Clandestine EDC Gadgets

recon
hackers

#1

One of my favorite posts on this site that I continue to go back to is @VVid0w’s post about the ideal Hackers EDC Bag.

But seeing as it may not be practical to bring ALL of your combat gear grocery shopping, or running day to day errands, what kind of smartphone apps, or very small gadgets can you use for when you stumble across something on the go? Something totally inconspicuous you could use in a crowd of people, or be able to conceal comfortably?

I found a few useful android apps that I have been playing around with. Most of you probably know about these, but I thought I’d share with you guys anyways. They are all tools that are great for Reconnaissance. But this isn’t a foot printing only post, I want to hear about what tools you all use for anything that has to do with you physically being close to a network, that won’t look suspicious.


  1. EZnetScan+ ($1.99)

There is also a free version with tons of features, just doesn’t have alot of the network commands.

EZnetScan+ is a fun tool that can be used for very basic Recon. It’s designed to aid in basic personal network administration. It has alot of awesome features that allow you to gather some great information as long as you can connect to the network you can see everything else running through it. It’s great for seeking out what else a public network has connected to it.

There is also a free version

Features

  • Quick tools
  • Traceroute
  • DNS Lookup
  • TCP Port Scans
  • Ping

The Pro version includes network commands that allows you to view and manage -

  • Software inventory
  • Hardware and storage
  • Running Services
  • Running Processes
  • SMB protocol

Pros

Easy to use
Inconspicuous
A Lot of features and useful tools

Cons

Have to be connected to the network
Not very stealthy if not using a burner phone

  1. FaceNiff

FaceNiff is a nifty little session hijacker allowing you to intercept web session profiles over the WiFi network your phone is connected to.
Apparently it works over WEP/WPA-PSK/WPA2-PSK. It does require a Rooted Phone however, and will not work if any of your targets are using SSL. I personally don’t have much experience using this. I really want to get it working, but for any learning hacker, there is only so much time you can spend troubleshooting different things. It looks cool in theory, if working correctly. Does anyone have any experience using this app? Let me know!

You can hijack session profiles from FaceBook

Twitter
Youtube
Amazon
Vkontakte
Tumblr
Myspace
Tuenti
MeinVZ/StudiVZ
Blogger
Nasza-Klasa

Pros

Stealthy
Inconspicuous
Simple to use

Cons

Rooted Phone Required
Will not detect targets using Secure Socket Layers(SSL)

There is alot of cool apps out there, I didn’t really make this post as a tutorial, i just wanted to start a cool discussion so we can bounce some findings, ideas, and concepts around!

What kind of cool tools do you guys know about? They dont even need to be apps, or hacking tools, i am just looking for something that you can have on your person at all times that wouldn’t draw attention, or be uncomfortable to lug around all day, that can aid you in a successful penetration.


(Ne0_) #2

Concerning FaceNiff, how can you list all these services as hijackable if most of them use SSL exclusively (at least AFAIK)?
Are there HTTP-versions of those sites (like Facebook, twitter, amazon, tumblr) that I don’t know of?


(Command-Line Ninja) #3

Agreed. I don’t think it works anymore. You can potentially bypass HSTS with sslstrip+, but this is nothing more than a MITM script with cookie support.

Also. ARP isn’t stealthy at all. Not anymore.

For network scanning on Android, fing is my favourite. It has a nice interface and is really quick.


([email protected] [email protected]) #4

Nice article! Personally, I think having a rooted smartphone specifically for carrying with you on pentests is honestly one of the most valuable pieces of equipment. In fact, the pwny express pwn phone is a tool designed for just that!

There’s also an android image called Kali Nethunter that features a fully functional kali-linux distro on your mobile device if you prefer to go that route. Unfortunately, I’m unable to offer any insight on these because I’ve not been able to get ahold of a device that would allow me to flash the image without making a custom kernal for it.


Although, currently I’ve got a rooted Kindle fire that I loaded up with a bunch of pentesting apps. If I must be honest though, I feel as though it’s sub-standard compared to both the pwn phone and Kali Nethunter. Just for the simple fact that it doesn’t really offer everything those specialized tools do. Here’s my list of apps and a short description of what they do: (not including the ones you’ve already listed)

1.) Juice SSH: It’s an SSH client that I use mainly for my headless kali raspi.

2.) Connect bot: Another SSH client for when I need to connect to two devices at once.

