Pentesting on the Fly : Android Phone - Epilogue (Some Thoughts and Advices)
Hey there :) Thanks for enjoying my short series of post about Smartphone pentesting.
Here's a little epilogue with some thoughts/advices for you
I) SECURITY
- MAC ADDRESS : According to various forums, you might be able to change your mac address, either with macchanger or ifconfig
apt-get install macchanger
ifconfig wlan0 down
macchanger -r wlan0
ifconfig wlan0 up
OR :
ifconfig wlan0 down
ifconfig wlan0 hw ether 00:11:22:33:44:55
ifconfig wlan0 up
BUT :
I personally had issues withchanging my Mac adress so.. yeah it might be a problem.
- Information disclosure :
Take a lookt at this app : afwall
It's a really good and open source app, which allows you to control incoming and outgoing traffic to reduce information disclosure.
Ugh... I bet you followed the whole tutorial and you didn't changed your ssh default password huh ? CHANGE IT RIGHT NOW !!!
You wanna see how strong is your password ? Use your own phone to hack yourself using a wordlist ;)
II) ADVICES
- Script as much as possible. Spend some time at home training yourself, elaborate your attacks, then script them. Really, you woon't wanna have to type command lines during 5 minutes. 5 minutes is really long outside
Ask for user Input :
read -p "Some Sample message here" variable
formating some output
cut
tr
fold
grep
- Take a look at TMUX, it's really helpful to take a look at différents things at the same time on the same screen
- But don't forget, that you can open multiples terminals, so you can -for example- brute force a Telnet password while lauching a Metasploit attack using shellsock, and mitm a public connection
- I didn't tried TOR yet, i'll tell you soon, and give you a script too.
- As you surely know, mosts smartphones' chipsets don't support packet injection.
- So except if you have a bc chipset, you'll need a Wifi- USB key with an OTG cable and maybe an external battery, if you want to experiment monitor mode and Tools like reaver, aircrack etc.... ( Using airodump to walk through the city and steal 4 ways handshake **)
- Also, using Tools like bluesnarffer etc won't work. Once more - i'm not sure- I bet you'll have to buy an external dongle.
Aucun commentaire:
Enregistrer un commentaire