HOW YOUR EMPLOYEE’S SMARTPHONES ARE SERIOUS THREAT TO YOUR ORGANIZATION?
Employee’s smartphones are a serious threat to the organization since it is allowed to use in the production environment. Android is the most popular mobile OS with more than 60% market share. As Android is ruling smartphone and tablet markets, developers are also creating more apps for Android devices. This is the reason why the Android market has millions of apps. Like websites, apps also need penetration testing to check for various vulnerabilities. Security testing for Android apps will need to have a penetration testing environment on your Android device.
Almost all Useful Hacking Tools, Scripts can be used on Your Android Mobile. Termux is a Powerful app which can be used to install useful packages, Hacking Tools On your Android
By installing this program, you can hack anything that comes to mind. From targeting websites, hacking computers, sniffing networks, brute forcing passwords, information gathering and many more.
For more details about termux can be found in their official termux page. Link for the has given below
Installation
Google Play: https://play.google.com/store/apps/details?id=com.termux F-Droid: https://f-droid.org/packages/com.termux/
INSTALLING PACKAGES FROM THE REPOSITORY
To install your favorite tool in termux you can run
pkg install <package name> Example pkg install nmap To get list of available packages in termux, run pkg list-all To search a package pkg search nmap To show more info about a package pkg show nmap
INSTALLING .DEB FILES
Manual way of installing .deb files
pkg install ./package.deb
or
dpkg -i ./package.deb
Termux packages are built using Ubuntu 16.10, so this means that developers can compile any existing software from their machine and then add it to the package manager for anyone to download. It is a very simple and elegant solution to what otherwise could be a complex and difficult problem. One amazing side effect of this is that once the software is compiled, you have full-fledged versions of the software rather than half-baked, ported versions of desktop Linux packages.
Termux gives you a bash terminal by default, but if you are like me and prefer Zsh for its advanced features, the FISH shell is also available. Multiple different shell types are certainly welcome.
Anyone that has used a terminal emulator application on Android knows the pain when you need to enter special keys to control the terminal such as CTRL or ESC. These keys aren’t displayed on the standard touch keyboards used on android devices (save for Hacker Keyboard). Termux developer Fredrik Fornwall, though, has a very novel solution to this. He has bound CTRL to the Volume DOWN key and other special keys like ESC to the Volume UP key. Therefore, by pressing Volume Up + the touch keyboard ‘L’ you can input the terminal command CTRL + ‘L’ which clears the terminal window. The ESC key is sent by pressing volume UP + ‘E’ key for example. You can view all the keys available in Termux on the developer’s website
FEATURES OF TERMUX API
Secure. Access remote servers using the ssh client from OpenSSH. Termux combines standard packages with accurate terminal emulation in a beautiful open source solution.
Feature packed. Take your pick between Bash, fish or Zsh and nano, Emacs or Vim. Grep through your SMS inbox. Access API endpoints with curl and use rsync to store backups of your contact list on a remote server.
Customizable. Install what you want through the APT package management system known from Debian and Ubuntu GNU/Linux. Why not start with installing Git and syncing your dotfiles?
Explorable. Have you ever sat on a bus and wondered exactly which arguments tar accepts? Packages available in Termux are the same as those on Mac and Linux – install man pages on your phone and read them in one session while experimenting with them in another.
With batteries included. Can you imagine a more powerful yet elegant pocket calculator than a readline-powered Python console? Up-to-date versions of Perl, Python, Ruby, and Node.js are all available.
Ready to scale up. Connect a Bluetooth keyboard and hook up your device to an external display if you need to – Termux supports keyboard shortcuts and has full mouse support.
Tinkerable. Develop by compiling C files with Clang and build your own projects with CMake and pkg-config. Both GDB and storage are available if you get stuck and need to debug.
term up has a list of command, all those can be found at link given
https://github.com/termux/termux-packages/blob/master/packages/command-not-found/commands.h
INSTALL SQLMAP
Let’s do a practical session on how to install sqlmap on our android device.
As we know that sqlmap is a most amazing website vulnerability scanning tool which is mostly used by pen testers, Hackers, Security Researchers and so on.
Sqlmap is written in Python programming language environment, so that we need to have python installed in termux ,to install python in termux, run the command
pkg install python2
once the installation is complete, we need to install git package because we are going to download sqlmap from the git repository
to install git in termux
run the command :
pkg install git
now its time to install our favorite tool sqlmap
so run: git clone https://github.com/sqlmapproject/sqlmap.git
the download process and the installation process will take some time, once it’s been done
then navigate to the sqlmap directory using the following command
cd
then list the files using ls command
now navigate to the sqlmap-dev folder using “cd sqlmap-dev”
once you entered into the folder, list the files using ls command
so you will see the executable file of sqlmap
since sqlmap run under python, so we need to run using the following command
python2 sqlmap.py
bingo … now we have successfully installed sqlmap on our android device itself. Using the same method we can able install different tools on our android device.
Termux: Hackers Perspective
Before termux was originated, hackers were using so many application to perform different attacks. But now everything has come into single app, which is termux. Now this the time where hackers will take over every system easily.
Hackers install Kali Linux on their android phone but it requires some time and patient, but this app looks alternative for the kali.
So now hackers got the best handy tool. Hackers can able to get into your network and he/she can able to perform post exploitation techniques such as MITM, exploitation, etc.
Mitigation from hackers attacks
- The users need to take necessary precautions in order to protect their devices, as the hackers can exploit any network using termux without the knowledge of the user.
- Patch anything and everything. Keep in mind that your secure environment from a month ago is now wide open thanks to Patch Tuesday
- The second Tuesday of each month when Microsoft releases security patches.
- Some months there are in excess of 30 patches released. That’s 30 potential vulnerabilities. Miss a month … 60 … two months … 120. Hackers are always finding new attack holes and methods into the system software.
- Patches and new versions of system software are frequently released to fix these newfound problems.
- Hackers are a close-knit community and they are more than willing to share your network’s flaws with their neighbors.
Be prepared and Be secured!!!
Author
Venkatesh C>S
Security Engineer
Security Engineer
BriskInfosec Technology and consulting PVT LTD
Follow me @ https://www.linkedin.com/in/venkatesh-c-s-44174711b/
No comments:
Post a Comment