SlideShare ist ein Scribd-Unternehmen logo

Kali net hunter

Als PPTX, PDF herunterladen
Prashanth Sivarajan
Prashanth Sivarajan

Airport Hacks using Net Hunter presentation. Presented on 16October in null/OWASP/G4H meet in Bangalore. @nullblr @prashsiv

Bildung
1 von 19
Airport Hacks using Kali NetHunter
About me  Lead Consultant at Infosys  Information Security Enthusiast  OSCP and CISSP certified.  Prash.siv@gmail.com  Twitter: @prashsiv
What is it?  Android ROM overlay  Custom kernel  A Kali Linux chroot  Accompanying Android application  Features  802.11 Wireless Injection  USB HID Keyboard attacks  Supports BadUSB MITM attacks.  full Kali Linux toolset  USB Y-cable support  Software Defined Radio support
Current OOB Support Nexus 4 Nexus 5 Nexus 5x Nexus 6 Nexus 6P Nexus 7 Nexus 9 Nexus 10 OnePlus One OnePlus Two OnePlus X LG G5 Galaxy Note 3 Galaxy S5 TouchWiz SHIELD tablet SHIELD tablet K1 CM 13.0
Installation Unlock Boot loader Root Install custom recovery
Installation  Wugfresh Nexus Root toolkit https://github.com/offensive-security/kali- nethunter/wiki/Windows-install
On-the-go Arsenal Kali Chroot MITM Framework cSploit MAC Changer NMap Scan Wi-Fi Attacks VNC Manager Metasploit Payload Generator Shodan HID Attacks Searchsploit MANA Wireless Toolkit DuckHunter HID NetHunter Terminal Application DriveDroid BadUSB MITM Attack
On-the-go Arsenal Kali Chroot MITM Framework cSploit MAC Changer NMap Scan Wi-Fi Attacks VNC Manager Metasploit Payload Generator Shodan HID Attacks Searchsploit MANA Wireless Toolkit DuckHunter HID NetHunter Terminal Application DriveDroid BadUSB MITM Attack
HID attacks  Powersploit  Windows CMD  DuckHunter HID
Power sploit  Point to the Powershell Script  HID types the powershell code in notepad, saves and executes as high priv user.  Ref:  https://github.com/PowerShellMafia/PowerSploit  https://github.com/adaptivethreat/Empire/tree/master/data/m odule_source WindowsCMD  Opens command prompt and executes commands. (That simple) Demo: https://youtu.be/jWXL1mv--I8
Duck Hunter  Translates Ducky scripts to HID script  Generate Ducky Script  https://ducktoolkit.com Advantage:  Faster than HID powersploit attack.  Community contribution Disadvantage:  Few unsupported Duckyscript commands.  No Debugger https://github.com/byt3bl33d3r/duckhunter https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript Demo: https://youtu.be/QunZ0bpBI14
What does this Ducky script do? ALT SPACE DELAY 1000 ESC DELAY 5000 ALT SPACE DELAY 1000 ESC DELAY 5000 ALT SPACE DELAY 1000 ESC DELAY 5000 ……….
An Alternative?
Wifite  Automated Aircrack-ng  Point and shoot Demo: https://youtu.be/cDJHAm56oOI
Mana Evil Access Point  Authors:  Dominic White & Ian de Villiers  https://github.com/sensepost/mana  Listens and spoofs preferred network list beacons Demo: https://youtu.be/fJ5wm-e523E
MITM Framework  Man in the middle framework  Author: @byt3bl33d3r  https://github.com/byt3bl33d3r/MITMf  keylogging, cookie capture, ARP poisoning, injection, spoofing, and much, much more.  Demo speaks it all. Demo: https://youtu.be/CEuTSMDxmX0
Csploit  http://www.csploit.org/  Author: @tux_mind  The most complete and advanced IT security professional toolkit on Android (That’s what they say)  Fingerprint, exploit, MITM, and all that.  Younger brother of Armitage Demo: https://youtu.be/QqszROMmCcA
BadUSB MITM  This didn’t work for me. So no demo….just talk 
Questions?  @prashsiv  prash.siv@gmail.com

