قالب وردپرس درنا توس
Home / Tips and Tricks / How To Build A Laboratory For Android Penetration Testing «Zero Byte :: WonderHowTo

How To Build A Laboratory For Android Penetration Testing «Zero Byte :: WonderHowTo



As a Bug Bounty Hunter and Penetration Tester for Android, we need a properly configured environment to test exploits and find vulnerabilities. This could be an Android virtual operating system or a dedicated network for capturing requests and performing man-in-the-middle attacks.

There are many ways to configure a pentesting lab. Virtual Android environments are enabled by projects such as VirtualBox, OSBoxes, and Androidx86. And there are a few advantages to creating an Android virtual machine on your Kali machine.

Virtual machines (VMs) are very easy to clone and recover if we accidentally repair or irreparably repair the Android system. In addition, we can bring the CPU and memory to a higher level than is possible with physical Android devices. For example, it is possible to create a virtual Android OS with 32 GB of RAM. Although this value is unbelievably high and unrealistic, it would theoretically allow us to run many applications and services simultaneously.

On the other hand, some readers may not have the available resource (such as RAM, CPU) to run an Android VM. Another environment we can set up requires a physical Android device and a dedicated Wi-Fi network. Sure, we can simply connect Kali and our Android device to our home Wi-Fi network, but use Kali as a Wi-Fi hotspot and route all Android data to to easily intercept data to and from the physical Device.

There are many conveniences in using a virtualized Android operating system, but it's not really comparable to a real physical phone that allows a real-world simulation of an Android device's response to a specific exploit or hack. That's why pentening a physical Android is my preferred method. But I'll show you how to set up both quickly and decide which one best fits your needs.

Option 1
: Virtual Android Environment (VirtualBox Lab)

OSBoxes offers preconfigured Linux operating systems for our convenience. With the virtual OSBox Android machines for VirtualBox, we can set up and operate a virtual Android system with just a few clicks.

Step 1: Download the Android image

Go to the download page Android x86 Oboxes website to get the latest 64-bit Android image for VirtualBox

At the time of writing, OSBoxes supports only Android version 7.1 Nougat. Android Oreo (version 8.1) will be available soon. Readers with a more technical understanding of ISO installations can go to the Android x86 website and download the Oreo ISO file, which is not preconfigured as OSBox images.

Step 2: Extract the VirtualBox Image

x86_7.1_r1-VB-64bit.7z file (or the version you chose) is downloaded, extract the VirtualBox Disk Image (VDI) with it the following command 7z . Unzipping the .7z file may take several minutes. When it's done, there will be a new 64bit / directory in your downloads / directory.

  7z x Android x86_7.1_r1-VB-64bit.7z

7-Zip [64] 16.02: Copyright (c) 1999-2016 Igor Pavlov: 2016-05-21
p7zip Version 16.02 (locale = en_DE.UTF-8, Utf16 = on, HugeFiles = on, 64 bit, 4 CPUs AMD Ryzen 7 1700 Eight Core Processor (800F11), ASM, AES-NI)

Search the drive for archives:
1 file, 927273974 bytes (885 MiB)

Extract archive: Android x86_7.1_r1-VB-64bit.7z
-
Path = Android x86_7.1_r1-VB-64bit.7z
Enter = 7z
Physical size = 927273974
Header size = 204
Method = LZMA2: 25
Hard = -
Blocks = 1

Everything is OK

Folder: 1
Files: 1
Size: 5433720832
Compressed: 927273974 

Step 3: Configure Android VM Settings

Open VirtualBox on your Kali system and create a new virtual machine with the "New" button. If you do not already have VirtualBox, you can download it for free from its website. On the first page, name "Android" and choose "Linux" as Type and Linux 2.6 64-bit for the Version . Click Next to continue.

Set the RAM to a value of at least 1,024 MB. Click Next to continue.

Select the "Use an Existing Virtual Hard Disk File" option on the Hard Disk Settings, then select the Android VDI in the 64bit / that we extracted earlier. Click "Create" to continue.

Then, with the new Android VM selected from the list of machines in VirtualBox, click on "Settings" then the "System" tab and adjust the Boot Order is configured so that the "Hard Disk" is the first option and the Pointing Device is configured to "PS / 2 Mouse".

Configure "Adapter 1" in the "Network" tab as "Bridged Adapter" and set the adapter adapter type in the "Advanced" menu to "PCnet-FAST III." This will allow the Android VM to connect to your wireless router and get its own IP address.

When you're done, click "OK" and start the Android VM After about 60 seconds, the operating system starts and we have access to a new one virtual Android operating system for experimentation and penstest.

In Bridged Mode Other devices on the Wi-Fi network can ping and interact with the Android operating system. We can run man-in-the-middle attacks against the operating system as if it were a physical device on the Wi-Fi network. Below is an example of a man-in-the-middle attack with MITMf.

  python mitmf.py -i wlan0 --arp --spoof --gateway 192.168.0.1 - Destination 192.168.0.4

███╗ ███╗██╗████████╗███╗ ███╗███████╗
████╗ ████║██║╚══██╔══╝████╗ ████║██╔════╝
██╔████╔██║██║ ██║ ██╔████╔██║█████╗
██║╚██╔╝██║██║ ██║ ██║╚██╔╝██║██╔══╝
██║ ╚═╝ ██║ ██║ ╚═╝
╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝╚═╝

