Kali/Nethunter
From charlesreid1
Main Nethunter documentation is here: https://github.com/offensive-security/kali-nethunter/wiki
Contents
Notes
Nexus 7
We installed NetHunter on a Nexus 7.
Nexus 7 2013 (flo) Android version: 5.1.1 or 6.0.1 CM 13.0
Installation
Following instructions here: To install, need to use the NetHunter rootkit: https://github.com/offensive-security/nethunter-LRT
The installation procedure looks like this:
- Get tooling
- Get stock image for Nexus from Google
- Install NetHunter rootkit
- Use the NetHunter rootkit to install NetHunter on the device
- Flash device with stock image
- "Recover" into Kali NetHunter
Tooling
Will need adb and fastboot utilities installed.
Plug the tablet into the computer with a USB cable and turn on USB debugging.
Mac
brew cask install android-platform-tools
Debian
$ apt-get install android-tools-adb $ apt-get install android-tools-fastboot
Prepare to Root Device
The table here (https://github.com/offensive-security/kali-nethunter/wiki) lists hardware and corresponding android software version numbers.
- Get Kali Nethunter version from here (https://www.offensive-security.com/kali-linux-nethunter-download/) corresponding to your hardware.
- Get the factory image corresponding to the phone from here (https://developers.google.com/android/images?hl=en) and pick out the version number that matches. The version I got was "razor".
- Get twrp file for asus nexus 7 here (https://twrp.me/Devices/), I used the 2013 "flo" Nexus file (https://dl.twrp.me/flo/twrp-3.2.1-0-flo.img.html)
- Get the latest SuperSU sudo app for rooting the tablet (http://www.supersu.com/download), use the recovery flashable zip file.
Now you're ready to install nethunter-LRT, so clone the nethunter-LRT and put the above materials into their appropriate locations:
Gitlab repo: https://gitlab.com/kalilinux/nethunter/build-scripts/kali-nethunter-lrt
Listing folders in the nethunter-LRT folder shows:
LICENSE README.md common.sh kaliNethunter oemUnlock.sh stockImage stockNexusFlash.sh stockOpoFlash.sh superSu turtleme twrpFlash.sh twrpImage
The stock factory image should go in the stockImage folder, the twrp file should go in the twrpImage folder, the SuperSU image should go in the superSu folder, like so:
$ ls -R stockImage/ superSu/ twrpImage/ kaliNethunter/ stockImage/: razor-mob30x-factory-52684dff.zip superSu/: SuperSU-v2.82-201705271822.zip twrpImage/: twrp-3.2.1-0-flo.img kaliNethunter/ nethunter-flo-lollipop-3.0.zip
Enable Developer Mode
Enable developer options by going to Settings > About Tablet > scroll down to the very bottom to Build Number and tap it 7 times. This will unlock developer options. This is really dumb, but welcome to Android, where you will die of cleverness.
Root Device
Unlock device:
./oemUnlock.sh
Flash back to stock image:
./stockNexusFlash.sh
Use custom recovery TWRP plus SuperSU plus Kali NetHunter:
./twrpFlash.sh
Post Installation
Post Installation Checklist
https://github.com/offensive-security/kali-nethunter/wiki#50-post-installation-setup
Hardware
Note that if you want to do any wireless attacks (using wifite, hostapd, or aircrack), the on-board wifi card cannot be put into monitor mode, so you have to use an on the go (OTG) cable with a USB wifi dongle.
This was the main problem I had initially.
Attacks
Nmap Scan
To do an Nmap scan, open the apps and open the NetHunter app.
In the top left, click the three parallel lines (the hamburger menu).
Click Nmap.
Can connect to a network, e.g., 192.168.0.X, and scan the IP range 192.168.0.0/24
Nmap scan enables multiple checkboxes that you can use to turn flags on/off
DuckHunter HID
Link: https://github.com/offensive-security/kali-nethunter/wiki/NetHunter-DuckHunter
Similar to a Rubber Ducky USB attack, this takes scripts written for the Rubber Ducky and makes them work with Kali NetHunter HID.
Flags