Empfohlen

Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit frameworkPrashanth Sivarajan
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionBart Leppens
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCanSecWest
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?Aditya K Sood
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basicsAnant Shrivastava
 

Empfohlen

Browser exploit framework
Browser exploit frameworkBrowser exploit framework
Browser exploit frameworkPrashanth Sivarajan
 
Kali tools list with short description
Kali tools list with short descriptionKali tools list with short description
Kali tools list with short descriptionJose Moruno Cadima
 
Owasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionOwasp AppSecEU 2015 - BeEF Session
Owasp AppSecEU 2015 - BeEF SessionBart Leppens
 
Csw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCsw2016 wang docker_escapetechnology
Csw2016 wang docker_escapetechnologyCanSecWest
 
Introduction to iOS Penetration Testing
Introduction to iOS Penetration TestingIntroduction to iOS Penetration Testing
Introduction to iOS Penetration TestingOWASP
 
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?
HackInTheBox - AMS 2011 , Spying on SpyEye - What Lies Beneath ?Aditya K Sood
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Slides null puliya linux basics
Slides null puliya linux basicsSlides null puliya linux basics
Slides null puliya linux basicsAnant Shrivastava
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCanSecWest
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMwareRonan Dunne, CEH, SSCP
 
Kali linux os
Kali linux osKali linux os
Kali linux osSamantha Lawrence
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
The Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaThe Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaEC-Council
 
Javantura - Securing the JVM
Javantura - Securing the JVMJavantura - Securing the JVM
Javantura - Securing the JVMNicolas Fränkel
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege EscalationSunny Neo
 
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...Codemotion
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
1000 to 0
1000 to 01000 to 0
1000 to 0Sunny Neo
 
Kali linux tutorial
Kali linux tutorialKali linux tutorial
Kali linux tutorialHarikaReddy115
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attackssecurityxploded
 
Malware analysis
Malware analysisMalware analysis
Malware analysisxabean
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentestingn|u - The Open Security Community
 
The Little Black Book of Scams
The Little Black Book of ScamsThe Little Black Book of Scams
The Little Black Book of Scams- Mark - Fullbright
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...FREDDY KEKANA
 

Weitere ähnliche Inhalte

Was ist angesagt?

Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCanSecWest
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCanSecWest
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverGregory Hanis
 
The Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaThe Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaEC-Council
 
Javantura - Securing the JVM
Javantura - Securing the JVMJavantura - Securing the JVM
Javantura - Securing the JVMNicolas Fränkel
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Riyaz Walikar
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014Anant Shrivastava
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege EscalationSunny Neo
 
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...Codemotion
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
Malware analysis
Malware analysisMalware analysis
Malware analysisxabean
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)Sam Bowne
 

Was ist angesagt? (20)

Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the Kingdom
 
Tools kali
Tools kaliTools kali
Tools kali
 
CSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on androidCSW2017 Geshev+Miller logic bug hunting in chrome on android
CSW2017 Geshev+Miller logic bug hunting in chrome on android
 
CSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application securityCSW2017 chuanda ding_state of windows application security
CSW2017 chuanda ding_state of windows application security
 
Kali Linux Installation - VMware
Kali Linux Installation - VMwareKali Linux Installation - VMware
Kali Linux Installation - VMware
 
Kali linux os
Kali linux osKali linux os
Kali linux os
 
Telehack: May the Command Line Live Forever
Telehack: May the Command Line Live ForeverTelehack: May the Command Line Live Forever
Telehack: May the Command Line Live Forever
 
The Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George DobreaThe Dark Side of PowerShell by George Dobrea
The Dark Side of PowerShell by George Dobrea
 
Javantura - Securing the JVM
Javantura - Securing the JVMJavantura - Securing the JVM
Javantura - Securing the JVM
 
Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638Apache Struts2 CVE-2017-5638
Apache Struts2 CVE-2017-5638
 
When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014When the internet bleeded : RootConf 2014
When the internet bleeded : RootConf 2014
 
Hot potato Privilege Escalation
Hot potato Privilege EscalationHot potato Privilege Escalation
Hot potato Privilege Escalation
 
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...
Roberto Clapis/Stefano Zanero - Night of the living vulnerabilities: forever-...
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
1000 to 0
1000 to 01000 to 0
1000 to 0
 
Kali linux tutorial
Kali linux tutorialKali linux tutorial
Kali linux tutorial
 
Buffer Overflow Attacks
Buffer Overflow AttacksBuffer Overflow Attacks
Buffer Overflow Attacks
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
CNIT 128 8. Identifying and Exploiting Android Implementation Issues (Part 1)
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 

Andere mochten auch

Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...FREDDY KEKANA
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social EngineeringNutan Kumar Panda
 
Micromaster 420
Micromaster 420Micromaster 420
Micromaster 420Jose Batiz
 
連貓也會輕鬆安裝Burp suite
連貓也會輕鬆安裝Burp suite連貓也會輕鬆安裝Burp suite
連貓也會輕鬆安裝Burp suiteCatcatcatcat Hong
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever AloneOlga Kochetova
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sOlga Kochetova
 
Hyosung 1800 ce-atm-machine-owners-manual
Hyosung 1800 ce-atm-machine-owners-manualHyosung 1800 ce-atm-machine-owners-manual
Hyosung 1800 ce-atm-machine-owners-manualpdfshearing
 
Triton rl1600-atm-owners-manual
Triton rl1600-atm-owners-manualTriton rl1600-atm-owners-manual
Triton rl1600-atm-owners-manualpdfshearing
 
How attackers hack atm & withdraw cash from an atm using a phone - Infographic
How attackers hack atm & withdraw cash from an atm using a phone - InfographicHow attackers hack atm & withdraw cash from an atm using a phone - Infographic
How attackers hack atm & withdraw cash from an atm using a phone - InfographicCheapest SSLs
 
Hack your ATM with friend's Raspberry.Py (Black Hat EU-2014)
Hack your ATM with friend's Raspberry.Py (Black Hat EU-2014)Hack your ATM with friend's Raspberry.Py (Black Hat EU-2014)
Hack your ATM with friend's Raspberry.Py (Black Hat EU-2014)Olga Kochetova
 
被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in TaiwanShaolin Hsu
 
Application in Bangla
Application in BanglaApplication in Bangla
Application in BanglaWINNERbd.it
 

Andere mochten auch (20)

The Little Black Book of Scams
The Little Black Book of ScamsThe Little Black Book of Scams
The Little Black Book of Scams
 
Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...Atm hacking and cracking to steal money with atm backdoor default master pass...
Atm hacking and cracking to steal money with atm backdoor default master pass...
 
Dark Arts Of Social Engineering
Dark Arts Of Social EngineeringDark Arts Of Social Engineering
Dark Arts Of Social Engineering
 
Introduction to Tor
Introduction to TorIntroduction to Tor
Introduction to Tor
 
Micromaster 420
Micromaster 420Micromaster 420
Micromaster 420
 
連貓也會輕鬆安裝Burp suite
連貓也會輕鬆安裝Burp suite連貓也會輕鬆安裝Burp suite
連貓也會輕鬆安裝Burp suite
 
Leave ATM Forever Alone
Leave ATM Forever AloneLeave ATM Forever Alone
Leave ATM Forever Alone
 
Backtrack Manual Part10
Backtrack Manual Part10Backtrack Manual Part10
Backtrack Manual Part10
 
Programming Language (chapter 5 for class 11 and 12)
Programming Language (chapter 5 for class 11 and 12)Programming Language (chapter 5 for class 11 and 12)
Programming Language (chapter 5 for class 11 and 12)
 
Revisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’sRevisiting atm vulnerabilities for our fun and vendor’s
Revisiting atm vulnerabilities for our fun and vendor’s
 
Hyosung 1800 ce-atm-machine-owners-manual
Hyosung 1800 ce-atm-machine-owners-manualHyosung 1800 ce-atm-machine-owners-manual
Hyosung 1800 ce-atm-machine-owners-manual
 
Triton rl1600-atm-owners-manual
Triton rl1600-atm-owners-manualTriton rl1600-atm-owners-manual
Triton rl1600-atm-owners-manual
 
How attackers hack atm & withdraw cash from an atm using a phone - Infographic
How attackers hack atm & withdraw cash from an atm using a phone - InfographicHow attackers hack atm & withdraw cash from an atm using a phone - Infographic
How attackers hack atm & withdraw cash from an atm using a phone - Infographic
 
Hack your ATM with friend's Raspberry.Py (Black Hat EU-2014)
Hack your ATM with friend's Raspberry.Py (Black Hat EU-2014)Hack your ATM with friend's Raspberry.Py (Black Hat EU-2014)
Hack your ATM with friend's Raspberry.Py (Black Hat EU-2014)
 
Kali linux
Kali linuxKali linux
Kali linux
 
被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan被遺忘的資訊洩漏 / Information Leakage in Taiwan
被遺忘的資訊洩漏 / Information Leakage in Taiwan
 
kali linux.pptx
kali linux.pptxkali linux.pptx
kali linux.pptx
 
Html bangla ebook
Html bangla ebookHtml bangla ebook
Html bangla ebook
 
Html tags describe in bangla
Html tags describe in banglaHtml tags describe in bangla
Html tags describe in bangla
 
Application in Bangla
Application in BanglaApplication in Bangla
Application in Bangla
 

Ähnlich wie Kali net hunter

Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidVlatko Kosturjak
 
CEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxCEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxYasserOuda2
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminarhenelpj
 
TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepThe Incredible Automation Day
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionageMuts Byte
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...Felipe Prado
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdfGabriel Mathenge
 
Android Developer Meetup
Android Developer MeetupAndroid Developer Meetup
Android Developer MeetupMedialets
 
Lifnaaaaaa e
Lifnaaaaaa eLifnaaaaaa e
Lifnaaaaaa ehenelpj
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless worldYan Cui
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
Android developer tools
Android developer toolsAndroid developer tools
Android developer toolsinovex GmbH
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel securitysmart_bit
 
Serverless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark ArtsServerless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark ArtsYan Cui
 

Ähnlich wie Kali net hunter (20)

Porting your favourite cmdline tool to Android
Porting your favourite cmdline tool to AndroidPorting your favourite cmdline tool to Android
Porting your favourite cmdline tool to Android
 
Understand study
Understand studyUnderstand study
Understand study
 
CEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptxCEHv10 M0 Introduction.pptx
CEHv10 M0 Introduction.pptx
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Advances in Open Source Password Cracking
Advances in Open Source Password CrackingAdvances in Open Source Password Cracking
Advances in Open Source Password Cracking
 
Metasploit seminar
Metasploit seminarMetasploit seminar
Metasploit seminar
 
TIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by stepTIAD - DYI: A simple orchestrator built step by step
TIAD - DYI: A simple orchestrator built step by step
 
Embedded government espionage
Embedded government espionageEmbedded government espionage
Embedded government espionage
 
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
DEF CON 27 - DANIEL ROMERO and MARIO RIVAS - why you should fear your mundane...
 
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdftheVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
theVIVI-AD-Security-Workshop_AfricaHackon2019.pdf
 
Android Developer Meetup
Android Developer MeetupAndroid Developer Meetup
Android Developer Meetup
 
Lifnaaaaaa e
Lifnaaaaaa eLifnaaaaaa e
Lifnaaaaaa e
 
Security in Serverless world
Security in Serverless worldSecurity in Serverless world
Security in Serverless world
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8
 
Android developer tools
Android developer toolsAndroid developer tools
Android developer tools
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
 
Docker en kernel security
Docker en kernel securityDocker en kernel security
Docker en kernel security
 
Android Development Tools
Android Development ToolsAndroid Development Tools
Android Development Tools
 
Serverless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark ArtsServerless Security: Defence Against the Dark Arts
Serverless Security: Defence Against the Dark Arts
 

Kürzlich hochgeladen

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 

Kürzlich hochgeladen (20)

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 

Kali net hunter

  • 1. Airport Hacks using Kali NetHunter
  • 2. About me  Lead Consultant at Infosys  Information Security Enthusiast  OSCP and CISSP certified.  Prash.siv@gmail.com  Twitter: @prashsiv
  • 3. What is it?  Android ROM overlay  Custom kernel  A Kali Linux chroot  Accompanying Android application  Features  802.11 Wireless Injection  USB HID Keyboard attacks  Supports BadUSB MITM attacks.  full Kali Linux toolset  USB Y-cable support  Software Defined Radio support
  • 4. Current OOB Support Nexus 4 Nexus 5 Nexus 5x Nexus 6 Nexus 6P Nexus 7 Nexus 9 Nexus 10 OnePlus One OnePlus Two OnePlus X LG G5 Galaxy Note 3 Galaxy S5 TouchWiz SHIELD tablet SHIELD tablet K1 CM 13.0
  • 6. Installation  Wugfresh Nexus Root toolkit https://github.com/offensive-security/kali- nethunter/wiki/Windows-install
  • 7. On-the-go Arsenal Kali Chroot MITM Framework cSploit MAC Changer NMap Scan Wi-Fi Attacks VNC Manager Metasploit Payload Generator Shodan HID Attacks Searchsploit MANA Wireless Toolkit DuckHunter HID NetHunter Terminal Application DriveDroid BadUSB MITM Attack
  • 8. On-the-go Arsenal Kali Chroot MITM Framework cSploit MAC Changer NMap Scan Wi-Fi Attacks VNC Manager Metasploit Payload Generator Shodan HID Attacks Searchsploit MANA Wireless Toolkit DuckHunter HID NetHunter Terminal Application DriveDroid BadUSB MITM Attack
  • 9. HID attacks  Powersploit  Windows CMD  DuckHunter HID
  • 10. Power sploit  Point to the Powershell Script  HID types the powershell code in notepad, saves and executes as high priv user.  Ref:  https://github.com/PowerShellMafia/PowerSploit  https://github.com/adaptivethreat/Empire/tree/master/data/m odule_source WindowsCMD  Opens command prompt and executes commands. (That simple) Demo: https://youtu.be/jWXL1mv--I8
  • 11. Duck Hunter  Translates Ducky scripts to HID script  Generate Ducky Script  https://ducktoolkit.com Advantage:  Faster than HID powersploit attack.  Community contribution Disadvantage:  Few unsupported Duckyscript commands.  No Debugger https://github.com/byt3bl33d3r/duckhunter https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Duckyscript Demo: https://youtu.be/QunZ0bpBI14
  • 12. What does this Ducky script do? ALT SPACE DELAY 1000 ESC DELAY 5000 ALT SPACE DELAY 1000 ESC DELAY 5000 ALT SPACE DELAY 1000 ESC DELAY 5000 ……….
  • 14. Wifite  Automated Aircrack-ng  Point and shoot Demo: https://youtu.be/cDJHAm56oOI
  • 15. Mana Evil Access Point  Authors:  Dominic White & Ian de Villiers  https://github.com/sensepost/mana  Listens and spoofs preferred network list beacons Demo: https://youtu.be/fJ5wm-e523E
  • 16. MITM Framework  Man in the middle framework  Author: @byt3bl33d3r  https://github.com/byt3bl33d3r/MITMf  keylogging, cookie capture, ARP poisoning, injection, spoofing, and much, much more.  Demo speaks it all. Demo: https://youtu.be/CEuTSMDxmX0
  • 17. Csploit  http://www.csploit.org/  Author: @tux_mind  The most complete and advanced IT security professional toolkit on Android (That’s what they say)  Fingerprint, exploit, MITM, and all that.  Younger brother of Armitage Demo: https://youtu.be/QqszROMmCcA
  • 18. BadUSB MITM  This didn’t work for me. So no demo….just talk 