3.) VNC Viewer: For viewing VNC sessions lol.

4.) Orfox: TOR Browser for android.

5.) Orbot: TOR client for android. Allows me to route all traffic on the device through the TOR network.

6.) NetworkMapper: Nmap for android.

7.) Fing: [quote=“pry0cc, post:3, topic:2098”]
For network scanning on Android
[/quote]

8.) Network Spoofer: Lets you edit content on non ssl websites to your liking. Basically just a MiTM troll attack tool. (Although it could be useful with the custom redirect option. Also for propaganda lol)

9.) ES File explorer: File manager for android. It’s better than the default.

10.) WiFi key view: For viewing the wifi keys you’ve used for any access point. (Basically just so you don’t have to try to remember what you put in)

11.)Terminal Emulator: Well…it emulates a terminal lol. Can’t do without one on a “[email protected] [email protected]” even though I don’t really need it rofl.

12.) Cluster snippits: This is an addon to Juice SSH. It lets you run a script through juice ssh so that you dont have to type it directly into the terminal. You can also save your scripts. They’re called “snippits”.

13.) AnDOSoid: Basically LOIC for Android.

14.) Droid SQLi: SQL Injection for Android.

15.) Evil Operator: Connect two people to a phone call and listen /record. Doesn’t work on my Kindle, but I still have it for some reason rofl.

16.) WhatsAppSniffer: Does as its namesake suggests.

17.) zANTI: Network testing tool. Allows you to scan for vulns, check for ShellShock & SSL Poodle, and conduct MiTM attacks.

18.) Nipper: Website information gatherer.

19.) WPS WPA Tester Premium: Tries to bruteforce accesspoints that have wps and wpa enabled.

20.) HID Shell Me: Human Interface Device shells.

21.) WiFiKill: Kills a specific devices wifi connection while still making it look as though they are connected. (Doesn’t really work on my Kindle unfortunately.)

22.) Shark: Wireshark for android.

23.) Shark reader: PCAP reader for Android.

24.) cSploit: Basically zAnti but better. Has loads more options. You’d have to look this one up because there’s too much for me to list.

25.) USB Cleaver: Gets creds from Windows machines (2000 and up). Doesn’t work on my kindle.

26.) inSSIDer: Lets you look at all the access points around you, what channel they’re using, and graphs their strengths.

27.) Lucky Patcher: Lets you “patch” applications to get free inapp purchases (doesn’t work on all apps)

28.) Cheat Droid: Lets you edit the contents of an app. It’s named cheat droid as a marketing scheme and because it’s mainly thought that it’s use will be adding coins or whatever to your game.

29.) Blackmart: Free apps that you normally have to pay for.

30.) Aptoid: Same as Blackmart, except there are repos you can choose.

31.) Google Play Store: Because it doesn’t come on the Kindle by default.


Hope this helped! All in all, the Kindle isn’t the worst pentesting platform but it’s certainly not the best either. And that goes for any rooted phone as well. I’d reccomend spending the money to get a nexus device and putting either the Pwnphone or Kali Nethunter on it to be honest, especially if you’re planning to carry it on you in real engagements. (You will need to purchase an external network card that’s capable of packet injection though. I reccomend the TP-Link TL-WN722N because it’s small af and works exceptionally. You’ll also need an OTG cable to connect the nic to the device.)

EDIT: Side note - When using these, it looks like you’re just playing on a tablet or phone which is nothing out of the ordinary. I’d install a few games though so you can quickly switch to those in case someone gets nosey.


Services & Tools [Wiki]
(Not a N00b, but still learning) #5

I used FaceNiff about 4 years ago and it worked :heart_eyes:
One of the best moments of my skid times :joy:
Personally I have a Phone with NetHunter next to me so I could do some writeups in the summer if people are interested.


(Command-Line Ninja) #6

Zanti is my favourite app for MITM.

cSploit actually allows you to run metasploit modules. Which is insane for Android.


([email protected] [email protected]) #7

Yea, its pretty intense. Being able to pwn a box with nothing but your phone.


#8

Amazing reply/post as always, thank you so much! im off to make a spyphone now!


#9

@VVid0w
I never heard about the WhatsAppSniffer. Is that working for real? And how does it work technically?

Otherwise this is a great list of tools, thanks for the write up!


(system) #10

This topic was automatically closed after 30 days. New replies are no longer allowed.