Hands-On Penetration Testing with Kali NetHunter
eBook - ePub

Hands-On Penetration Testing with Kali NetHunter

Spy on and protect vulnerable ecosystems using the power of Kali Linux for pentesting on the go

  1. 302 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Hands-On Penetration Testing with Kali NetHunter

Spy on and protect vulnerable ecosystems using the power of Kali Linux for pentesting on the go

Book details
Book preview
Table of contents
Citations

About This Book

Convert Android to a powerful pentesting platform.

Key Features

  • Get up and running with Kali Linux NetHunter
  • Connect your Android device and gain full control over Windows, OSX, or Linux devices
  • Crack Wi-Fi passwords and gain access to devices connected over the same network collecting intellectual data

Book Description

Kali NetHunter is a version of the popular and powerful Kali Linux pentesting platform, designed to be installed on mobile devices. Hands-On Penetration Testing with Kali NetHunter will teach you the components of NetHunter and how to install the software. You'll also learn about the different tools included and how to optimize and use a package, obtain desired results, perform tests, and make your environment more secure.

Starting with an introduction to Kali NetHunter, you will delve into different phases of the pentesting process. This book will show you how to build your penetration testing environment and set up your lab. You will gain insight into gathering intellectual data, exploiting vulnerable areas, and gaining control over target systems. As you progress through the book, you will explore the NetHunter tools available for exploiting wired and wireless devices. You will work through new ways to deploy existing tools designed to reduce the chances of detection. In the concluding chapters, you will discover tips and best practices for integrating security hardening into your Android ecosystem.

By the end of this book, you will have learned to successfully use a mobile penetration testing device based on Kali NetHunter and Android to accomplish the same tasks you would traditionally, but in a smaller and more mobile form factor.

What you will learn

  • Choose and configure a hardware device to use Kali NetHunter
  • Use various tools during pentests
  • Understand NetHunter suite components
  • Discover tips to effectively use a compact mobile platform
  • Create your own Kali NetHunter-enabled device and configure it for optimal results
  • Learn to scan and gather information from a target
  • Explore hardware adapters for testing and auditing wireless networks and Bluetooth devices

Who this book is for

Hands-On Penetration Testing with Kali NetHunter is for pentesters, ethical hackers, and security professionals who want to learn to use Kali NetHunter for complete mobile penetration testing and are interested in venturing into the mobile domain. Some prior understanding of networking assessment and Kali Linux will be helpful.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Hands-On Penetration Testing with Kali NetHunter by Glen D. Singh, Sean-Philip Oriyano in PDF and/or ePUB format, as well as other popular books in Informatique & Systèmes d'exploitation. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2019
ISBN
9781788996686
Edition
1
Topic
Informatique
Subtopic
Systèmes d'exploitation

Section 1: Exploring Kali NetHunter

This chapter will introduce both Kali NetHunter and Android, as well as the hardware platforms Kali NetHunter is designed for.
The following chapters are covered in this section:
  • Chapter 1, Introducing Kali NetHunter
  • Chapter 2, Understanding the Phases of the Pentesting Process

Introduction to Kali NetHunter

Hacking is an interesting topic of discussion for lots of people, whether they work in the field of cybersecurity or are simply interested in learning the details of how it’s done. Often, TV shows and movies incorporate hackers into the plot. Some TV shows, fictional or non-fictional, are solely based on hacking, notable one being Mr. Robot. In the show, a young man orchestrates and executes various cyberattacks on multiple organizations using real-world techniques.
Many TV shows and movies often show a hacker using a mobile or other handheld devices to infiltrate a target network. This begs the question: is hacking from a mobile device, such as a phone, possible? The answer to this question is yes. We are surrounded by so much technology and so many smart devices. Imagine using your smart device to test a network or system for vulnerabilities and perhaps exploit it; this would definitely be very cool.
In this chapter, we will be covering the following topics:
  • Introducing Kali NetHunter
  • The Android platform and Security model
  • Installing Kali NetHunter

What is Kali NetHunter?

