Security has always been a concern. The only truly secure system is the one that is stored in a lead-lined, locked bunker 100 feet underground. And turned off. Otherwise, you will be open to the potential of abuse. And with the ubiquity of wireless networks, these prove to be a very tempting and rather large target for the bad guys. If you maintain a wireless network, then you need to be sure that it won’t be abused. One of the better ways to secure your systems is to try to break them through penetration testing.
The usual way in which this is done is by using either a desktop machine or laptop connected to the network. This means that you are tied down to a desk. But sometimes, being able to rove around is helpful. To this end, having an Android tablet or smartphone handy will let you test any wireless network that you have access to. If your Android device is rooted, you can install an app called dSploit. This app will give you all of the tools you will need to do a thorough test of your system defences.
A list of tools applicable to the currently selected target A list of tools applicable to the currently selected target
★An Android smartphone
Download dSploit here (skip 3 ads)
Step by Step
The first step is to get a copy of dSploit onto your Android device. You should be able to download a copy directly from whatever browser you use on your device. If you have a USB port on your device, you can download it on your desktop and transfer it with a USB drive.
You will need to do things in terms of permissions on your device. The first requirement is that it needs to be rooted. This gives dSploit root access to your wireless interface so that you can put it in promiscuous mode. The second is that you need to allow sideloading of apps, since dSploit is not on the Play Store.
Copying and installation
Once you have the APK copied, or downloaded, you will need to install it. The easiest way is to use a file manager of some kind, navigate to where the file exists, and select it. The file manager should start up the installer.
When you start up dSploit, it will immediately start listening on the wireless network you’re connected to. Depending on the hardware available, this may affect the responsiveness of your device. You can tap on the menu and then on “Stop Network Monitor”.
You can tap on the Wi-Fi signal icon to see which networks are visible. You can click on a network to connect. If it is a ‘secured’ network that is vulnerable to one of the cracking techniques available, it will be flagged as green, identifying it as such. Clicking on that network offers you the options of either connecting or cracking.
One thing you may want to check on is how packets are being routed within your own network. Clicking on a target machine will bring up a menu of applicable tools. You can click on the Trace tool to follow how packets move around within the network.
The first step when a ‘bad guy’ tries to compromise your system is to knock on your virtual door with a port scan. In dSploit, you can do this by tapping on the Port Scanner tool after selecting a host to test.
More port scanning
Once you get the list of open ports, you can click on them to try to connect. If it is a port used for web traffic, it will try to open it in a browser. Otherwise, it will try to open a connection using Telnet.
The Inspector module does some further probing to get an idea what operating system is running on the host, along with what kind of services are running on the open ports. This may take several minutes to complete, so be patient. In this example, we can see that the author’s TV box is running Linux.
Now that you know what the OS is, and which ports are open to connections, you need to check to see what problems may be affecting this particular system. Again, these checks can take several minutes, so be patient. The total list is ordered according to severity.
The original list provides a short description of the vulnerability, but often this is not enough. Clicking on the vulnerability of interest will open the associated webpage from the National Vulnerability Database, hosted by the NIST (nvd.nist.gov). Here you can get more information on just how serious it may really be.
DSploit includes a Login Cracker. You can select which service to try, along with what username to try. You can then select the minimum and maximum sizes for passwords to try. You can even give dSploit your own username and password files.
Android pentestLogin Cracking
What to do with a login
Once you have a service, a username and a password, you can go ahead and make a connection. The easiest way is to use Telnet, since it lets you interact with a service by directly transferring ASCII characters back and forth.
Pwning your router
For many routers, there are tools that allow you to essentially hijack it, or ‘pwn’ it. DSploit has a link to an online tool that will help you pwn most of the commercial routers that are outthere.
Man in the middle
There is an entire family of attacks called man-in-the-middle attacks. This class of attacks involves sitting in between two machines who are communicating with each other. When one machine sends a packet to the second machine, you sit in the middle and capture it. You can then read it and, if you wish, alter it, before sending it on to the second machine. DSploit provides a whole screen of tools to do just this kind of work. Most of these involve doing some monitoring first in order to generate a list of conversations occurring.
The first bit of monitoring you will want to do is just some simple sniffing. This will pull up the actual conversations that are happening on your network right now. This way, you can see whether someone else is doing something nefarious.
Sniffing for Passwords
In simple sniffing, you are looking at all of the packets travelling across the network. One key bit of information you are interested in is if passwords are being transferred around the network in a sniffable format. DSploit provides a tool to specifically look for this.
Once you see what conversations are happening, you may want to place yourself as the man in the middle. To do so, you can click on the Session Hijacker tool and select which conversation you want to hijack.
In some cases, you may have very specific information you want to send to one machine, posing as another. In this case, you can use the Packet Forger tool to make handcrafted packets, not those store-bought packets.
If you just want to cause some trouble, you can use a Denial of Service (DoS) attack. DSploit allows you to do this with the Kill Connections tool. This tool essentially causes all packets to the target machine to be dropped.
A related tool is Redirect, which enables you to redirect connections. You can select a target machine and redirect all of the traffic associated with the target to another machine. You can then pose as the real request and serve up forged information to the target machine.
Instead of redirecting all of the traffic, you can simply redirect requests for images and videos. In these cases, you can replace the responses to these requests with your own image and video files. These are separated into two tools for each file type.
Where to now?
Remember, this tool is meant to test your own networks and see where the problems lie. Never do penetration testing on any network where you don’t have permission. And remember, always retest after you have hardened your machines and networks, just to be sure you haven’t accidentally opened new holes.
THE CONTENTS PROVIDED ABOVE IS FOR EDUCATIONAL PURPOSES ONLY.
If you know what i mean 😉
Happy Hacking Everyone