CyberMoransš¤
Android phones can be weaponizedš£ into covert hacking devicesš¹ - like in MR. Robot - capable of running tools like Nmap, Nikto, and Netcat ā all without rooting the devicešØ. How?..well, walk with me..š
āļø First,
Install the ConnectBot or juiceSSH App: SSH clients designed for Android smartphones, which allows you to securely connect with SSH servers. This will be the way to interact with the new UserLAnd Debian operating system.
āļø Then,
Install the UserLAnd App from either Google Play or F-Droid...see, simpo simpo chap chap...š
Smol Brief: UserLAnd Technologies is a free and open-source ad-free compatibility layer mobile app that allows Linux distributions, computer programs, computer games and numerical computing programs to run on mobile devices without requiring a root accountš¤¤
Now lets kick some a**šŖ
š² Create a New File system
When the installation is complete, open UserLAnd, and view the "Apps" tab. Refresh the tab and šŖ wait a few minutes for the distributions to populate.
The Kali Linux OS is on the list of available distributions. Select "Kali" or "Debian" and the UserLAnd app will prompt for credentials. Create a username, password, and VNC password. The "Password" will allow access to the SSH server started when the filesystem is finished installing. The "VNC Password" won't be used in this tutorial but is required to proceed with the installationš
UserLAnd will then download the necessary executables and scripts from its GitHub repository that are used to create the filesystems. The time it takes to download and extract the required assets will vary based on the Android CPU and internet connection speed. The installation process took up to 40 minutes to complete in some tests, so dont hold your breathš“
Incase you run into "Could not extract filesystem. Something went wrong" error š¤Ø
Removing and reinstalling the UserLAnd application resolved the issue. If this error persists, open a new GitHub issueš
š² Interact with the File system
When the installation is complete, head over to the "Sessions" tab, and select the newly created option. UserLAnd will automatically attempt to open ConnectBot and ask "Are you sure you want to continue connecting?" Tap "Yes," and enter the password created in the previous stepš
From here, syncing a Bluetooth keyboard to the phone will make setting up the OS easier or installing Hacker's Keyboard from the Play Store, and you'll understand why as we continueš¤
š² Update the OS
The first thing to do after installing a new operating system on your Android phone is making sure the system is fully up to date. This can be done by first using su to create a root shell. Next, use the apt-get update && apt-get dist-upgrade commandš
kali@localhost:~$ su
root@localhost: /home/kali# apt-get update && apt-get dist-upgrade
Ign:1 http://cdn-fastly.deb.debian.org/debian stable InRelease
Get:2 http://cdn-fastly.deb.debian.org/debian stable-updates InRelease [91.0 kB]
Hit:3 http://cdn-fastly.deb.debian.org/debian stable Release
Get:4 http://cdn-fastly.deb.debian.org/debian stable Release.gpg [2434 B]
Get:5 http://cdn-fastly.deb.debian.org/debian stable-updates/main arm64 Packages [5096 B]
Get:6 http://cdn-fastly.deb.debian.org/debian stable-updates/main Translation-en [4512 B]
Get:7 http://cdn-fastly.deb.debian.org/debian stable/main Translation-en [5393 B]
Get:8 http://cdn-fastly.deb.debian.org/debian stable/contrib arm64 Packages [29.9 kB]
Get:9 http://cdn-fastly.deb.debian.org/debian stable/contrib Translation-en [45.9 kB]
Get:10 http://cdn-fastly.deb.debian.org/debian stable/non-free arm64 Package [50.8 kB]
Get:11 http://cdn-fastly.deb.debian.org/debian stablenon-free Translation-en [80.6 kB]
Fetched 5714 kB in 31s (183 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Calculating upgrade... Done
The following packages will be upgraded:
tzdata
1 upgraded, 0 newly intalled, 0 to remove and 0 not upgraded.
Need to get 270 kB of archives.
After this operation, 1024 B of additional disk space will be used.
Do you want to continue? [Y/n]In the case of the above output, there's only one package that needed updating, but this might not always be true.
š² Install necessary Software
This new filesystem is extremely bare-bone and doesn't include much by default. Belowš are a few packages recommended for everyday Debian and Kali users. Some packages aren't required but will make it easier to use as a primary hacking device.