[*] MITMf v0.9.8 - & # 39; The dark side & # 39;
|
| _ Net-Creds v1.0 online
| _ Parody v0.6
| | _ ARP spoofing enabled
| _ Sergio Proxy v0.2.1 online
| _ SSLstrip v0.9 by Moxie Marlinspike online
|
| _ MITMf-API online
* Serving Flask app "core.mitmfapi" (slow loading)
| _ HTTP server online
* Environment: Production
WARNING: Do not use the development server in a production environment.
Use a WSGI production server instead.
* Debug mode: off
* Runs on http://127.0.0.1:9999/ (press CTRL + C to exit)
| DNSChef v0.4 online
| _ SMB server online

2018-07-23 18:26:22 192.168.0.4 [type:Chrome-50 os:Android] login.website.com
2018-07-23 18:26:22 192.168.0.4 [type:Chrome-50 os:Android] login.website.com
2018-07-23 18:26:23 192.168.0.4 [type:Chrome-50 os:Android] fonts.googleapis.com
2018-07-23 18:26:24 192.168.0.4 [type:Chrome-50 os:Android] login.website.com
2018-07-23 18:26:25 192.168.0.4 [type:Chrome-50 os:Android] Zapped a strict transport security header
2018-07-23 18:26:26 192.168.0.4 [type:Chrome-50 os:Android] login.website.com
2018-07-23 18:26:26 192.168.0.4 [type:Chrome-50 os:Android] login.website.com
2018-07-23 18:26:27 192.168.0.4 [type:Chrome-50 os:Android] fonts.gstatic.com
2018-07-23 18:26:28 192.168.0.4 [type:Chrome-50 os:Android] login.website.com
2018-07-23 18:26:48 192.168.0.4 [type:Chrome-50 os:Android] POST data (login.website.com):
utf8 =% E2% 9C authenticity_token% 93% = j7bVyOKFLu 2BausgDzlIr0Z9H0Mmh% 2FoWSBZh9OyyCqvKNdPFtPL47fqRECBwN97gJmlYt4AgvI6e% 2FyDmcAvNeog% 3d% 3d% & users 5Bemail% 5D = distortion% 40nullbyte.com & users% 5Bpassword% 5D = secure_password_999 & Commit = & users% 5Bremember_me% 5D = 0
2018-07-23 18:26:49 192.168.0.4 [type:Chrome-50 os:Android] login.website.com 

We can see the Android device ( 192.168.0.4 ) with Chrome version 50 sent a POST A request with an e-mail address and password in plain text

Option 2: Dedicated Wi-Fi hotspot and hardware

This method requires a dedicated (physical) Android device for testing an external Wi-Fi adapter to create a hotspot. The idea is that Kali effectively creates a Wi-Fi hotspot to which the Android device is connected. All data transferred to and from the Android device can be easily monitored without a man-in-the-middle attack. This is convenient for bug bounty hunters who use tools such as Burp Suite or Wireshark to examine packages at a very granular level.

If you do not have an Android phone that you can use as a pen test device, Amazon has plenty of cheap options for a test phone that will become a valuable asset in your pentesting toolkit.

Amazon Deals: Find Cheap Android Phones for Your Hacking Toolkit

Step 1: Create a New Wi-Fi Hotspot 19659007] To start, start Kali and connect an external one Kali-compatible wireless network adapter to the system. Open the Network Connections menu, click the + icon to add a Wi-Fi connection, and then choose Create.

Network Connection The settings vary slightly between the different versions of Kali. I use the XFCE4 version, but all versions have a network manager that can create Wi-Fi hotspots with very similar steps.

Step 2: Configure the Hotspot & Password

A new edit window will pop up. The required fields are SSID Mode and Device . Make sure you use the "hotspot" mode and select the device (probably wlan0 ) of your wireless adapter. If you do not know the name of the network adapter, you can use ifconfig to find out. The Wi-Fi network name (SSID) can be arbitrary. I use "zero byte" for this demonstration.

Next, click on the "Wi-Fi Security" tab and enter a strong password. [19659044] Hack Android: How to Build a Laboratory for Android Penetration Testing ” width=”532″ height=”532″ style=”max-width:532px;height:auto;”/>

Click "Save" when done, and Kali should automatically create the wireless zero byte hotspot. This can be verified with ifconfig in a terminal.

  ifconfig wlan0

wlan0: flags = 4163  mtu 1500
inet 10.42.0.1 Netmask 255.255.255.0 Broadcast 10.42.0.255
inet6 fe80 :: ea9b: cff: fee3: bb6a prefixlen 64 scopeid 0x20 
Ether 42: e6: 0f: b2: 1c: e2 txqueuelen 1000 (Ethernet)
RX Packets 78176 Bytes 4968034 (4.7 MiB)
Receive error 0 cleared 4 overflow 0 frame 0
TX packets 137808 bytes 191871580 (182.9 MiB)
TX error 0 drops 0 overflows 0 carrier 0 collisions 0 

Note the address inet 10.42.0.1 . This is the new internal address scheme used by devices connected to your "zero byte" wireless network. When you connect an Android to the network, the address automatically becomes 10.42.0.2 .

At this point we can open Wireshark and start gathering data on the wlan0 interface Watch the packages going to and from Android. There is a direct connection between the Android and Kali so that your "zero byte" network is not littered with network traffic from other devices in your external network ( 192.168.0.1 ). Other PenTesting tools, such as Burp Suite, can be configured with Android to intercept and modify any request.

Let the Penetration Test Begin

Both methods have advantages. If you can afford RAM and CPU, an Android virtual environment may be the best option for you. If the hardware resources are limited and you have an additional Android device to paste, Option 2 may also be the preferred method. In both cases, you are encouraged to try both methods and find out what suits you best.

If you have questions, feel free to leave a comment.

Cover image of Pixabay / Pexels (original); Screenshots of Distortion / Null Byte

Source link