Have you ever wanted to turn your android phone into a penetration testing tool or a handy dandy network analysis device? You tried booting it up with a Linux distro and installed some network penetration testing and networking applications, but you discovered that it consumes a lot of your phone’s RAM or it hangs up your phone. No need to worry about that, because dSploit has been unleashed (although it is still in its beta stage) by Simone Margaritelli a.k.a evilsocket, which is also sponsored by the BackBox Linux as one of its projects just like Weevely, Fang and NetCommander.
dSploit is an Android network penetration suite or an all-in-one network analysis application that is free to download for you to try out. The said application allows a user or a tester to perform network security assessments and penetration tests by just clicking on the available modules and options that are pre-compiled in the app. It is designed to be fast, handy, and easy to use (more of a point and click app).
How to Install dSploit in Your Android Device
What you need first is to secure or get an Android device that has at least the 2.3 ( Gingerbread ) version of the Operating System, and then root it. If you haven’t rooted your Android device yet, then the article entitled ‘The Always Up-To-Date Guide to Rooting the Most Popular Android Phones‘ from Lifehacker.com could maybe help you solve your problem. After rooting your device, install the Busybox app on your phone. Make sure that you install all of its utilities or do a full install!
Download:Play Store
Take note that before you open up the dSploit app, make sure that you are currently connected to a network through a wireless connection or WiFi so that you could already start your network security assessments and your dSploit exploration. I know you are very excited, so let’s move on with the basics of dSploit and how to work with it based on what I did while scanning my network, with no harm done to the network of course.
dSploit Description and Basics
Before we talk about digging into dSploit’s usage, let’s take a look at the available modules for the said application as introduced and explained by evilsocket of Backbox Linux in the xda-developers forum site:
RouterPWN
= Launch the http://routerpwn.com/ service to pwn your router.
Trace
= Perform a traceroute on target.
Port Scanner
= A syn port scanner to find quickly open ports on a single target.
Inspector
= Performs target operating system and services deep detection, slower than syn port scanner but more accurate.
Vulnerability Finder
= Search for known vulnerabilities for target running services upon National Vulnerability Database.
Login Cracker
= A very fast network logon cracker which supports many different services.
Packet Forger
= Craft and send a custom TCP or UDP packet to the target.
MITM
= A set of man-in-the-middle tools to command & conquer the whole network. (See the images below for the complete MITM tools with their description)
Once dSploit is opened or started, it automatically maps the network you are currently connected to and fingerprints the active or alive hosts in your network, including your device, just like the image below.
As you can see from the image above, the application recognizes your network subnet mask, your network gateway or the router, your Android device (my Samsung Galaxy Pocket GT-S5300) on 192.168.10.6, the active devices that are connected to the network, and the mac addressees of the devices.
By selecting your network subnet mask or a certain device and host that is connected to the network (e.g the IP address 192.168.10.7 which is my laptop), you can easily perform man-in-the-middle attacks such as network sniffing (http, ftp, imaps, irc, msn, telnet logins, mysql, ssh, etc.), session hijacking, kill connections, redirect all the http traffics to a certain web address, replace all images and YouTube videos on web pages with a specified one, inject a JavaScript in every visited web page, and replace custom text on web pages with a specified one by using the MITM module.
Here is a screenshot I took after selecting the IP address 192.168.10.7 as my target and selected the MITM module specifically the Password Sniffer option while logging in to a website that I was registered to and while establishing a telnet connection to a free OpenVMS cluster in deathrow.vistech.net.
By default the sniffer logs are stored in the /sdcard/dsploit-password-sniff.log but you can also change its log file name under the Password Sniffer File option of the dSploit Settings. Thus, you keep the logs for future references.
Aside from the MITM module, if you have selected a certain device as your target (e.g 192.168.10.7 which is running Ubuntu Linux) you can also perform a syn port scan by using the Port Scanner module, but I prefer using the Inspectormodule which does a deep scan on your operating system and identifies the services that are up and running. It also recognizes the operating system or kernel and is more accurate but slower than the syn port scan. There are still a lot of improvements to be done for the scanning option of the Inspector module, but at least it has detected that my LAMP (Linux Apache MySQL, PHP / Perl / Python) server is running.
Then you can use the Vulnerability Finder module to check for the known vulnerabilities that the target is running as scanned by the Inspector module. It uses the National Vulnerability Database as its reference. Take note that you cannot select the Vulnerability Finder module without using the Inspector module first.
Selecting the Kill Connections option under the MITM module could really prevent a certain target from reaching any website, which reminds me of a similar app called Wifi Kill, but the target still remains connected to the network. This can be used for trolling other users if they are watching pr0n (LOL).
By selecting your router or network gateway as your target you can use all the modules including the exceptionalRouterPWN module, which launches a web application that helps you in the exploitation of known vulnerabilities for SOHO (Small Office / Home Office) routers like the exploits; Huawei HG5XX Mac2wepkey Default Wireless Key Generator, EasyBox Standard WPA2 Key Generator, Backdoor password in Accton-based switches (3com, Dell, SMC, Foundry and EdgeCore), D-Link WBR-1310 Authentication Bypass set new password, D-Link DIR-615, DIR-320, DIR-300 Authentication Bypass, D-Link DAP-1160 Authentication Bypass, 704P denial of service, DSL-G624T DSL-G604T directory traversal, DWL-7x00AP configuration disclosure, G604T DSL Routers “firmwarecfg” Authentication Bypass, HG520c HG530 Listadeparametros.html information disclosure, HG510 rebootinfo.cgi denial of service, Arris Password of The Day Generator,OfficeConnect 3CRWE454G72 configuration disclosure, and many more to mention.
For each of the exploits in the RouterPwn web application, you can change the destination IP by clicking on the [IP] link next to the exploit. Although there are still exploits for Huawei that are not included, which I hope to be included next time, like the Huawei bm622 Local file disclosure under the 192.168.1.1/html/management/account.asp address and the default usernames and passwords for some Huawei devices in telnet and for its web application.
The RouterPWN module is only available for use if the target is detected as your network gateway or router just like the targets below.
Aside from scanning and probing your network, you can also add a custom or a foreign target by selecting the ‘+’ sign. Then you can just type and enter the URL, hostname, or IP address just like the image below.
In my case, I chose my favorite search engine website which is Google. Based on the target that I have just chosen, I can use the modules: Trace, Port Scanner, Inspector, Vulnerability Finder, Login Cracker, and the Packet Forger. And so here are some screenshots I took in the selection of the modules Trace, Port Scanner, Inspector, and Vulnerability Finder.
What’s good about dSploit is that it checks for updates everytime the application is started and prompts you to download the new version.
You can actually disable the update under the Settings page, wherein you can also the edit and change the Module options like Sniffer Sample Time, HTTP Max Buffer Size, and the Password Sniffer File, but I prefer updating it if there is a new version available.
ไม่มีความคิดเห็น:
แสดงความคิดเห็น