From charlesreid1

Main Nethunter documentation is here: https://github.com/offensive-security/kali-nethunter/wiki

Notes

Nexus 7

We installed NetHunter on a Nexus 7.

Nexus 7 2013 (flo)
Android version:
5.1.1 or 6.0.1
CM 13.0

Installation

Following instructions here: To install, need to use the NetHunter rootkit: https://github.com/offensive-security/nethunter-LRT

The installation procedure looks like this:

  • Get tooling
  • Get stock image for Nexus from Google
  • Install NetHunter rootkit
  • Use the NetHunter rootkit to install NetHunter on the device
  • Flash device with stock image
  • "Recover" into Kali NetHunter

Tooling

Will need adb and fastboot utilities installed.

Plug the tablet into the computer with a USB cable and turn on USB debugging.

Mac

brew cask install android-platform-tools

Debian

$ apt-get install android-tools-adb
$ apt-get install android-tools-fastboot

Prepare to Root Device

The table here (https://github.com/offensive-security/kali-nethunter/wiki) lists hardware and corresponding android software version numbers.

Now you're ready to install nethunter-LRT, so these should go in appropriate folders.

Listing folders in the nethunter-LRT folder shows:

LICENSE
README.md
common.sh
kaliNethunter
oemUnlock.sh
stockImage
stockNexusFlash.sh
stockOpoFlash.sh
superSu
turtleme
twrpFlash.sh
twrpImage

The stock factory image should go in the stockImage folder, the twrp file should go in the twrpImage folder, the SuperSU image should go in the superSu folder, like so:

$ ls -R stockImage/ superSu/ twrpImage/ kaliNethunter/
stockImage/:
razor-mob30x-factory-52684dff.zip

superSu/:
SuperSU-v2.82-201705271822.zip

twrpImage/:
twrp-3.2.1-0-flo.img

kaliNethunter/
nethunter-flo-lollipop-3.0.zip

Enable Developer Mode

Enable developer options by going to Settings > About Tablet > scroll down to the very bottom to Build Number and tap it 7 times. This will unlock developer options. This is really dumb, but welcome to Android, where you will die of cleverness.

Root Device

Unlock device:

./oemUnlock.sh

Flash back to stock image:

./stockNexusFlash.sh

Use custom recovery TWRP plus SuperSU plus Kali NetHunter:

./twrpFlash.sh


Post Installation

Post Installation Checklist

https://github.com/offensive-security/kali-nethunter/wiki#50-post-installation-setup

Hardware

Note that if you want to do any wireless attacks (using wifite, hostapd, or aircrack), the on-board wifi card cannot be put into monitor mode, so you have to use an on the go (OTG) cable with a USB wifi dongle.

This was the main problem I had initially.

Attacks

Nmap Scan

To do an Nmap scan, open the apps and open the NetHunter app.

In the top left, click the three parallel lines (the hamburger menu).

Click Nmap.

Can connect to a network, e.g., 192.168.0.X, and scan the IP range 192.168.0.0/24

Nmap scan enables multiple checkboxes that you can use to turn flags on/off

DuckHunter HID

Link: https://github.com/offensive-security/kali-nethunter/wiki/NetHunter-DuckHunter

Similar to a Rubber Ducky USB attack, this takes scripts written for the Rubber Ducky and makes them work with Kali NetHunter HID.

Flags