Information Gathering on Android using Fing

Wednesday, November 30, 2016 Add Comment
Hello all, let's check Fing app today. This app does more detailed analysis for your network. Also, its very easy to use. 
Download Fing & install.

Grant the root permissions.


As you open the app, it scans for the available networks. If you are connected to one, it displays the information for the active endpoints, with the default gateway.




This information plays very significant role in network scanning stage.

We can scan for the services running on a host too.


Also, we can ping the host to check whether it is alive or not.


Now, lets dive into the settings menu to explore more. Tap on the small gear icon at the top right corner of the main page.

Now, goto "HOST TOOLS" section in the settings menu.


Here, you can use the same tools to scan for a specific target, rather than just connected nodes in the network.

As you see below, it scans for the running services on the target host.


I also have the ping scan result below.


Traceroute & DNS lookup also work decent.



Now, in settings there's an option for limiting the number of connected nodes too.


You can edit the TCP services list too which are scanned on the host, as per your requirements. Although, this feature is exclusively included for the security experts, I just want to make you aware of the exploitable resources.


So, that was all for this tutorial. You must have liked it. Please share with your friends too. Yeah, I would also like to know your feedback on this. See you soon with another fascinating stuff. Till then take care. :)

Information Gathering on Android using IP Tools

Wednesday, November 30, 2016 Add Comment
Hello friends! Today, we will see another app, IP Tools, somewhat similar to Hackode, but pretty simple to use though. Lets start!

Download IP Tools from here, install it.

Open the app. Grant the root permissions.

Now, it will automatically display the IP information for you.



It will give you the Host address, internal IP, MAC address and other details.

At the top left corner, you can see small three horizontal lines.

In this menu, you will see a bunch of options for scanning.


There are several tools like ping, traceroute, port scanner, network connections, DNS lookup here.


Here is the ping scan result for "google.com".

The ping tool is used to test connectivity between two hosts.

I also have the traceroute report below.


The traceroute tool is used to check the route (path) between two hosts.

Port scanner tool scans for the open ports on the target. I've the port scan report below.


Now, the "Network connections" part is really a very good feature for the security analysts and pentesters. It gives you the entire packets communication log consisting of different requests made by the source & destination nodes.



A DNS lookup is the process of querying a domain name server to resolve the IP address of a given hostname.

DNS lookup report will look like this.


As we see, many tools work almost flawlessly. Also, it is very simple to use. So guys, try out this app & share your views. I would be happy know that too. Thanks for reading this tutorial.
Also do try other similar apps like Nipper, Nmap & Hackode for information gathering!
Don't forget to check my next tutorial on Fing app. :)

Information Gathering on Android using Hackode

Tuesday, November 29, 2016 Add Comment
Welcome friends, now lets dig more into the footprinting basics with an awesome app, that can help you for an in-depth analysis. I'm talking about Hackode. Yeah, lets check then!



As I said in my previous two tutorials, it applies the same here. You need to have a rooted Android device with BusyBox binaries installed. With that, lets move on!

Download the Hackode & install it.


Grant the root permissions & move on.

You will be greeted by the following screen.


Select the Reconnaissance section.


Well, this short description will help you with this term, if you don't really know what does reconnaissance mean in practical!

Go for "Browse Tools".


Here, let me tell you guys. There are some tools in Google hacking part. But I've realized that most of them don't work properly. Even if they work, the results are quite often not accurate. Its because this app redirects to another site for searching results.

I like the Whois lookup part of this app. So, lets explore it...


It will ask to enter IP or domain. So, enter the desired one which you want to perform whois lookup for.

It will redirect you to another site to give you the whois lookup results.




That's easy right! Now, lets move on to the best part...

Come back to the first page of the app & select the "Scanning" option.



Here, you will see options for Ping, Traceroute, MX records and DNS Dig.

Many of us know about the ping  command. It allows you to test the reachability of a host and to measure the round trip time for messages sent from the originating host to a destination device.

So, we go for the traceroute option.
It allows you to identify the intermediate devices and the connection speed.


Enter the host to traceroute for. I've got the following results for this tool:


Now, we can search for MX records too. MX records are the information about the target's mail server responsible for accepting email messages on behalf of a recipient's domain.


Badly, as Blogger is owned by Google, it refuses to provide the sufficient details! :( Well, actually its good safety measure for us indeed! ;)


Now, moving on to the Dig section.