š screen š Screen is a terminal multiplexer that allows users to run and alternate between several terminal sessions simultaneously. This is one of the most vital packages to install when using UserLAnd. Android phones don't handle prolonged SSH sessions well and tend to break connections for no apparent reason. Such breakage can cause running commands to fail with no way of reconnecting to the session to view the progress. Use Screen to maintain persistent shell sessions.
š net-tools š Net-tools is a suite of tools containing ifconfig, netstat, route, and several other useful networking applications.
š netcat š Netcat is a feature-rich UNIX utility designed to be a reliable tool for creating TCP and UDP connections. Netcat can be used to create and interact with simple macOS backdoors
š neofetch š Neofetch is a cross-platform system information gathering tool. It conveniently displays system specifications alongside the distribution logo.
š gnupg š GnuPG (sometimes referred to as gpg) is generally used for encrypting files and securing email communications. Some installer scripts (like Metasploit) use gpg in order to import their software signing keys. It's possible to manually install Metasploit without gpg, but it will make the process less complicated.
š curl š cURL is a command line tool capable of downloading files over HTTP and other popular protocols. This is a useful tool to have for downloading files from the internet.
š wget š Like cURL, wget is a command line tool used to download files from the internet. Some developers prefer wget over cURL, so it's helpful to keep both installed and available.
š git š Git is a popular version control software and is commonly used to clone (download) GitHub projects. Git is often recommended by Null Byte users.
š nano š Nano is a command line text editor. Nano will make editing files via SSH more convenient. If Vim or Emacs or mousepad is preferred, download those text-editors instead (or in addition to nano).
The above packages can be installed simply using the apt-get commandš
apt-get update && apt-get install net-tools netcat neofetch gnupg curl wget git nano screenCan you feel you feel you phone š„š„š„ Go super-saiyan in the palm of your hands?
š² Import the Kali Linux Repository
Incase you installed the Kali OS in Step 3š like me, this step can be skipped. For Debian OS users, importing the Kali repository into your distribution isn't primary. However, doing so will allow for quick installations of applications such as sqlmap, Commix, Bettercap, Nikto, dnsmap, and hundreds of packages that can't be found in Debian's default repositories.
To start importing the Kali Linux repository, use nano to add Kali's repository to the /etc/apt/sources.list file š
nano /etc/apt/sources.listAdd the line below što the bottom of the file, and use Ctrl + X to exit and save the changes. ConnectBot/juiceSSH has on-screen buttons/prompts for keys like Ctrl and Shift. Alternatively, a Bluetooth keyboard or the Hacker's Keyboard app will come in handy for exiting the nano terminal š
deb http://http.kali.org/kali kali-rolling main contrib non-free
Then, add the Kali signing key using the following wget command š
wget -q -O - https://www.kali.org/archive-key.asc | apt-key add -If the command was successful, the terminal will return "OK" .
Finally, update the APT cache using the apt-get update command š
root@localhost:/home/kali# wget -q -O - https://www.kali.org/archive-key.asc | apt-key add -
OK
root@localhost:/home/kali# apt-get update
Ign:1 http://cdn-fastly.deb.debian.org/debian stable InRelease
Hit:3 http://cdn-fastly.deb.debian.org/debian stable-updates InRelease
Hit:4 http://cdn-fastly.deb.debian.org/debian stable Release
Ign:2 http://ftp.halifax.rwth-aachen.de/kali kali-rolling InRelease
Get:6 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling Release [29.6 kB]
Get:7 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling Release.gpg [833 B]
Get:8 http://ftp.acc.umu.se/mirror/kali.org/kali kali-rolling/main arm64 Packages [16.4 MB]
64% [8 Packages 9415 kB/16.4 MB 57%] 546 kB/s 13sIn later posts, I'll show how to hack websites, Wi-Fi passwords, and Windows 10 using only Kali on Androidš Turning Android's into hacking devices is easy. While it is slower at processing data than a Raspberry Pi, it still makes a great, easily concealed offensive tool capable of running Kali softwarešµļøāāļø
šConclusion š¤
Subscribe to receive notifications of similar posts š where we will be reverse engineering malware, vulnerabilities as well as hacking vectors, stories, tutorials and other Infosec stuff...š
Follow me on twitter for daily Infosec Memes and shenanigansš
Morans,
Thank you for taking time and hope you learned something new, Like and leave a comment/review and as always, stay awesome! šš šŖ
Comments