MITM Labs/Bettercap Android Evo: Difference between revisions
From charlesreid1
(Created page with "=Procedure= ==Hardware== Conducting an attack with Kali Linux running on a laptop. The target is a sheep running Android on an HTC Evo. The Evo is about two years out of da...") |
|||
| Line 10: | Line 10: | ||
Obtain IP address on local network. Next step is to attack. | Obtain IP address on local network. Next step is to attack. | ||
==Surveillance== | |||
Start by doing recon. Scan the network with nmap to find the phone's IP: | |||
<pre> | |||
$ nmap -F 192.168.0.* | |||
</pre> | |||
<code>-F</code> is for fast scan, which only scans the lowest 100 ports. | |||
This reveals a scan report for Android_A100001B90B222.domain (192.168.0.22). | |||
Now we have our target for the MITM. | |||
Do an aggressive nmap scan so you know what services are running on the sheep: | |||
<pre> | |||
$ nmap -A 192.168.0.22 | |||
</pre> | |||
No open ports, no running services, and not enough information to produce a specific operating system fingerprint. Well, at least we tried. | |||
==MITM with Bettercap== | ==MITM with Bettercap== | ||
Revision as of 04:54, 27 August 2016
Procedure
Hardware
Conducting an attack with Kali Linux running on a laptop.
The target is a sheep running Android on an HTC Evo. The Evo is about two years out of date.
Connect to Wireless with Phone
Obtain IP address on local network. Next step is to attack.
Surveillance
Start by doing recon. Scan the network with nmap to find the phone's IP:
$ nmap -F 192.168.0.*
-F is for fast scan, which only scans the lowest 100 ports.
This reveals a scan report for Android_A100001B90B222.domain (192.168.0.22).
Now we have our target for the MITM.
Do an aggressive nmap scan so you know what services are running on the sheep:
$ nmap -A 192.168.0.22
No open ports, no running services, and not enough information to produce a specific operating system fingerprint. Well, at least we tried.
MITM with Bettercap
On the Kali machine, run a MITM attack with Bettercap:
$ bettercap