DIG (Domain Information Groper) is used to find information about the target website's DNS server.
Here, I've the DIG report for google.com at that moment.


I strongly recommend you all to try this lovely app! I hope you liked reading this tutorial. Looking forward for your incredible thoughts & opinions. Check out my next tutorial on IP Tools App! Bye...

Information Gathering on Android using nmap

Tuesday, November 29, 2016 Add Comment
Hey guys, lets check nmap app for Android in this article. Nmap is one of the important tools for hackers & security experts to get the decent know-how of the target. It scans for the open ports on target address. Also, we can use it in many ways for our benefits. Lets check now!

First, I need to make it clear that your device must be rooted & you have BusyBox installed for full-functioning of this app. For non-rooted devices, some features won't work!

Download this tiny app from here & install it.

As you open the app, it will ask for root access permissions. Grant the permissions & go ahead!

Now, here's the fun part! You can enter only the target IP here. If you want to scan for a domain, then first resolve its IP and then scan for that IP. You can't scan directly for a domain here.

You can get the IP of a site address from here:
http://www.dnsqueries.com/en/dns_lookup.php

That's really sad, I hope the developer, in future, adds that functionality too.

Here, I've the results for my local IP.


Now, here it says that the host is up! So guys, you can see that it worked perfectly for me. It provides me the MAC address too. As, we see the port 53 of tcp is open here, which does the dns resolution job.

That's all guys! I hope you enjoyed reading this tutorial. If so, kindly let me know in the comment box below. Also, read my next tutorial on Nipper app, which is really cool (that's what came to my mind after using it!). See you there. :)

Information Gathering on Android using Nipper App

Tuesday, November 29, 2016 Add Comment
Nip, Nip, Nipper! Hey guys, today I'm gonna share with you all one of the good pentesting apps Nipper for Android using which you can do a pretty much of information gathering. Well, you shouldn't expect it to work similar to the Kali tools, because as you know there are some restrictions while we use a third party app like these. So, without taking a lot of time, lets move on!

Well, its quite simple to use!

I make it clear before that your device must be rooted & make sure you have BusyBox binaries installed for the app to work as you expect. For non-rooted devices, some features won't work!

Download Nipper from here & install it.


Open the app. You will be greeted by a screen with a blank space at the center. Now, here's where you need to enter a URL to scan the target for.

After putting the URL, hit the small yellow-filled circle containing arrow. Here we go!


As you see guys, their I have the details for the target URL. 

Now, lets know a bit about every single section here.

The first you see, is the target site itself, followed by the resolved IP of the domain! As we see, its 216.58.199.161 

Now what you see is the name of server that is hosting this site. So, right there we see GSE, that's Google Servlet Engine. As this site is hosted by Blogger (owned by Google), we see the server name GSE.

So, knowing the server name is a first task for a pentester & here Nipper has helped us achieve it very easily!

Now friends, you can go further for DNS lookup also. So, a DNS Lookup will reveal the domain name servers for you, which are responsible to resolve the domain name into its associated IP. I hope you got an idea what I am talking about!


So, here we have the DNS lookup results with us!

You can do an nmap scan too, for checking the open ports. You can see this option right next to the DNS Lookup.


So, that was all guys about this cute little app Nipper! :) Hope you enjoyed reading this tutorial. 
Let us know please! As always, I say, your feedback matters a lot for us. There are many other apps like IP Tools, Nmap, Fing, too for information gathering purposes. Read my next article on Hackode, which will definitely be a more fun! Take care, BY33.... ;)

How to be An0Nymous on Kali Linux by using Anonsurf module

Saturday, November 12, 2016 2 Comments
Hey guys, today I'm gonna show you all a very quick, easy & effective method to remain anonymous on your Kali Linux system so that no one can trace you from your activities.
          So, basically, we're gonna install Anonsurf module, which will anonymize the entire system under TOR using IPTables.



          STEP 1: Download Anonsurf.

         Fire up your kali & enter following command in terminal.
              git clone https://github.com/Und3rf10w/kali-anonsurf.git

root@kali:~# git clone https://github.com/Und3rf10w/kali-anonsurf.git
Cloning into 'kali-anonsurf'...
remote: Counting objects: 275, done.
remote: Total 275 (delta 0), reused 0 (delta 0), pack-reused 275
Receiving objects: 100% (275/275), 163.44 KiB | 75.00 KiB/s, done.
Resolving deltas: 100% (79/79), done.
Checking connectivity... done.
root@kali:~#

        After the download is complete, goto to the directory where you downloaded. You can do this by using cd command to move back & forth through various directories.

root@kali:~#
root@kali:~# cd kali-anonsurf/
root@kali:~/kali-anonsurf#
root@kali:~/kali-anonsurf# ls
installer.sh  kali-anonsurf-deb-src  LICENSE  README.md
root@kali:~/kali-anonsurf#

         STEP 2: Install Anonsurf.

          In the kali-anonsurf folder, you'll find an installer script. Kudos, that's what we want to get anonsurf working on your system.
             
         So now, simply execute the script by entering the following command:
                       ./installer.sh



       Now it will automatically install the module onto your system & it will also update the /etc/tor/torrc file to add the following code.

VirtualAddrNetwork 10.192.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
SocksPort 9050
DNSPort 53
RunAsDaemon 1

        It will also update your /etc/resolv.conf file to update the following code.

root@kali:~# cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 209.222.18.222
nameserver 209.222.18.218

   STEP 3: Run Anonsurf.

       So, with this anonsurf installed, now you are all set to start it.

        Enter the following command whenever you want to begin the process. It will automatically start TOR for you.

                    anonsurf start

root@kali:~# anonsurf start
 * killing dangerous applications
 * cleaning some dangerous cache elements
[ i ] Stopping IPv6 services:
[ i ] Starting anonymous mode:
 * Tor is not running!  starting it  for you
 * Saved iptables rules
 * Modified resolv.conf to use Tor and Private Internet Access DNS
 * All traffic was redirected throught Tor
[ i ] You are under AnonSurf tunnel
root@kali:~#

     Now, you can also check your IP by the following command:

        anonsurf myip

root@kali:~# anonsurf myip
My ip is:
1xx.1xx.2xx.1xx

      To stop anonsurf, simply type in the following:

         anonsurf stop

root@kali:~# anonsurf stop
 * killing dangerous applications
 * cleaning some dangerous cache elements
[ i ] Stopping anonymous mode:
 * Deleted all iptables rules
 * Iptables rules restored
[ i ] Reenabling IPv6 services:
 * Anonymous mode stopped

      Instead of stopping and starting again, you can simply restart it to avoid the painstaking. Just hit the following command:

         anonsurf restart

      So, each time you restart anonsurf, it will randomly assign you a different IP address! Isn't that amazing & cool guys?!

WARNING: Don't ever run anonsurf by service anonsurf start command. Run it as anonsurf start


       Just to satisfy yourself, you may check your IP & DNS by visiting the following site:

                   https://www.whatismyip.com/
                   http://dnsleak.com

       That's it guys, I hope you enjoy reading this tutorial. Please comment below whether you liked it or not. Your feedbacks value a lot for us. Meet you soon guys! Take care & happy winter. :)
    

How to install Kali Linux on your Android Smartphone

Tuesday, September 20, 2016 Add Comment

Hello guys, today I'm going to share you the process of installing Kali Linux on your Android Smartphone.
Before moving on, lets  get handy with all that you need to get Kali Linux working on your Android.


  1. A device running Android 2.1 and above, rooted.
  2. Rooted Android device.
  3. At least 5 GB free space on internal or external storage.
  4. Completely charged Android device.
  5. Busybox App. Download here.
  6. Linux Deploy. Download here.
  7. Android VNC Viewer. Download here.
  8. A fast internet connection.
  9. Last but not least, patience.
Step 1:
First we need to install UNIX Scripts into our device using Busybox App. Download and install the app.

Step 2:
Setting up Linux Deploy:
  • First of all download and install Linux Deploy App on your device from Google Play Store.
  • Now after downloading and installing it launch the app in your device and there tap on the download button.
  • Now there tap on Distribution option and change it to Kali Linux.
  • Now scroll up and click on the Install button at the top of there.
  • Now wait for the download to finish, it requires time depending upon your internet speed.


Step 4:
  • Now download and install VNC Viewer App in your Android from Play Store.
  • Now launch the VNC Viewer App and fill up the settings.
  • Now click on Connect button there.
Now you're done and you will be able to run Kali Linux on your Android device!

Thank you for reading this article...

Subscribe to: Posts (Atom)