Hands-On Penetration Testing with Kali NetHunter

Book Description

Convert Android to a powerful pentesting platform.

Key Features

  • Get up and running with Kali Linux NetHunter
  • Connect your Android device and gain full control over Windows, OSX, or Linux devices
  • Crack Wi-Fi passwords and gain access to devices connected over the same network collecting intellectual data

Book Description

Kali NetHunter is a version of the popular and powerful Kali Linux pentesting platform, designed to be installed on mobile devices. Hands-On Penetration Testing with Kali NetHunter will teach you the components of NetHunter and how to install the software. You'll also learn about the different tools included and how to optimize and use a package, obtain desired results, perform tests, and make your environment more secure.

Starting with an introduction to Kali NetHunter, you will delve into different phases of the pentesting process. This book will show you how to build your penetration testing environment and set up your lab. You will gain insight into gathering intellectual data, exploiting vulnerable areas, and gaining control over target systems. As you progress through the book, you will explore the NetHunter tools available for exploiting wired and wireless devices. You will work through new ways to deploy existing tools designed to reduce the chances of detection. In the concluding chapters, you will discover tips and best practices for integrating security hardening into your Android ecosystem.

By the end of this book, you will have learned to successfully use a mobile penetration testing device based on Kali NetHunter and Android to accomplish the same tasks you would traditionally, but in a smaller and more mobile form factor.

What you will learn

  • Choose and configure a hardware device to use Kali NetHunter
  • Use various tools during pentests
  • Understand NetHunter suite components
  • Discover tips to effectively use a compact mobile platform
  • Create your own Kali NetHunter-enabled device and configure it for optimal results
  • Learn to scan and gather information from a target
  • Explore hardware adapters for testing and auditing wireless networks and Bluetooth devices

Who this book is for

Hands-On Penetration Testing with Kali NetHunter is for pentesters, ethical hackers, and security professionals who want to learn to use Kali NetHunter for complete mobile penetration testing and are interested in venturing into the mobile domain. Some prior understanding of networking assessment and Kali Linux will be helpful.

