Wednesday, September 28, 2011

Penetration Testing with an Android




Some of the tools that it includes are:
Metasploit 2.7 and 3.4
Nmap
w3af
Amap
Openssh
Tightvnc
Scapy
Python, Perl and Ruby interpreters
and many more.
Because it's based on gentoo is pretty easy to customize and add or remove packages from it (soon we will post a tutorial on that).

Requirements:
NOTE: The build was done targeting a generic arm processor. If you have some other device with such processor and a good amount of ram it will probably work for you too (let us know!).
A rooted phone (you'll need root privileges to mount the image). I've been testing it on a Samsung Spica phone (800mhz, Android 2.1, 256 ram) and it runs fine. It does not use the uclibc toolchain so it will use more memory than other embedded apps. You'll also need 1gb of space in your memory card.
ConnectBot, Scripting Layer for Android (SL4A) or another terminal emulator for Android.

How to use it:

WARNING: THE IMAGE WILL HAVE ACCESS TO YOUR PHONE'S WHOLE /DEV DIRECTORY. WE WILL NOT TAKE RESPONSIBILITY FOR ANY DAMAGES YOU MIGHT DO TO YOUR PHONE.

http://tinderbox.dev.gentoo.org/~darkside/ribadeo-alpha.tar.gz
or
http://www.megaupload.com/?d=U1Z0H1D6
or
http://filevo.com/4s64il0ifolp.html

SHA-256: 5baaab342811fe1ae6ff9f774e92c0bd385bd7c85ffb568a6cf478522a5ad606
ribadeo-alpha.img
SHA-256: d73a6daaaddd0693dba65b07506227b51a1b3222a74beb04c883c2664051881a
bootribadeo.sh
SHA-256: 5067160497c252268b57e7562b21e2690821d443abae03bb426a9a8d4ec82640
Copy both to your memory card.
You can download the image from here:
Inside the ribadeo-alpha.tar.gz you'll find 2 files
Open your favorite terminal app and type 'su' to gain root privileges.
Now type
'cd /sdcard'
and then
'sh bootribadeo.sh'
The environment should boot, now enter the command
'env-update;source /etc/profile
' and you'll be ready to go.
Some things that are missing from the image and that we need to improve:
An Android gui for the most commonly used tools (and to automate the mounting process).
Trimming down the fat from the image (Right now is a full blown linux basesystem).
Saving configurations and files across sessions.
It's slow. It was build using generic compilation flags so there is room for improvement.

0 comments for "Penetration Testing with an Android"

Post a Comment

background