Friday, September 9, 2016

Liked Elliot's one-tap command execution? Here you go!


Did you like the way Elliot executed a PenTesting tool just by tapping a shortcut on his home screen? Well I'm going to show how to do this yourself. Now, there are a couple of ways this can be done, but the approach we're going to take here presumes you have a working installation of Kali Linux on your android. Without further delay, let's get to it!

The Requirements

  1. A working installation of Kali Linux on your Android smartphone (as shown here)
  2. ConnectBot ssh client for Android
  3. Tasker for Android (Yes, I know, it costs 3)

Preparation

  1. First we have to do away with the password requirement during ssh log-in
    1. To do that we will use ssh keys instead
    2. Open Linux Deploy (Make sure you have Kali's profile selected)
    3. Press "Start"
    4. Open ConnectBot
    5. Press your phone's menu button
    6. Select "Manage Pubkeys"
    7. You should see an empty screen (If you haven't already created another key, that is)
    8. Press your phone's menu button
    9. Select Generate
    10. Give a unique nickname to your key
    11. Select type and strength (I used RSA 4096bits)
    12. Leave the password blank
    13. Select "Load key in start"
    14. Now a key should appear in the previously empty screen
    15. Now we need to export the public key in order to provide it to the guest OS
    16. Long press on the key we just generated
    17. Select copy public key
    18. Now the public key is in the clipboard
    19. Go back and ssh into kali (with your password)
    20. Now in Kali run the following
      1. mkdir ~/.ssh
      2. nano ~/.ssh/authorized_keys
      3. Long press on the screen and paste the public key
      4. Send Ctrl+O 
        1. Tap once on the screen a small bar appears just above the keyboard
        2. On the far left there is a button that says ctrl, keep pressing that
        3. Press O from the on-screen keyboard
        4. You will be prompted for a file name just press enter
      5. Send Ctrl+X (the same way as Ctrl+O)
      6. sudo service ssh restart
      7. Press your phone's menu button
      8. Select Disconnect
  2. Second is the log-in automation and command execution
    1. On ConnectBot
    2. Type android@localhost in the field below and press Enter (this will create a new profile)
    3. You will be taken to the log-in prompt ignore it and go back to ConnectBot's main screen
    4. Long press on the profile that reads android@localhost
    5. Select Edit host
    6. In this example we will create a simple nmap execution
    7. So change the nickname to nmap (be careful to give each profile a unique nickname)
    8. Select Use pubkey authentication
    9. In the prompt select the key we created earlier
    10. Select Post-login automation (here you will write the commands the shortcut will execute)
    11. For our example 
      1. nmap 192.168.1.0/24
      2. Add a new line in the end (i.e. press Enter)
    12.  Press ok
    13. Now to test it go back to ConnectBot's main screen and tap on the profile named nmap
    14. If everything was done correctly it will log-in automatically and run an nmap scan on the 192.168.1.0/24 subnet
  3. And third is the home screen shortcut
    1. Open Tasker
    2. Go to the Tasks tab
    3. Press the + Sign
    4. Name your task (this name will show on the home screen) 
    5. In Task edit press the + sign 
    6. Select System
    7. Select send Intent
      1. Action : android.intent.action.VIEW
      2. Cat : Default
      3. Data : ssh://android@localhost/#nmap (in the position of nmap you put the ConnectBot profile you want to use each time)
      4. Target : Activity
    8. Go back to Task edit
    9. Press the play button (this will run the macro) 
    10. If everything was done correctly you will see ConnectBot opening logging into Kali and executing the nmap scan we set earlier
      1. If a prompt appears about what app to use select ConnectBot and press Always
    11. Go to your home screen
    12. Go to your add widget menu
    13. Select Task Shortcut
    14. Place the widget on the screen
    15. Tasker will open
    16. From Task Selection select nmap (or the task you want to add)
    17. Press the menu-like icon on the lower-right corner to select an icon
    18. Select the icon you prefer
    19. Press back
    20. You should now be able to see the icon you selected earlier on the screen
    21. Tap it
    22. If everything went well it will open ConnectBot log into Kali and execute the nmap command we set up earlier.

Limitations/Considerations


Unfortunately this method doesn't come without its flaws. For starters, Kali Linux has to be manually started through Linux Deploy (although it should be possible to make a one-tap task to automate that too so if anyone reading this has done it please leave a comment bellow). Secondly, if you close Tasker (not exit the interface, Close by selecting disable) tapping the shortcuts will do nothing so you will have to have Tasker running.

Hope you found this guide helpful and easy to follow, if you have any suggestions/additions/corrections feel free to leave a comment bellow.

No comments:

Post a Comment