Portable Hardware Devices for Penetration Testing

All of us at some point or the other think of a possibility of “remoting” a penetration test. Five years ago, you would have to engineer something like this for to suit your own requirements. However now, there are commercial tools already available that help you do that and much more. This is an attempt to do just that – compile a list of portable hardware devices for penetration testing, which you can plug into the “targeted” network and run your tests from else where. Some of them are commercial and the rest are open source.

List of Portable Hardware Devices for Penetration Testing :

1). Raspberry Pi / BeagleBone Black / Hardkernel ODROID : I am a bit biased towards the Raspberry Pi model 3 as it has the hardware required to be a good tool. You do not need a WiFi dongle, or even a bluetooth chip. Just plug it in, install a good OS like the Kali Linux and you are done! These come pretty cheap and are pretty low profile. They run an awesome Quad Core 1.2GHz Broadcom BCM2837 64bit CPU with 1GB RAM and the BCM43438 wireless LAN and Bluetooth Low Energy (BLE) on board. You can even use them for other purposes. Order them online at Amazon or the official store here. If you want to be extra stealthy, get their RASPBERRY PI ZERO W which offers a single-board computer with wireless and Bluetooth connectivity. An awesome article by the guys at BlackHills Information Security detailing their drop box can be found Here.

2). VIA ARTiGO A900 : I do not know how many of you have heard about this, but they are pretty cool too. These devices run a decent 1.0GHz VIA Elite E1000 Cortex-A9 dual-core SoC along with 2GB DDR3 of onboard SDRAM. It has a Realtek RTL8111G PCIe Gigabit Ethernet controller, and no wireless access. (Get It Here)

3). MiniPwner : The MiniPwner is a penetration testing “drop box”. It is designed as a small, simple but powerful device that can be inconspicuously plugged into a network and provide the penetration tester remote access to that network. It runs a portable TP-Link MR3040 running OpenWRT with a 2000 mAh built-in battery. Multiple penetration testing tools such as aircrack-ng, elinks, ettercap-ng, karma, kismet, nbtscan, netcat, nmap, openvpn, perl 5, samba client, snort, tar, tcpdump, tmux, yafc, and wget all come pre-installed. Two versions are available : MiniPwner Community Edition and a pre-built setup. (Get It Here)

4). DreamPlug / SmilePlug / GuruPlug / SheevaPlug : These come from GlobalScale Technologies and are plug computing devices that run network-based software services. These make a worthy addition to the list of portable hardware devices for penetration testing. (Get Them Here)

5). #r00tabaga : The Ace r00tabaga is similar to the MiniPwner, but has some more features. It can be used as a penetration testing drop box or even as a Hot-Spot honeypot, inconspicuously intercepting WiFi probe requests from every target device. #r00tabaga also runs the running OpenWRT platform with a 2000 mAh built-in battery. This is un-available for order as of now, but sure is a good addition to the list of portable hardware devices for penetration testing. (Get It Here)

6). PWN PLUG R3 / PWN PLUG R4 : If you are lazy and want a fully customized solution for your needs, and you have the money, get these from the guys are Pwnie Express. These are the standard penetration testing devices in a portable form factor with onboard high-gain 802.11a/b/g/n/ac wireless antenna and Bluetooth. These also run Kali Linux and run over 100 OSS-based penetration testing tools including Metasploit, SET, Kismet, Aircrack-NG, SSLstrip, Nmap, Hydra, W3af, Scapy, Ettercap, Bluetooth/VoIP/IPv6 tools! (Get It Here) 

7). LG Nexus 5 : this monster android device officially support some best pentesting rom such as pwn phone & kali nethunter... you can flash these roms in your nexus 5 and convert your android device into a hacking machine..

That’s all from me for now. This list is arranged with no preference to any make or model. I will keep on updating this list of portable hardware devices for penetration testing as I find more devices. If you know of any, let me know.

and if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 

https://www.h4ck3rthebook.blogspot.com

Twitter : https://www.twitter.com/thehackingsage

Instagram : https://www.instagram.com/thehackingsage

Github : https://www.github.com/thehackingsage

& DON'T FORGET TO SUBSCRIBE..!!!

YouTube : https://www.youtube.com/channel/UCYK1n9A4TUq1CvGc6F3DzoA

Keep Visiting... Enjoy !!! :)

HIJACKER : All in One WiFi Hacking App for Android

Hijacker is a Graphical User Interface for the penetration testing tools Aircrack-ng, Airodump-ng, MDK3 and Reaver. It offers a simple and easy UI to use these tools without typing commands in a console and copy&pasting MAC addresses.

This application requires an ARM android device with an internal wireless adapter that supports Monitor Mode. A few android devices do, but none of them natively. This means that you will need a custom firmware. Any device that uses the BCM4339 chipset (MSM8974, such as Nexus 5, Xperia Z1/Z2, LG G2, LG G Flex, Samsung Galaxy Note 3) will work with Nexmon (which also supports some other chipsets). Devices that use BCM4330 can use bcmon.

