Powered by Blogger.
Home » » Module 10: Wireless Penetration Testing Methodology : Exercise 1: Gaining Complete Access to an Android Device Using SpyNet

Module 10: Wireless Penetration Testing Methodology : Exercise 1: Gaining Complete Access to an Android Device Using SpyNet

Written By AKADEMY on Wednesday, July 3, 2019 | 11:39 AM

Module 10: Wireless Penetration Testing Methodology

Objective

The labs in this module are designed to make you familiar with pen testing methodology to audit a wireless network infrastructure consisting of mobile devices by creating a malicious apk file and executing it.

Scenario

Wireless networks provide the attackers with convenient access points to penetrate an organization. By finding a secure spot in the vicinity of a building, hackers can exploit a wireless signal and gain entry into an organization’s internal network. Starting from the SSID of the wireless network to its strength in different areas of its radius, everything is critical to wireless security. Password for the wireless signal, encryption methodology and protocols used, devices interacting with the network are all potential weak points for the hackers to exploit. As a wireless penetration tester, you have to ensure that all the vulnerable points of a network are either secured or strengthened. You also have to identify the users who can easily be enticed to click on links or execute the malicious files you built.

Exercise 1: Gaining Complete Access to an Android Device Using SpyNet

Scenario

SpyNote is a client/server application developed in Java Android for the client side and in Java/Swing for the Server side. The goal of the application is to provide the control of the Android system remotely and retrieve information from it.
Personnel working in an organization might carry their mobile devices to the workplace and use them to access enterprise data and systems. Hence, it is evident that mobile devices contain sensitive information related to organizations. This might open doors for attackers to perform attacks and get control over the personnel’ devices and access them to gain sensible information related to the organizations. This might reveal information related to the policies of the organization, payrolls of its personnel, HR policies, quotations signed by clients, and so on.
Being a penetration tester or an information security auditor, you should have knowledge of how to develop a malicious apk file and merge it with a genuine apk file. When this file is shared with an employee in an organization and he/she installs it, the apk gives complete access to the pentester.
In this lab, you will learn how to gain remote access to a device by using a remote access Trojan.
Lab Duration40 Minutes
  1. Click Windows Server 2012 (Internal Network).
    Screenshot
  2. In the password field click Pa$$w0rd and press Enter.
    You can also use the Type Passwordoption from the Commands menu to enter the password.
    Screenshot
  3. Navigate to E:\ECSAv10 Module 10 Wireless Penetration Testing Methodology\SpyNoteand double-click SpyNote.exe.
    If an Open File - Security Warning pop-up appears, click Run.
    Screenshot
  4. SpyNote listener window appears.
    You need to configure a port on which you want SpyNote to listen. To perform this, click Listen Port option in the lower left corner of the Listener window.
    Screenshot
  5. Open Port window appears. In this lab, we will be configuring SpyNote to listen on port 4444. To perform this, type 4444 in the Port field and click Add.
    Screenshot
  6. You will observe that the port has been added. Click Ok to close the window.
    Screenshot
  7. Click Build Client option in the lower section of the listener window to launch the Build Client.
    Screenshot
  8. Build Client window appears displaying the Client Info section. Enter the App Name as Instagram and click Dynamic DNS tab.
    Screenshot
  9. Dynamic DNS section appears, enter the IP address of Windows Server 2012 (Internal Network) in the IP field. The IP address to enter is 192.168.168.8.
    Type 4444 in the Port field and click Add.
    By doing so, we are configuring the client to connect to 192.168.168.8 on port 4444.
    Screenshot
  10. The IP Address and Port are added to the client. Click on Properties tab.
    Screenshot
  11. We will be configuring the client in such a way that it gets hidden upon installation. To perform this, check Hide application option, and uncheck the other options as we are not focusing on keylogging, device administration, and so on in this lab.
    Once you check the option, click on the Merging app tab.
    Screenshot
  12. We will be merging the malicious apk with Instagram app. So, when a person installs the app, the original Instagram app is installed and displayed in the applications menu, while the malicious app gets hidden and runs in the background.
    To merge with the Instagram app, check Merging app, and click Add.
    Screenshot
  13. Open window appears, navigate to E:\ECSAv10 Module 10 Wireless Penetration Testing Methodology\SpyNote\Patch, select com.instagram.android.apk and click Open.
    Screenshot
  14. The Instagram apk has been added to the Merging App section. Enter the Package Nameas com.instagram.android.apk.
    Screenshot
  15. Now, click on Build button in the top left corner of the Build Client window and click Build APK.
    Screenshot
  16. Open window appears, navigate to E:\ECSAv10 Module 10 Wireless Penetration Testing Methodology\Remote Access Trojans\SpyNote\Patch, select Patch-release.apk and click Open.
    Screenshot
  17. SpyNote takes some time to build the client.
    Once the client is created, the client folder opens as shown in the screenshot.
    Screenshot
  18. In order to make the client look more realistic, we shall rename the file to Instagram.apk as shown in the screenshot below.
    Screenshot
