Hancs-On Penetration Testing with Kali NetHunter Spy on and protect vulnerable ecosystems using the power of Kali Linux for pentesting on the go º Pockto www.packticom Clen D. Singh and Sean-Philip Oriyano Hands-On Penetration Testing with Kali NetHunter Spy on and protect vulnerable ecosystems using the power of Kali Linux for pentesting on the go Glen D. Singh Sean-Philip Oriyano BIRMINGHAM - MUMBAI Hands-On Penetration Testing with Kali NetHunter Copyright © 2019 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author(s), nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Commissioning Editor: Vijin Boricha Acquisition Editor: Rahul Nair Content Development Editor: Aishwarya Moray Technical Editor: Mohit Hassija Copy Editor: Safis Editing Project Coordinator: Drashti Panchal Proofreader: Safis Editing Indexer: Pratik Shirodkar Graphics: Tom Scaria Production Coordinator: Saili Kale First published: February 2019 Production reference: 1280219 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78899-517-7 www.packtpub.com mapt.io Mapt is an online digital library that gives you full access to over 5,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website. Why subscribe? Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals Improve your learning with Skill Plans built especially for you Get a free eBook or video every month Mapt is fully searchable Copy and paste, print, and bookmark content Packt.com Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks. Contributors About the authors Glen D. Singh is a cyber security instructor, consultant, entrepreneur, and public speaker. He has been conducting multiple training exercises in offensive security, digital forensics, network security, enterprise networking, and IT service management on an annual basis. He also holds various information security certifications, including the EC-Council's Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), Cisco's CCNA Security, and CCNA Cyber Ops, as well as many others, in the field of network security. Glen has been recognized for his passion and expertise by both public and private sector organizations at home, in Trinidad and Tobago, and abroad. I would like to thank my parents for their unconditional support and the motivation they've always given me to become a better person each day. Thanks to my family, friends, and students for their continued support, the people at Packt Publishing for providing me with this amazing opportunity, and everyone who reads and supports this amazing book. Sean-Philip Oriyano is a long-time security professional. Over the past 25 years, he has divided his time between performing security research, consulting, and delivering training in the fields of both general IT and cyber security. He is also a best-selling author with many years' experience in both digital and print media. Sean has published several books over the past decade and has expanded his reach further by appearing on TV and radio shows. Additionally, Sean is a chief warrant officer (CWO) and unit commander specializing in cyber security training, development, and strategy. As a CWO, he is recognized as an SME in his field and is frequently called upon to provide expertise, training, and mentoring wherever needed. About the reviewers Shiva V. N Parasram is the director, lead pentester, and forensic investigator at the Computer Forensics and Security Institute (CFSI). As the only Certified EC-Council Instructor (CEI) in the Caribbean, he has also trained hundreds of individuals in CEH, CHFI, ECSA, CCISO, and other courses. He has recently been selected as the sole trainer for advanced cyber security courses at Fujitsu Trinidad, and is also the author of Digital Forensics with Kali Linux and Kali Linux 2018: Assuring Security by Penetration Testing, Fourth Edition published by Packt. He attributes all his successes to his guru, his parents, Harry and Indra, his fiancee, Savi (Pinky Mittens), and pets (the Bindi). Kevin Phongagsorn is an experienced penetration tester currently working for a technology consulting firm. He carries out penetration testing for local, state, and federal agencies, as well as large commercial clients. Kevin began his career in software development, working at one of the largest telecommunications companies in Asia. He holds several certifications, including the Offensive Security Certified Expert (OSCE), Offensive Security Certified Professional (OSCP), and Certified Information Systems Security Professional (CISSP). Kevin is interested in penetration testing, exploit development, and security research. Packt is searching for authors like you If you're interested in becoming an author for Packt, please visit authors.packtpub.com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea. Table of Contents Preface 1 Section 1: Exploring Kali NetHunter Chapter 1: Introduction to Kali NetHunter 6 What is Kali NetHunter? 6 Tools within Kali NetHunter 8 MAC Changer 8 The MITM framework 9 HID attacks 11 DuckHunter HID 11 BadUSB MITM attacks 12 The MANA Wireless Toolkit 12 Software defined radio 13 Network Mapper 13 The Metasploit Payload Generator 14 Searchsploit 16 The Android platform and security model 17 The Android architecture 17 The Application layer 17 The Application Framework Layer 18 Android Libraries 18 Android Runtime 19 Kernel 19 The Android security model 19 Android Device Manager 19 SafetyNet 21 Verify applications 21 Application services 21 Android updates 21 The Google Play Store 22 Google Play Protect 22 Installing NetHunter 23 Building Kali NetHunter for a specific device (optional) 28 Additional optional hardware 31 Summary 32 Chapter 2: Understanding the Phases of the Pentesting Process 33 The need for penetration testing 34 Types of hackers 34 White hat 35 Grey hat 35 Table of Contents Black hat 35 Script kiddie 35 Suicide hacker 35 Hacktivist 35 State-sponsored hacker 36 PenetrationBlue teaming testing vs red teaming vs purple team 36 37 Blue team 37 Red team 37 Purple team 38 TypesPhases The of pre-attack of penetration penetration phase tests testing 38 39 39 The attack phase 40 Penetration The post-attack testing phase methodologies and frameworks 41 41 OWASP testing framework 42 PCI penetration testing guide 43 Phases ReconnaissancePenetrationOpen of Source penetration Testing Security Execution testingTesting MethodologyStandard Manual 44 44 45 45 Scanning 46 Gaining access 46 Maintaining access 46 DeliverablesSummary Clearing tracks 47 47 48 Section 2: Common Pentesting Tasks and Tools Chapter TechnicalObjectives 3: Intelligence-Gathering requirements of intelligence gathering Tools 50 50 50 Information for the taking 51 Types of information available 52 Network information 52 Organizational data 53 Tools for gathering useful information 54 Using Shodan 55 Working with filters 57 Using Metagoofil 58 Exercise using Metagoofil to collect information 59 Using Nikto 61 Exercise – working with Nikto 62 What is robots.txt? 63 Using Parsero 65 [ii ] Table of Contents Exercise – working with Parsero 66 Using wget 67 Exercise – working with wget 67 Using HTTrack 68 Exercise – using HTTrack 68 Google Hacking 70 Exercise – what's the Right Search Engine 70 LocationSocial networking 72 72 Using Echosec 72 WorkingGoing Exercise for with technical – working Recon-Ng datawith Echosec 74 74 75 Using WHOIS 75 Exercise – getting the most from WHOIS 75 nslookup 76 Reverse DNS Lookups 78 Looking up an NS record 79 Querying an MX record 79 Querying an SOA record 80 Querying another DNS 80 Using dnsenum 81 Exercise – working with dnsenum 81 Using DNSMAP 82 Using traceroute 83 SummaryFurther reading 84 84 Chapter Technical 4: Scanning requirements and Enumeration Tools 85 85 Scanning 86 Conducting a scan 86 Determining Troubleshooting whether scanning a host results is up or down 87 87 Using Exercise