Converting Android Operating System into Penetration Testing Device
Android operating system developed by Google, based on a modified version of the Linux kernel and other open source software and designed primarily for touchscreen mobile devices such as smartphones and tablets.
Big corporations trying to improve the user experience by making everything around simplify, increasing performance and connections with “IoT’s”. Today with the Android operating system installed on the most robust smartphones, we have their strengths and weaknesses.
A Linux system, have their limitations and permissions. The user that makes the “Root” on the mobile device, will have full access to the system from view, edit and delete files and folders from the Android Operating System and even install tools of various features.
Preparing Android Smartphone for Penetration Testing
Once the application installs, we will have to do the “Root” mode to have full access to the Android system. Therefore, we can install the pentest and monitoring tools.
Apt-get is a powerful package management system that is used to work with Ubuntu’s APT (Advanced Packaging Tool) library to perform the installation of new software packages, removing existing software packages, upgrading of existing software packages.
First, we will use Linux repositories distributions for pentest, in this example, I am using the Kali Linux distro. Once we do the “apt-get update” command, we will have reliable fonts tools.
Apt-get is a powerful package management system that is used to work with Ubuntu’s APT (Advanced Packaging Tool) library to perform the installation of new software packages, removing existing software packages, upgrading of existing software packages.
Tools that we Get after Updating List
- NMAP: Security Scanner, Port Scanner, & Network Exploration Tool.
- Bettercap: Powerful tool to perform MITM Attacks
- Setoolkit: Allows to perform many Social Engineering Activities.
NMAP
Command # nmap 192.168.0.0/24
With NMAP installed, we have several ways to scan the network and test some services that are on servers.
At this simple lab, we performed a network scan and identified two network assets (but without any vulnerable service to attack).
Bettercap
Insert Command # bettercap –sniffer
We got the login credentials at access router.
In addition to HTTP, we also obtain the HTTPS but will not be covered in this article.
With the weakest link of information security being the USER, he will always be subject to attacks and even without realizing that the Web Site digital certificate will be changed to that of the attacker doing the MITM attack.
Setoolkit
Insert Command Insert Command # service apache2 start && /usr/share/setoolkit/setoolkit
We validate that the apache service is working correctly. As soon as we change the test page from apache and leave the fake Google page for this test, we will insert the email and password to make sure that the attack works.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Amazon Web Services Training in Hyderabad
Amazon Web Services Training in Bangalore
Amazon Web Services Training in Bhubaneswar
Summer Training for CSE, IT, BCA & MCA Students
Network Penetration Testing training
Certified Network Penetration Tester
Diploma in Web Application Security
Certified Web Application Penetration Tester
Certified Android Penetration Tester
Cybersecurity services that can protect your company:
Web Security | Web Penetration Testing
Web Penetration Testing Company in Bangalore
Network Penetration Testing – NPT
Network Penetration Testing Service in Bangalore
Android App Penetration Testing
Other Location for Online Courses: