Friday, September 9, 2016

Liked Elliot's one-tap command execution? Here you go!


Did you like the way Elliot executed a PenTesting tool just by tapping a shortcut on his home screen? Well I'm going to show how to do this yourself. Now, there are a couple of ways this can be done, but the approach we're going to take here presumes you have a working installation of Kali Linux on your android. Without further delay, let's get to it!

The Requirements

  1. A working installation of Kali Linux on your Android smartphone (as shown here)
  2. ConnectBot ssh client for Android
  3. Tasker for Android (Yes, I know, it costs 3)

Preparation

  1. First we have to do away with the password requirement during ssh log-in
    1. To do that we will use ssh keys instead
    2. Open Linux Deploy (Make sure you have Kali's profile selected)
    3. Press "Start"
    4. Open ConnectBot
    5. Press your phone's menu button
    6. Select "Manage Pubkeys"
    7. You should see an empty screen (If you haven't already created another key, that is)
    8. Press your phone's menu button
    9. Select Generate
    10. Give a unique nickname to your key
    11. Select type and strength (I used RSA 4096bits)
    12. Leave the password blank
    13. Select "Load key in start"
    14. Now a key should appear in the previously empty screen
    15. Now we need to export the public key in order to provide it to the guest OS
    16. Long press on the key we just generated
    17. Select copy public key
    18. Now the public key is in the clipboard
    19. Go back and ssh into kali (with your password)
    20. Now in Kali run the following
      1. mkdir ~/.ssh
      2. nano ~/.ssh/authorized_keys
      3. Long press on the screen and paste the public key
      4. Send Ctrl+O 
        1. Tap once on the screen a small bar appears just above the keyboard
        2. On the far left there is a button that says ctrl, keep pressing that
        3. Press O from the on-screen keyboard
        4. You will be prompted for a file name just press enter
      5. Send Ctrl+X (the same way as Ctrl+O)
      6. sudo service ssh restart
      7. Press your phone's menu button
      8. Select Disconnect
  2. Second is the log-in automation and command execution
    1. On ConnectBot
    2. Type android@localhost in the field below and press Enter (this will create a new profile)
    3. You will be taken to the log-in prompt ignore it and go back to ConnectBot's main screen
    4. Long press on the profile that reads android@localhost
    5. Select Edit host
    6. In this example we will create a simple nmap execution
    7. So change the nickname to nmap (be careful to give each profile a unique nickname)
    8. Select Use pubkey authentication
    9. In the prompt select the key we created earlier
    10. Select Post-login automation (here you will write the commands the shortcut will execute)
    11. For our example 
      1. nmap 192.168.1.0/24
      2. Add a new line in the end (i.e. press Enter)
    12.  Press ok
    13. Now to test it go back to ConnectBot's main screen and tap on the profile named nmap
    14. If everything was done correctly it will log-in automatically and run an nmap scan on the 192.168.1.0/24 subnet
  3. And third is the home screen shortcut
    1. Open Tasker
    2. Go to the Tasks tab
    3. Press the + Sign
    4. Name your task (this name will show on the home screen) 
    5. In Task edit press the + sign 
    6. Select System
    7. Select send Intent
      1. Action : android.intent.action.VIEW
      2. Cat : Default
      3. Data : ssh://android@localhost/#nmap (in the position of nmap you put the ConnectBot profile you want to use each time)
      4. Target : Activity
    8. Go back to Task edit
    9. Press the play button (this will run the macro) 
    10. If everything was done correctly you will see ConnectBot opening logging into Kali and executing the nmap scan we set earlier
      1. If a prompt appears about what app to use select ConnectBot and press Always
    11. Go to your home screen
    12. Go to your add widget menu
    13. Select Task Shortcut
    14. Place the widget on the screen
    15. Tasker will open
    16. From Task Selection select nmap (or the task you want to add)
    17. Press the menu-like icon on the lower-right corner to select an icon
    18. Select the icon you prefer
    19. Press back
    20. You should now be able to see the icon you selected earlier on the screen
    21. Tap it
    22. If everything went well it will open ConnectBot log into Kali and execute the nmap command we set up earlier.

Limitations/Considerations


Unfortunately this method doesn't come without its flaws. For starters, Kali Linux has to be manually started through Linux Deploy (although it should be possible to make a one-tap task to automate that too so if anyone reading this has done it please leave a comment bellow). Secondly, if you close Tasker (not exit the interface, Close by selecting disable) tapping the shortcuts will do nothing so you will have to have Tasker running.

Hope you found this guide helpful and easy to follow, if you have any suggestions/additions/corrections feel free to leave a comment bellow.

Monday, September 5, 2016

Installing Kali Linux on an Android smarthphone

The problem

In the time of writing a lot of the HOW-TOs available online, including Offensive Security's own guide, simply do not work. This post aims to guide anyone trying to install Kali Linux on his android smartphone.

The Requirements

  • A ROOTED android smartphone (Tested on Android 4.4.4, MTK6752)
  • A 16 GB class 10 SD card (It should work with internal storage somehow but haven't tested)
  • Linux Deploy
  • BusyBox
  • Link2SD
  • (Optional) An ssh app (I used ConnectBot)
  • (Optional) A VNC viewer app (I used VNC Viewer

Preparation

  1. Partition the SD and format each partition (THIS WILL DELETE YOUR DATA). You'll need:
    • 1st Partition 512 MB formatted in FAT32
    • 2nd Partition the rest of the SD formatted in EXT2
  2.  Install the APPs listed above
  3. Open Link2SD
  4. You should be greeted by this screen

    1. Select ext4 and press ok
    2. When prompted reboot your device
  5. Open BusyBox
    1. Press INSALL 

Installation

Update 2/2/17

  'sana' suit has now been removed from Kali's repositories and kali-rolling is installing correctly.
    1. Open Linux Deploy (From here on ensure constant Wifi connection and power)
      1. Press your phone's menu buton
      2. Press status
      3. Under Available mount point there should be something like /data/sdext2, make note of that.
      4. Press the button on the right (looks like a download icon)
      5. In Distribution select Kali Linux
      6. In Distribution Suite select kali-rolling
      7. In Architecture select armhf
      8. In Installation type select Directory
      9. In Installation Path type in the path you took note of before
      10. (Optional)  Change Username & Password
      11. Set DNS server to 8.8.8.8 (Google's Public DNS server) since the default tends to fail
      12. Finally, set Localization to en_US.UTF-8

      13. Make sure in Select Components that Kali Components IS NOT SELECTED
      14. Press Install
      15. This might take a while ...
      16. When you see "<<<install" on Linux Deploy's logs the installation has finished
      17. (If there was no error your system is now ready to boot).
      18. Press Start 
      19. Press Ok
      20. You should see something like this

      21. If you see a lot of skips then something went wrong during the installation
    2. Now from ConnectBot (or a machine in your local network) ssh to yourusername@theipontopofLinuxDeploy (in this case xxxx@192.168.1.2)
      1. sudo dpkg-reconfigure locales
      2. sudo locale-gen
      3. sudo nano /etc/apt/sources.list
      4. Delete all its contents and replace them with the following
      5. deb http://http.kali.org/kali/ kali-rolling main contrib non-free
        deb-src http://http.kali.org/kali/ kali-rolling main contrib non-free
        deb http://security.kali.org/kali-security kali-current/updates main contrib non-free
        deb-src http://security.kali.org/kali-security kali-current/updates main contrib non-free
      6. Send Ctrl+O (to save the file)
      7. Send Ctrl+X (to exit nano)
      8. sudo apt-get update
      9. sudo apt-get dist-upgrade
      10. (if prompted)
        sudo apt-get autoremove
      11. sudo apt-get install kali-linux-full
      12. PATIENCE, since this will download around 4GB of data
    3.  If everything went right you should now have a working setup of Kali Linux on your Android phone
    Hope this helps a few people skip a bit of the frustration. Have fun!

    Clarification: There is a reason behind selecting sana suite (initially) and then changing the deb sources to kali-rolling (and kali-current for security). When selecting Kali-Rolling as a suite the installation (step 15) was observed to repeatedly fail. On the other hand, sana suit being discontinued is lacking a few dependence (or has wrong versions) and will fail during upgrade sending you on a long trip of compiling dependencies from source and iterating.