  19. Now, close the Build Client window.
    Screenshot
  20. Click Marketing Dept Subnet D and click Ctrl+Alt+Delete.
    Screenshot
  21. In the password field click Pa$$w0rd and press Enter.
    You can use the Type Password option from the Commands menu to enter the password.
    Screenshot
  22. Double-click AVD Manager.exe shortcut icon on the Desktop to launch the Android Virtual Device Manager.
    Screenshot
  23. Android Virtual Device (AVD) Manager window appears, select AVD_for_3_2_QVGA_ADP2 and click Start…
    Screenshot
  24. Launch Options window appears, check Scale display to real size option, enter the Screen Sizeas 6, and click Launch.
    Screenshot
  25. AVD_for_3_2_QVGA_ADP2 emulator window appears, wait for the device to boot. It takes around 5 minutes for the booting process to complete.
    Close the Starting Android Emulatorwindow which appears behind the Emulator.
    Screenshot
  26. On successful boot, Android home screen appears. Leave the emulator device idle for 1-2 minutes in order to allow the device to gather all its resources.
    Screenshot
  27. In this lab, we will be allowing installation of apps from unknown sources on the device.
    Click the App Drawer icon on the home screen to launch the android menu.
    Screenshot
  28. Android Apps screen appears, Click Settings.
    Screenshot
  29. Settings screen appears; scroll down and click Security.
    Screenshot
  30. In the Security screen, check Unknown Sourcesto allow installation of apps from unknown sources on the device.
    Screenshot
  31. A pop-up appears; click OK.
    Screenshot
  32. Now, press Ctrl+H to navigate to the Homescreen.
    Screenshot
  33. Now, you need to install the malicious apk file in the emulator. In real-time, an attacker creates a malicious apk file and shares it with the victim through Email or any other means. As we do not have internet connectivity in iLabs, we shall be installing the apk file directly through adb shell.
    Navigate to \\192.168.168.8\ECSA-Tools\Building\apktool\out, copy Instagram.apk and paste it in C:\Program Files (x86)\Android\android-sdk\platform-tools.
    Screenshot
  34. In the same location, right-click adb.exe and click CmdHere from the context menu.
    Screenshot
  35. Type the command adb install Instagram.apkand press Enter. This installs the malicious application onto the emulator device.
    Screenshot
  36. On completing the installation, open the emulator window. Click the App Drawer icon on the home screen to launch the android menu
    Screenshot
  37. Android menu appears; click the Instagramapplication.
    Screenshot
  38. Instagram installation wizard appears again. By this time, the user will become suspicious about the application installed. He/she may discontinue the installation. However, by this time, SpyNet Client has already established a connection.
    You may install the Instagram application, or quit the installation.
    Screenshot
  39. If you proceed with Instagram installation, click Done.
    If you discontinued the installation, skip to the next step.
    Once you click on Done, you will observe that the original Instagram application has been installed on the device and the backdoor has gone into stealth mode, making the victim believe that nothing has gone wrong.
    Screenshot
  40. Now click Windows Server 2012 (Internal Network)
    As soon as you launch the application, you will observe that the SpyNet listener established a connection and displays the details of emulator device as shown in the screenshot.
    Screenshot
  41. Right-click on the device connection and click on Settings to view the device information.
    Screenshot
  42. Settings window appears displaying the device information in the Phone Info tab.
    Scroll down the window to view detailed information.
    Once you are done viewing the information, close the Settings window.
    Screenshot
  43. Right-click on the device connection and click on File Manager to view the file manager in the emulator.
    Screenshot
  44. File Manager window appears displaying the contents of /mnt/sdcard location.
    Now, we shall view and download the files present in the DCIM folder. To view the files, double-click DCIM.
    Screenshot
  45. The File Manager displays the thumbnails of the selected file in the right pane of the File Manager window.
    If you want to download a file, right-click on the desired file and click Download. This downloads the file to the local machine.
    Screenshot
  46. Once the file is downloaded, close the File Manager window.
    The downloaded file is stored in E:\ECSAv10 Module 10 Wireless Penetration Testing Methodology\Remote Access Trojans\SpyNote\App_Resources\Folder_Clients\null000000000000000\Download_Manager. Navigate to this location to view the file.
    Screenshot
  47. Right-click on the device connection and click on Contacts Manager to view the contacts stored in the emulator.
    Screenshot
  48. Contacts Manager window appears displaying the contacts stored in the emulator as shown in the screenshot below.
    Once you go through the contacts, close the window.
    Screenshot
  49. Right-click on the device connection and click on SMS Manager to view the messages stored in the emulator.
    Screenshot
  50. SMS Manager window appears displaying the SMSes stored in the device as shown in the screenshot below.
    Once you go through the messages, close the window.
    Screenshot
  51. In the same way, you may use other features of SpyNote and explore the contents of the emulator.
In this lab, you have learned how to gain remote access to a mobile device (emulator) using SpyNote
Share this article :

0 comments:

Post a Comment

 
Trung Tâm Đào Tạo An Toàn Thông Tin Học Hacker Mũ Xám Online | Học An Ninh Mạng Trực Tuyến | CEH VIỆT NAM
Copyright © 2013. HACKER MŨ XÁM - All Rights Reserved
Web Master @ Võ Sĩ Máy Tính
Contact @ Đông Dương ICT