Publisher Resources

View/Submit Errata

Table of Contents

  1. Title Page
  2. Copyright and Credits
    1. Hands-On Penetration Testing with Kali NetHunter
  3. About Packt
    1. Why subscribe?
    2. Packt.com
  4. Contributors
    1. About the authors
    2. About the reviewers
    3. Packt is searching for authors like you
  5. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
      1. Download the color images
      2. Conventions used
    4. Get in touch
      1. Reviews
    5. Disclaimer
  6. Section 1: Exploring Kali NetHunter
  7. Introduction to Kali NetHunter
    1. What is Kali NetHunter?
    2. Tools within Kali NetHunter
      1. MAC Changer
      2. The MITM framework
      3. HID attacks
      4. DuckHunter HID
      5. BadUSB MITM attacks
      6. The MANA Wireless Toolkit
      7. Software defined radio
      8. Network Mapper
      9. The Metasploit Payload Generator
      10. Searchsploit
    3. The Android platform and security model
      1. The Android architecture
        1. The Application layer
        2. The Application Framework Layer
        3. Android Libraries
        4. Android Runtime
        5. Kernel
      2. The Android security model
        1. Android Device Manager
        2. SafetyNet
        3. Verify applications
        4. Application services
        5. Android updates
        6. The Google Play Store
        7. Google Play Protect
    4. Installing NetHunter
      1. Building Kali NetHunter for a specific device (optional)
    5. Additional optional hardware
    6. Summary
  8. Understanding the Phases of the Pentesting Process
    1. The need for penetration testing
      1. Types of hackers
        1. White hat
        2. Grey hat
        3. Black hat
        4. Script kiddie
        5. Suicide hacker
        6. Hacktivist
        7. State-sponsored hacker
      2. Penetration testing
      3. Blue teaming vs red teaming vs purple team
        1. Blue team
        2. Red team
        3. Purple team
    2. Types of penetration tests
    3. Phases of penetration testing
      1. The pre-attack phase
      2. The attack phase
      3. The post-attack phase
    4. Penetration testing methodologies and frameworks
      1. OWASP testing framework
      2. PCI penetration testing guide
      3. Penetration Testing Execution Standard
      4. Open Source Security Testing Methodology Manual
    5. Phases of penetration testing
      1. Reconnaissance
      2. Scanning
      3. Gaining access
      4. Maintaining access
      5. Clearing tracks
    6. Deliverables
    7. Summary
  9. Section 2: Common Pentesting Tasks and Tools
  10. Intelligence-Gathering Tools
    1. Technical requirements
    2. Objectives of intelligence gathering
    3. Information for the taking
      1. Types of information available
        1. Network information
        2. Organizational data
    4. Tools for gathering useful information
      1. Using Shodan
        1. Working with filters
      2. Using Metagoofil
        1. Exercise using Metagoofil to collect information
        2. Using Nikto
          1. Exercise – working with Nikto
        3. What is robots.txt?
      3. Using Parsero
        1. Exercise – working with Parsero
      4. Using wget
        1. Exercise – working with wget
      5. Using HTTrack
        1. Exercise – using HTTrack
      6. Google Hacking
        1. Exercise – what's the Right Search Engine
      7. Location
      8. Social networking
      9. Using Echosec
      10. Exercise – working with Echosec
    5. Working with Recon-Ng
    6. Going for technical data
      1. Using WHOIS
        1. Exercise – getting the most from WHOIS
      2. nslookup
      3. Reverse DNS Lookups
        1. Looking up an NS record
        2. Querying an MX record
        3. Querying an SOA record
        4. Querying another DNS
      4. Using dnsenum
        1. Exercise – working with dnsenum
      5. Using DNSMAP
      6. Using traceroute
    7. Summary
    8. Further reading
  11. Scanning and Enumeration Tools
    1. Technical requirements
    2. Scanning
      1. Conducting a scan
      2. Troubleshooting scanning results
    3. Determining whether a host is up or down
      1. Exercise – working with ping
    4. Using Nmap
      1. Exercise – Performing a Ping Sweep with Nmap
    5. Port scanning
    6. Full Open/TCP connect scans
    7. Stealth scans
    8. XMAS scans
    9. FIN scans
    10. NULL scans
    11. ACK scans
    12. Tuning and tweaking
      1. UDP scanning
    13. Banner grabbing
      1. Exercise using Telnet to banner-grab
      2. Exercise – using nmap to banner-grab
    14. Enumeration with NetHunter
    15. Enumerating DNS
    16. Enumerating SMTP
      1. Exercise – using NMAP to enumerate
      2. Exercise – working with smtp-user-enum
    17. Working with SMB
      1. Exercise – using enum4linux
      2. Exercise – using acccheck
      3. Exercise – using SMBmap
    18. Summary
    19. Further reading
  12. Penetrating the Target
    1. Technical requirements
    2. Concerning passwords
      1. Choosing an approach to cracking
      2. Passive techniques
        1. Man-in-the-Middle
        2. Exercise – working with SSL strip
      3. Active techniques
        1. Working with Ncrack
        2. Exercise – working with Ncrack
        3. Offline attacks
        4. Rainbow tables
          1. Exercise – creating the rainbow table
          2. Exercise – working with rtgen
        5. Putting it together
        6. Exercise – recovering passwords with hashcat
      4. Executing applications
      5. Escalating privileges
      6. Executing applications on the target
        1. Exercise – planting a backdoor with Netcat
    3. Summary
    4. Further reading
  13. Clearing Tracks and Removing Evidence from a Target
    1. Clearing tracks
      1. Types of logs and their locations
        1. DHCP server logs
        2. Syslog messages
        3. Packet analysis
        4. Web server logs
        5. Database logs
        6. Event logs
    2. Clearing logs on Windows
      1. Using PowerShell to clear logs in Windows
      2. Using the command prompt to clear logs in Windows
    3. Clearing logs in Linux
    4. Summary
  14. Section 3: Advanced Pentesting Tasks and Tools
  15. Packet Sniffing and Traffic Analysis
    1. The need for sniffing traffic
    2. Types of packet-sniffing techniques
      1. Active sniffing
      2. Passive sniffing
    3. Tools and techniques of packet sniffing
      1. Aircrack-ng
        1. Observing wireless networks using airmon-ng
      2. Arpspoof
      3. Dsniff
      4. Kismet
      5. Tcpdump
      6. TShark
      7. The MITM framework
    4. Packet analysis techniques
      1. Dsniff
      2. Tshark
      3. Urlsnarf
      4. Tcpdump
    5. Summary
  16. Targeting Wireless Devices and Networks
    1. Wireless network topologies
      1. Independent Basic Service Set
      2. Basic Service Set
      3. Extended Service Set
    2. Wireless standards
    3. Service Set Identifier
    4. Wireless authentication modes
    5. Wireless encryption standard
      1. Wired Equivalent Privacy
      2. Wi-Fi Protected Access
      3. Wi-Fi Protected Access 2
    6. Wireless threats
    7. Wireless attacks
      1. Exercise – checking whether a wireless card supports injection
      2. Exercise – detecting access points and their manufacturers
      3. Exercise – discovering the WPS version of an access point
      4. Exercise – de-authentication attacks
      5. Exercise – de-authenticating a specific client
      6. Exercise – detecting a de-authentication attack
      7. Exercise – discovering hidden SSIDs
      8. Exercise – cracking WEP and WPA
        1. Cracking WEP Encryption
    8. Bluetooth hacking
    9. Summary
  17. Avoiding Detection
    1. Scanning
      1. Stealth scanning
      2. Decoys
      3. Idle scans
    2. MAC spoofing
    3. Fragmentation
    4. Metasploit Payload Generator
    5. Encrypting traffic
    6. Summary
  18. Hardening Techniques and Countermeasures
    1. Security threats and countermeasures
      1. Viruses
      2. Other common viruses
    2. Client system security
      1. The Windows baseline
      2. The Windows registry
      3. User accounts
      4. Patch management
      5. Windows Firewall
      6. Disabling services
      7. The Linux baseline
        1. Security scanner for Linux
        2. Disabling services in Linux
    3. Hardening networking devices
    4. Hardening mobile devices
    5. Summary
  19. Building a Lab
    1. Technical requirements
    2. Hypervisor
      1. Type 1
      2. Type 2
    3. Vulnerable systems
    4. Setting up the lab
      1. Step 1 – installing the hypervisor
      2. Step 2 – obtaining vulnerable systems
      3. Step 3 – setting up Metasploitable
      4. Step 4 – setting up the OWASP broken web applications project
    5. Summary
  20. Selecting a Kali Device and Hardware
    1. Small computers
      1. Gem PDA
      2. Raspberry Pi 2 and 3
      3. ODROID U2
    2. Mobile hardware
    3. External components
      1. Wireless adapters
      2. OTG cables
    4. Summary
  21. Other Books You May Enjoy
    1. Leave a review - let other readers know what you think

Product Information

  • Title: Hands-On Penetration Testing with Kali NetHunter
  • Author(s): Glen D. Singh, Sean-Philip Oriyano
  • Release date: February 2019
  • Publisher(s): Packt Publishing
  • ISBN: 9781788995177