Book Image

Hands-On Penetration Testing with Kali NetHunter

By : Glen D. Singh, Sean-Philip Oriyano
Book Image

Hands-On Penetration Testing with Kali NetHunter

By: Glen D. Singh, Sean-Philip Oriyano

Overview of this book

Kali NetHunter is a version of the popular and powerful Kali Linux pentesting platform, designed to be installed on mobile devices. Hands-On Penetration Testing with Kali NetHunter will teach you the components of NetHunter and how to install the software. You’ll also learn about the different tools included and how to optimize and use a package, obtain desired results, perform tests, and make your environment more secure. Starting with an introduction to Kali NetHunter, you will delve into different phases of the pentesting process. This book will show you how to build your penetration testing environment and set up your lab. You will gain insight into gathering intellectual data, exploiting vulnerable areas, and gaining control over target systems. As you progress through the book, you will explore the NetHunter tools available for exploiting wired and wireless devices. You will work through new ways to deploy existing tools designed to reduce the chances of detection. In the concluding chapters, you will discover tips and best practices for integrating security hardening into your Android ecosystem. By the end of this book, you will have learned to successfully use a mobile penetration testing device based on Kali NetHunter and Android to accomplish the same tasks you would traditionally, but in a smaller and more mobile form factor.
Table of Contents (19 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Installing NetHunter


Kali NetHunter was originally created for Google Nexus devices such as the Nexus 4 and Nexus 5 smartphones and the Nexus 7 and Nexus 10 tablets. It was later expanded to the OnePlus One smartphone, which Offensive Security stated is the preferred phone form factor NetHunter device. As of this writing, Kali NetHunter is supported on a variety of devices from various manufacturers, such as Google, OnePlus, Samsung, LG, HTC, and Sony. Let's look at how to install Kali NetHunter on an Android device (before installing Kali NetHunter on your device, whether it’s a smartphone or tablet, please check the list of supported devices at https://www.offensive-security.com/kali-linux-nethunter-download/ or the list of supported devices and ROMs at the Offensive Security Kali NetHunter GitHub repository at https://github.com/offensive-security/kali-nethunter/wiki):

  1. Download an official release of Kali NetHunter for your device from https://www.offensive-security.com/kali-linux-nethunter-download. The downloaded file should be zipped. Ensure you verify the hash values before proceeding. If the hash value does not match, do not use it. If you would like to create a custom build of Kali NetHunter, please see the Building Kali NetHunter for a specific device section.
  2. Unlock your Android device.  When installing Kali NetHunter on an Android device, the installation takes place on top of the Android operating system. Please ensure the necessary Android drivers are installed and configured on your computer prior to executing the following steps. To do this, ensure you have a copy of Android Studioinstalled on your computer. This software can be found athttps://developer.android.com/studio. Android Studio will ensure the device drivers are properly installed and are compatible.
  1. Set your device to Developer mode. Navigate to Settings | About and tap on the Build number a few times until you see a notification that says that the developer mode has been enabled.
  2. Go to Settings | Developer optionsand enable both theAdvanced rebootand Android Debuggingoptions:
  1. Root your device (applicable to Nexus and OnePlus). If you’re using a Nexusdevice, you can use theNexus Root Toolkit (http://www.wugfresh.com/nrt/). The root toolkit is anall-in-onetool for installing device drivers, unlocking you device bootloader, and installing a custom recovery such asTeam Win Recovery Project (TWRP):
  1. Select the Initial Setup option, Full Driver Installation Guide, and follow the installer wizard.
  2. Unlock the bootloader if your device is not unlocked. This process will wipe your entire device. Please be sure to create a backup of your device before executing this step.
  1. Let's root your Android device.  Click on Root. If you’re using a Nexus, you'll see a checkbox on the screen next to Custom Recovery, ensure you unselect it.
  1. Your device will reboot automatically. To verify your device has been rooted successfully, you should see within your device’s menu a new icon/app named SuperSU. Opening the app will verify the status of your device, whether root access is granted or not.

Note

For OnePlus devices, there is specific rooting tool made just for this device, it's known as Bacon Root Toolkit (http://www.wugfresh.com/brt/). Additionally, the team at Offensive Security has provided a detailed procedure on installing Kali NetHunter using Windows and Linux. The guide can be found at https://github.com/offensive-security/kali-nethunter/wiki/Windows-install. If you’re using Linux, please visit https://github.com/offensive-security/nethunter-LRT.

  1. Go to the Google Play store and install the BusyBox application:
  1. Install the TWRP Manager app. You can also install TWRP using a downloadable APK from https://twrp.me

Once both applications are installed, open each to ensure they are functioning fine. If superuser permission is required, simply select grant or allow. 

  1. Copy the Kali NetHunter image and paste it in the root directory of the device. It’s time to install the custom recovery.
  2. Open the TWRP Manager app and select the Recovery Version to Install option. To begin the installation, click on Install Recovery.
  3. Reboot the device from the options provided:
  1. Click on Install and select the Kali NetHunter image ZIP file within the directory. At this point, the custom recovery will flash Kali NetHunter onto your device and reboot automatically.

Building Kali NetHunter for a specific device (optional)

Many smartphone manufacturers, such as OnePlus, Samsung, Google, and LG, produce a variety of phones every year. You may be wondering, Do I need to purchase another Android-based smartphone to host the Kali NetHunter platform? The answer is simple: you do not. One of the benefits provided to us is the ability to build a custom version of NetHunter for our Android device. In step 3, you'll be able to choose the type of device and the version of Android your smartphone is currently running; this is to ensure the output file is compatible with your Android phone.

If you would like to build your own Kali NetHunter image from the official GitHub repository, use the following steps:

  1. Download the repository using the git clone https://github.com/offensive-security/kali-nethunter command:
  1. Ensure you change the directory to the new folder using the cd kali-nethunter/nethunter-installer command. Next, run the ./bootstrap.sh command on the Terminal. There will be an interactive prompt that asks some questions before it attempts to download any of the device's folders on your system:
  1. Use the python build.py –h command to view the options available for building a custom Kali NetHunter image for your device:

To build an image, we can use the python build.py -d <device> --<android version> syntax.

If you want to build Kali NetHunter for a Nexus 7 (2013) device running Android Kitkat, you can use the python build.py –d flo –kitkat command.

  1. When the build is complete, the output will be a .zip file that is stored in the nethunter-installer directory. Simply copy the .zip file into the root folder of your Android device as it will be required to move into Kali NetHunter.

Note

To quickly locate the .zip file within your directory, use the ls –l |grep .zip command to view only ZIP files.