Main Nethunter documentation is here: https://github.com/offensive-security/kali-nethunter/wiki
We installed NetHunter on a Nexus 7.
Nexus 7 2013 (flo) Android version: 5.1.1 or 6.0.1 CM 13.0
Following instructions here: To install, need to use the NetHunter rootkit: https://github.com/offensive-security/nethunter-LRT
The installation procedure looks like this:
- Get tooling
- Get stock image for Nexus from Google
- Install NetHunter rootkit
- Use the NetHunter rootkit to install NetHunter on the device
- Flash device with stock image
- "Recover" into Kali NetHunter
Will need adb and fastboot utilities installed.
Plug the tablet into the computer with a USB cable and turn on USB debugging.
brew cask install android-platform-tools
$ apt-get install android-tools-adb $ apt-get install android-tools-fastboot
Prepare to Root Device
The table here (https://github.com/offensive-security/kali-nethunter/wiki) lists hardware and corresponding android software version numbers.
- Get Kali Nethunter version from here (https://www.offensive-security.com/kali-linux-nethunter-download/) corresponding to your hardware.
- Get the factory image corresponding to the phone from here (https://developers.google.com/android/images?hl=en) and pick out the version number that matches. The version I got was "razor".
- Get twrp file for asus nexus 7 here (https://twrp.me/Devices/), I used the 2013 "flo" Nexus file (https://dl.twrp.me/flo/twrp-3.2.1-0-flo.img.html)
- Get the latest SuperSU sudo app for rooting the tablet (http://www.supersu.com/download), use the recovery flashable zip file.
Now you're ready to install nethunter-LRT, so these should go in appropriate folders.
Listing folders in the nethunter-LRT folder shows:
LICENSE README.md common.sh kaliNethunter oemUnlock.sh stockImage stockNexusFlash.sh stockOpoFlash.sh superSu turtleme twrpFlash.sh twrpImage
The stock factory image should go in the stockImage folder, the twrp file should go in the twrpImage folder, the SuperSU image should go in the superSu folder, like so:
$ ls -R stockImage/ superSu/ twrpImage/ kaliNethunter/ stockImage/: razor-mob30x-factory-52684dff.zip superSu/: SuperSU-v2.82-201705271822.zip twrpImage/: twrp-3.2.1-0-flo.img kaliNethunter/ nethunter-flo-lollipop-3.0.zip
Enable Developer Mode
Enable developer options by going to Settings > About Tablet > scroll down to the very bottom to Build Number and tap it 7 times. This will unlock developer options. This is really dumb, but welcome to Android, where you will die of cleverness.
Flash back to stock image:
Use custom recovery TWRP plus SuperSU plus Kali NetHunter:
Post Installation Checklist
Note that if you want to do any wireless attacks (using wifite, hostapd, or aircrack), the on-board wifi card cannot be put into monitor mode, so you have to use an on the go (OTG) cable with a USB wifi dongle.
This was the main problem I had initially.
To do an Nmap scan, open the apps and open the NetHunter app.
In the top left, click the three parallel lines (the hamburger menu).
Can connect to a network, e.g., 192.168.0.X, and scan the IP range 192.168.0.0/24
Nmap scan enables multiple checkboxes that you can use to turn flags on/off
Similar to a Rubber Ducky USB attack, this takes scripts written for the Rubber Ducky and makes them work with Kali NetHunter HID.
Kali Linux"The quieter you become, the more you are able to hear."
Penetration testing Linux distribution.
1 Physical Attacks: Kali/Layer 1 Attacks
2 Data/MAC Attacks: Kali/Layer 2 Attacks
3 Network Attacks: Kali/Layer 3 Attacks
4 Transport Attacks: Kali/Layer 4 Attacks
5 Session Attacks: Kali/Layer 5 Attacks
6 Presentation Attacks: Kali/Layer 6 Attacks
7 Application Attacks: Kali/Layer 7 Attacks
Kali on Raspberry Pi:
Flags · Template:KaliFlag · e