To begin this section, let’s a take a walk through the history and evolution of the most popular penetration-testing Linux distribution, Kali Linux. Before the ever-popular Kali Linux, there was its predecessor, known as Backtrack. Backtrack was created by two merger companies, Auditor Security Collection and Whax, back in 2006. The Backtrack operating system was in the form of a live CD and live USB bootable media, which allows a penetration tester, systems administrator, or hacker to use any computer that supported booting from CD/DVD and/or USB drives. Since Backtrack is a Linux-based operating system, live boot simply made any computer into a hacker’s machine on the network.
In 2011, Backtrack evolved into its latest version, known as Backtrack 5. At this time, Backtrack included many tools and utilities that helped penetration testers to do their jobs.
Some of the tools within Backtrack 5 include the following:
  • Metasploit: A famous exploit development framework created by Rapid7 (www.rapid7.com).
  • SAINT: A renowned vulnerability-assessment tool developed by SAINT Corporation (www.saintcorporation.com).
  • Maltego: An information-gathering tool created by Paterva (www.paterva.com), which takes advantage of data-mining techniques using various resources on the internet.
In 2013, the Backtrack distribution went through a major change; all support had ended while evolving into the Kali Linux penetration-testing Linux distro we all know today. The creators of Kali Linux, Offensive Security (www.offensive-security.com), completely redesigned Backtrack from the ground up, making it Debian-based. The Kali Linux penetration-testing platform comes with over 600 pre-installed tools that can assist penetration testers, security engineers, or forensics personnel in their duties.
Kali Linux was originally designed to run on computer systems similarly to its predecessor, whether Live Boot (CD/DVD or USB) or installed on the local hard disk drive. In 2014, Offensive Security, the creators of Kali Linux, released Kali NetHunter. This platform was released for Android-based devices, which opened up greater opportunities for penetration testers around the world by removing the restriction of using a desktop or laptop computer to test target systems and networks.
Kali NetHunter allows penetration testers to simply walk around with an Android-based device, such as a smartphone or a tablet. Imagine how awesome it would be to be assigned a security audit on a client's systems, specifically their wireless and internal network, and all you need to carry out the audit is a smartphone.
An example scenario for using NetHunter for penetration testing is auditing wireless security and testing the security for any bring-your-own-device (BYOD) policies within an organization’s network. Being able to conduct penetration testing through a handheld device is important as wireless security configurations have the most security vulnerabilities for a network.
At times, a technician may deploy a wireless router or an access point (AP) on a network while leaving the default configurations, which included default or factory-assigned passwords. During the course of this book, we will take a look at various methodologies for performing a penetration test using Kali NetHunter and how to utilize the arsenal of tools that are available to execute a successful penetration test against a network and system.

Tools within Kali NetHunter

The Kali NetHunter platform has additional resources not available in Kali Linux. These additional resources are powerful tools in the hands of a focused penetration tester.

MAC Changer

The name of this utility says it all: it can change the media access control (MAC) address of a device's network interface card (NIC) to either a randomized value or a specific address defined by the tester. The MAC Changer on Kali NetHunter has an additional capability of changing the device’s hostname. This can be a very useful feature that can aid a penetration tester in a social-engineering attack:

The MITM framework

A man-in-the-middle (MITM) framework of tools and utilities is used when performing all MITM attacks on a network. A MITM attack is when a hacker sits between the victim and another device, such as the default gateway to the internet. The intention of the attack is to intercept all traffic along the path. Looking at the following diagram, all traffic from the PC that is intended to go to the internet which is supposed to be sent directly to the router (default gateway) is indicated by the top arrow. However, with an attacker on the network, they are able to trick the victim's PC into thinking the attacker's machine is now the router (default gateway) and tricking the router into believing the attacker's machine is the PC:
It’s a penetration tester’s powerhouse. Some of its features are key-logging, address resolution protocol (ARP) cache poisoning attacks, spo...

Table of contents

  1. Title Page
  2. Copyright and Credits
  3. About Packt
  4. Contributors
  5. Preface
  6. Section 1: Exploring Kali NetHunter
  7. Introduction to Kali NetHunter
  8. Understanding the Phases of the Pentesting Process
  9. Section 2: Common Pentesting Tasks and Tools
  10. Intelligence-Gathering Tools
  11. Scanning and Enumeration Tools
  12. Penetrating the Target
  13. Clearing Tracks and Removing Evidence from a Target
  14. Section 3: Advanced Pentesting Tasks and Tools
  15. Packet Sniffing and Traffic Analysis
  16. Targeting Wireless Devices and Networks
  17. Avoiding Detection
  18. Hardening Techniques and Countermeasures
  19. Building a Lab
  20. Selecting a Kali Device and Hardware
  21. Other Books You May Enjoy