An alternative would be to use an external adapter that supports monitor mode in Android with an OTG cable.

The required tools are included for armv7l and aarch64 devices as of version 1.1. The Nexmon driver and management utility for BCM4339 and BCM4358 are also included.

Note : Root access is also necessary, as these tools need root to work.

Features :

Information Gathering

• View a list of access points and stations (clients) around you (even hidden ones)
• View the activity of a specific network (by measuring beacons and data packets) and its clients
• Statistics about access points and stations
• See the manufacturer of a device (AP or station) from the OUI database
• See the signal power of devices and filter the ones that are closer to you
• Save captured packets in .cap file

Attacks

• Deauthenticate all the clients of a network (either targeting each one (effective) or without specific target)
• Deauthenticate a specific client from the network it's connected
• MDK3 Beacon Flooding with custom options and SSID list
• MDK3 Authentication DoS for a specific network or to every nearby AP
• Capture a WPA handshake or gather IVs to crack a WEP network
• Reaver WPS cracking (pixie-dust attack using NetHunter chroot and external adapter)

Other

• Leave the app running in the background, optionally with a notification
• Copy commands or MAC addresses to clipboard
• Includes the required tools, no need for manual installation
• Includes the Nexmon driver, required library and management utility for BCM4339 and BCM4358 devices
• Set commands to enable and disable monitor mode automatically
• Crack .cap files with a custom wordlist
• Create custom actions and run them on an access point or a client easily
• Sort and filter Access Points and Stations with many parameters
• Export all gathered information to a file
• Add a persistent alias to a device (by MAC) for easier identification

Installation :

Make Sure :

• you are on Android 5+
• you are rooted (SuperSU is required, if you are on CM/LineageOS install SuperSU)
• you have a firmware to support Monitor Mode on your wireless interface

Download The Latest Version : Click Here

When you run Hijacker for the first time, you will be asked whether you want to install the nexmon firmware or go to home screen. If you have installed your firmware or use an external adapter, you can just go to the home screen. Otherwise, and if your device is supported, click 'Install Nexmon' and then 'Install'. Afterwards you will land on the home screen and airodump will start. Make sure you have enabled your WiFi and it's in monitor mode.

Note: On some devices, changing files in /system might trigger an Android security feature and your system partition will be restored when you reboot.

Troubleshooting :

This app is designed and tested for ARM devices. All the binaries included are compiled for that architecture and will not work on anything else. You can check whether your device is compatible by going to Settings: if you have the option to install Nexmon, then you are on the correct architecture, otherwise you will have to install all the tools manually (busybox, aircrack-ng suite, mdk3, reaver, wireless tools, libfakeioctl.so library) in a PATH accessible directory and set the 'Prefix' option for the tools to preload the library they need: LD_PRELOAD=/path/to/libfakeioctl.so.

In settings, there is an option to test the tools. If something fails, you can click 'Copy test command' and select the tool that fails. This will copy a test command to your clipboard, which you can manually run in a root shell and see what's wrong. If all the tests pass and you still have a problem, feel free to open an issue here to fix it, or use the 'Send feedback' option in the app's settings.

If the app happens to crash, a new activity will start which will generate a bug report in your external storage and give you the option to submit it by email. The report is shown in the activity so you can see exactly what will be sent.

Do not report bugs for devices that are not supported or when you are using an outdated version.

Keep in mind that Hijacker is just a GUI for these tools. The way it runs the tools is fairly simple, and if all the tests pass and you are in monitor mode, you should be getting the results you want. Also keep in mind that these are auditing tools. This means that they are used to test the integrity of your network, so there is a chance (and you should hope for it) that the attacks don't work on your network. It's not the app's fault, it's actually something to be happy about (given that this means that your network is safe). However, if an attack works when you type a command in a terminal, but not with the app, feel free to post here to resolve the issue. This app is still under development so bugs are to be expected.

Warning :

Legal

It is highly illegal to use this application against networks for which you don't have permission. You can use it only on YOUR network or a network that you are authorized to. Using software that uses a network adapter in promiscuous mode may be considered illegal even without actively using it against someone. I am not responsible for how you use this application and any damages you may cause.

Device

The app gives you the option to install the Nexmon firmware on your device. Even though the app performs a chipset check, mistakes happen. The app currently includes the Nexmon firmware for BCM4339 and BCM4358 only. Installing the wrong firmware on a device may damage it (and I mean hardware, not something that is fixable with factory reset). I am not responsible for any damage caused to your device by this software.

That's It !!! if you like this post please like & share with your friends..

Download H4CK3R The Book (An Ethical Hacking ebook For Beginners) : 

https://www.h4ck3rthebook.blogspot.com

Twitter : https://www.twitter.com/thehackingsage

Instagram : https://www.instagram.com/thehackingsage

Github : https://www.github.com/thehackingsage

& DON'T FORGET TO SUBSCRIBE..!!!

YouTube : https://www.youtube.com/channel/UCYK1n9A4TUq1CvGc6F3DzoA


Keep Visiting... Enjoy !!! :)