali-nethunter/wiki
+=Notes=
-to install, need to use the nethunter rootkit: https://github.com/offensive-security/nethunter-LRT
+==Nexus 7==
-for that, need to install prerequisites (android tools mainly)
+We installed NetHunter on a Nexus 7.
-=procedure=
+<pre>
+Nexus 7 2013 (flo)
+Android version:
+.1.1 or 6.0.1
+CM 13.0
+</pre>
+=Installation=
-you need a nexus 7 tablet, rooted or not
+Following instructions here: To install, need to use the NetHunter rootkit: https://github.com/offensive-security/nethunter-LRT
-==prereqs==
+The installation procedure looks like this:
+* Get tooling
+* Get stock image for Nexus from Google
+* Install NetHunter rootkit
+* Use the NetHunter rootkit to install NetHunter on the device
+* Flash device with stock image
+* "Recover" into Kali NetHunter
-start by installing prereqs for nethunter rootkit
+==Tooling==
+Will need adb and fastboot utilities installed.
+Plug the tablet into the computer with a USB cable and turn on USB debugging.
+===Mac===
+<pre>
+brew cask install android-platform-tools
+</pre>
+===Debian===
 <pre>
@@ Line 20: / Line 45: @@
 </pre>
-==assembling materials==
+==Prepare to Root Device==
+The table here (https://github.com/offensive-security/kali-nethunter/wiki) lists hardware and corresponding android software version numbers.
-for nexus 7 tablet, get factory image from here: https://developers.google.com/android/nexus/images?hl=en
+* Get Kali Nethunter version from here (https://www.offensive-security.com/kali-linux-nethunter-download/) corresponding to your hardware.
-get twrp file for asus nexus 7 here: https://twrp.me/Devices/ (got both the 2012 and 2013 files, not sure which one to use)
+* Get the factory image corresponding to the phone from here (https://developers.google.com/android/images?hl=en) and pick out the version number that matches. The version I got was "razor".
-get latest superuser app for rooting your tablet: http://forum.xda-developers.com/showpost.php?p=64161125&postcount=3
+* Get twrp file for asus nexus 7 here (https://twrp.me/Devices/), I used the 2013 "flo" Nexus file (https://dl.twrp.me/flo/twrp-3.2.1-0-flo.img.html)
-put each of these in the appropriate folders: https://github.com/offensive-security/nethunter-LRT
+* Get the latest SuperSU sudo app for rooting the tablet (http://www.supersu.com/download), use the recovery flashable zip file.
-==enable developer mode==
+Now you're ready to install nethunter-LRT, so clone the nethunter-LRT and put the above materials into their appropriate locations:
-enable developer options by going to Settings > About Tablet > scroll down to the very bottom to Build Number and tap it 7 times. This will unlock develoepr options. This is really dumb, but welcome to Android, where you will die of cleverness.
+Gitlab repo: https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-lrt
-==oem unlock==
+Listing folders in the nethunter-LRT folder shows:
+<pre>
+LICENSE
+README.md
+common.sh
+kaliNethunter
+oemUnlock.sh
+stockImage
+stockNexusFlash.sh
+stockOpoFlash.sh
+superSu
+turtleme
+twrpFlash.sh
+twrpImage
+</pre>
-Next:
+The stock factory image should go in the stockImage folder, the twrp file should go in the twrpImage folder, the SuperSU image should go in the superSu folder, like so:
 <pre>
-root@basilisk:~/codes/nethunter-LRT# adb devices
+$ ls -R stockImage/ superSu/ twrpImage/ kaliNethunter/
-List of devices attached
+stockImage/:
-d46d908641608	device
+razor-mob30x-factory-52684dff.zip
+superSu/:
+SuperSU-v2.82-201705271822.zip
+twrpImage/:
+twrp-3.2.1-0-flo.img
-root@basilisk:~/codes/nethunter-LRT# ./oemUnlock.sh
+kaliNethunter/
+nethunter-flo-lollipop-3.0.zip
 </pre>
-This reboots the phone, and gets your confirmation that you want to modify the boot loader. Use volume up/down to select an option, then push the power button.
+==Enable Developer Mode==
+Enable developer options by going to Settings > About Tablet > scroll down to the very bottom to Build Number and tap it 7 times. This will unlock developer options. This is really dumb, but welcome to Android, where you will die of cleverness.
+==Root Device==
+Unlock device:
+<pre>
+./oemUnlock.sh
+</pre>
+Flash back to stock image:
+<pre>
+./stockNexusFlash.sh
+</pre>
+Use custom recovery TWRP plus SuperSU plus Kali NetHunter:
+<pre>
+./twrpFlash.sh
+</pre>
+=Post Installation=
+==Post Installation Checklist==
+https://github.com/offensive-security/kali-nethunter/wiki#50-post-installation-setup
+==Hardware==
+Note that if you want to do any wireless attacks (using wifite, hostapd, or aircrack), the on-board wifi card cannot be put into monitor mode, so you have to use an on the go (OTG) cable with a USB wifi dongle.
+This was the main problem I had initially.
+=Attacks=
+==Nmap Scan==
+To do an Nmap scan, open the apps and open the NetHunter app.
+In the top left, click the three parallel lines (the hamburger menu).
+Click Nmap.
+Can connect to a network, e.g., 192.168.0.X, and scan the IP range 192.168.0.0/24
+Nmap scan enables multiple checkboxes that you can use to turn flags on/off
+==DuckHunter HID==
+{{Main|RubberDucky}}
+Link: https://github.com/offensive-security/kali-nethunter/wiki/NetHunter-DuckHunter
+Similar to a Rubber Ducky USB attack, this takes scripts written for the Rubber Ducky and makes them work with Kali NetHunter HID.
+=Flags=
+{{KaliFlag}}
-You should see the computer printing some steps. When it is done, the tablet will begin to boot up. be patient, it can take a while.
+[[Category:Kali]]
+[[Category:NetHunter]]
+[[Category:Android]]
+[[Category:TinyPwners]]
-==stock nexus flash==
+[[Category:Nexus]]

Kali/Nethunter: Difference between revisions

From charlesreid1