You are free to read, investigate, and change our build scripts for the NetHunter images. One way to achieve this trust is by having full transparency and familiarity with the code you are running. Our freely downloadable images come with easy to follow installation and setup instructions to get you up and running in no time at all.Īs an experienced penetration tester or security professional, it is imperative that you trust the tools you work with. Whether you have a Nexus 5, Nexus 6, Nexus 7, Nexus 9, Nexus 10 or OnePlus One we’ve got you covered. Once set up, run PowerShell Empire and set up a listener.NetHunter supports Wireless 802.11 frame injection, one-click MANA Evil Access Point setups, HID keyboard (Teensy like attacks), as well asBadUSB MITM attacks – and is built upon the sturdy shoulders of the Kali Linux distribution and toolsets. Use your favorite VPS provider (I like DigitalOcean), setup an Ubuntu based server, and install PowerShell Empire from their Github repository. When on an engagement I like to have one USB Rubber Ducky set up to establish a PowerShell Empire session, we will use this to test out the functionality. The ZArchiver app from the Google Play store resolved this issue, this will be needed to load Rubber Ducky scripts.ĭuckHunter Attack and Demonstration (Shellz!)Īt this point, NetHunter is ready to run the DuckHunter HID attack. When initially attempting to use Rubber Ducky scripts with NetHunter, there was an issue loading the script into the DuckHunter HID feature with the native file system selection option. Once complete, the latest APK should now successfully install. Go into Settings>Apps and choose NetHunter and uninstall. You will need to uninstall NetHunter to install the update, it will not install successfully over the existing install. If there is an update (there was at the time of this post) download it. Open up the app and select “Check App Update”. There are a few tasks to complete after installation to get the DuckHunter HID attack to work. Once you have booted back up, NetHunter will now be installed. Once that has been completed turn on Advanced Reboot and Android Debugging options.Īfter the flash, it may take a few minutes for the device to boot past the splash screen. On the device, go to Settings> About Tablet and tap on the “Build Number” seven times. If your tablet doesn’t have developer mode enabled, do that. This post includes screenshots to help walk through the install. This is important because skipping any part may result in a nonfunctional install. The instructions on the Offensive Security github wiki were up to date at the time of this post.Īs noted on their wiki, each step needs to be performed. For a Neversion the nethunter-grouper-lollipop-3.0 worked for me. I chose this route and used a Windows 7 virtual machine and VirtualBox.įirst, download the appropriate NetHunter image for your device and check the file hash. These tablets are relatively cheap on eBay and have great support for unlocking the bootloader and rooting through the Nexus Root Toolkit by WugFresh. I had a NeWi-Fi tablet that had been demoted to lab use and was already unlocked. First, make sure your device is supported. I like options.īefore we can pull off this style of HID attack though, we need to make the platform. I own multiple Rubber Ducky Devices and love them but a Mobile Pentesting Platform gives me the ability to have multiple HID attack options “on the fly” that would otherwise mean I would have to carry multiple USB devices. I think a Mobile Pentesting Platform shines best on an onsite internal engagement that involves gaining unauthorized physical access (like a Red Team or Physical Pen Test), especially when it comes to HID keyboard style attacks like those possible with the USB Rubber Ducky.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |