close

Вход

Забыли?

вход по аккаунту

?

How to Install dSploit in Your Android Device

код для вставки
dSploit Introduction How-To
dSploit is an Android network penetration suite or an all-in-one network analysis app. The
application allows a user to perform network security assessments and penetration tests by just
clicking on the available modules and options that are pre-compiled in the app.
How to Install dSploit in Your Android Device
The Android device must have at least the 2.3 ( Gingerbread ) OS, and then root it. If you
haven’t rooted your Android device yet, then the article entitled �The Always Up-To-Date Guide
to Rooting the Most Popular Android Phones� from Lifehacker.com. After rooting your device,
install the Busybox app on your phone. Make sure that you install all of its utilities or do a full
install!
Then download the apk file by scanning the “QR Code” to easily download the file onto your
Android device. In my case, I used the QR Droid app to scan the “QR Code” from the URL.
After scanning the code, it should prompt you to open a URL that automatically downloads the
apk file.
After the device has finished downloading the apk file, you should be able to open it and install
dSploit.
Take note that before you open up the dSploit app, make sure that you are currently connected to
a network through a wireless connection or WiFi so that you could already start your network
security assessments and your dSploit exploration. I know you are very excited, so let’s move on
with the basics of dSploit and how to work with it based on what I did while scanning my
network, with no harm done to the network of course.
dSploit Description and Basics
Before we talk about digging into dSploit’s usage, let’s take a look at the available modules for
the said application as introduced and explained by evilsocket of Backbox Linux in the xdadevelopers forum site:
RouterPWN
= Launch the http://routerpwn.com/ service to pwn your router.
Trace
= Perform a traceroute on target.
Port Scanner
= A syn port scanner to find quickly open ports on a single target.
Inspector
= Performs target operating system and services deep detection, slower than syn port scanner
but more accurate.
Vulnerability Finder
= Search for known vulnerabilities for target running services upon National Vulnerability
Database.
Login Cracker
= A very fast network logon cracker which supports many different services.
Packet Forger
= Craft and send a custom TCP or UDP packet to the target.
MITM
= A set of man-in-the-middle tools to command & conquer the whole network. (See the images
below for the complete MITM tools with their description)
Once dSploit is opened or started, it automatically maps the network you are currently connected
to and fingerprints the active or alive hosts in your network, including your device, just like the
image below.
As you can see from the image above, the application recognizes your network subnet mask,
your network gateway or the router, your Android device (my Samsung Galaxy Pocket GTS5300) on 192.168.10.6, the active devices that are connected to the network, and the mac
addressees of the devices.
By selecting your network subnet mask or a certain device and host that is connected to the
network (e.g the IP address 192.168.10.7 which is my laptop), you can easily perform man-inthe-middle attacks such as network sniffing (http, ftp, imaps, irc, msn, telnet logins, mysql, ssh,
etc.), session hijacking, kill connections, redirect all the http traffics to a certain web address,
replace all images and YouTube videos on web pages with a specified one, inject a JavaScript in
every visited web page, and replace custom text on web pages with a specified one by using the
MITM module.
Here is a screenshot I took after selecting the IP address 192.168.10.7 as my target and selected
the MITM module specifically the Password Sniffer option while logging in to a website that I
was registered to and while establishing a telnet connection to a free OpenVMS cluster in
deathrow.vistech.net.
By default the sniffer logs are stored in the /sdcard/dsploit-password-sniff.log but you can also
change its log file name under the Password Sniffer File option of the dSploit Settings. Thus, you
keep the logs for future references.
Aside from the MITM module, if you have selected a certain device as your target (e.g
192.168.10.7 which is running Ubuntu Linux) you can also perform a syn port scan by using the
Port Scanner module, but I prefer using the Inspector module which does a deep scan on your
operating system and identifies the services that are up and running. It also recognizes the
operating system or kernel and is more accurate but slower than the syn port scan. There are still
a lot of improvements to be done for the scanning option of the Inspector module, but at least it
has detected that my LAMP (Linux Apache MySQL, PHP / Perl / Python) server is running.
Then you can use the Vulnerability Finder module to check for the known vulnerabilities that
the target is running as scanned by the Inspector module. It uses the National Vulnerability
Database as its reference. Take note that you cannot select the Vulnerability Finder module
without using the Inspector module first.
Selecting the Kill Connections option under the MITM module could really prevent a certain
target from reaching any website, which reminds me of a similar app called Wifi Kill, but the
target still remains connected to the network. This can be used for trolling other users if they are
watching pr0n (LOL).
By selecting your router or network gateway as your target you can use all the modules including
the exceptional RouterPWN module, which launches a web application that helps you in the
exploitation of known vulnerabilities for SOHO (Small Office / Home Office) routers like the
exploits; Huawei HG5XX Mac2wepkey Default Wireless Key Generator, EasyBox Standard
WPA2 Key Generator, Backdoor password in Accton-based switches (3com, Dell, SMC,
Foundry and EdgeCore), D-Link WBR-1310 Authentication Bypass set new password, D-Link
DIR-615, DIR-320, DIR-300 Authentication Bypass, D-Link DAP-1160 Authentication Bypass,
704P denial of service, DSL-G624T DSL-G604T directory traversal, DWL-7x00AP
configuration disclosure, G604T DSL Routers “firmwarecfg” Authentication Bypass, HG520c
HG530 Listadeparametros.html information disclosure, HG510 rebootinfo.cgi denial of service,
Arris Password of The Day Generator, OfficeConnect 3CRWE454G72 configuration disclosure,
and many more to mention.
For each of the exploits in the RouterPwn web application, you can change the destination IP by
clicking on the [IP] link next to the exploit. Although there are still exploits for Huawei that are
not included, which I hope to be included next time, like the Huawei bm622 Local file disclosure
under the 192.168.1.1/html/management/account.asp address and the default usernames and
passwords for some Huawei devices in telnet and for its web application.
The RouterPWN module is only available for use if the target is detected as your network
gateway or router just like the targets below.
Aside from scanning and probing your network, you can also add a custom or a foreign target by
selecting the �+’ sign. Then you can just type and enter the URL, hostname, or IP address just
like the image below.
In my case, I chose my favorite search engine website which is Google. Based on the target that I
have just chosen, I can use the modules: Trace, Port Scanner, Inspector, Vulnerability Finder,
Login Cracker, and the Packet Forger. And so here are some screenshots I took in the selection
of the modules Trace, Port Scanner, Inspector, and Vulnerability Finder.
What’s good about dSploit is that it checks for updates everytime the application is started and
prompts you to download the new version.
You can actually disable the update under the Settings page, wherein you can also the edit and
change the Module options like Sniffer Sample Time, HTTP Max Buffer Size, and the Password
Sniffer File, but I prefer updating it if there is a new version available.
Anti and DroidSheep Guard
In this section we will talk about two other network related apps which could be of interest to
you, so that we could really unleash your phone with network exploration tools.
There is an application similar to dSploit called Anti which is an Android Network Toolkit from
ZImperium LTD. Sad to say that the free version has only tools for OS Detection, Traceroute,
Port Connect, WIFI Monitor, and HTTP server, but the premium version has tools for man-inthe-middle attacks, remote exploitation, etc. In terms of application, dSploit wins because it is
free. Hurrah! But the good thing about Anti is that it determines vulnerabilities and the app can
run exploits from Metasploit and ExploitDB for final pawnage.
Because we are talking about MITM attacks like network sniffing, session hijacking, etc., most
of you may now be so worried about such attacks that you are already afraid to login to your
network. No need to worry again, because DroidSheep Guard will protect and alert you from
such attacks and is also an anti-Droidsheep app.
DroidSheep Guard is developed by the creator of DroidSheep, which is an Android app used for
session hijacking. FYI, the DroidSheep (not DroidSheep Guard) development has been stopped
because in Germany (where the author lived) has some very strict laws against hacking tools, and
the development and distribution of such tools is prohibited by the law in their country, but you
can still find it in other websites.
For more information about DroidSheep Guard, visit its official usage guide.
And so guys, I leave the rest to all of you in exploring these tools. Have fun as always, but don’t
abuse these tools….
http://resources.infosecinstitute.com/android-phone-pentesting/
Документ
Категория
Без категории
Просмотров
69
Размер файла
628 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа