Network scanning with Mobile Devices
Nowadays, you don't even need a computer to perform many pentesting activities. Smartphones and tablets offer sufficient resources for discovering networks and systems, identifying vulnerabilities, and running exploits. In this lab, we will go over several tools and techniques for basic network discovery and port scanning with mobile devices.
Step 1: Starting Android Emulator
For our attacker device, we will be using an emulated Android device. Enter the following command to start the emulator:
android-sdk-linux/tools/emulator @android17 -no-window
It may take several minutes for the emulator instance to start. Be patient.
"android17" is the name of our device, and the -no-window option will disable opening a new window for the emulator's UI, since we will be running it from the terminal. Ignore the warning message that appears.
After starting emulator open up a new tab using command CTRL + Shift + T.
Step 2: Listing Attached Devices
To communicate with our Android device, we will be using Android Debug Bridge (ADB). It is a client-server program that includes three components:
A client - which sends commands.
A daemon - which runs commands on a device.
A server - which manages communication between the client and the daemon.
ADB can be used to interact with emulator instances, as well as with real Android devices connected to the computer. Enter the following command to see the list of connected (and/or emulated) devices:
You will see your emulator instance as "emulator-****" and sometimes it may show up as "offline" when you first enter the command.
Keep re-entering the command until you see that changed to "device" (it may take a couple of minutes).
Troubleshooting: If you don't see any devices listed, enter the following command:
This will reset the ADB server. Try the adb devices command again. If no devices are listed still, switch back to "Tab 1", press Ctrl+C to return to the prompt, and re-issue the start emulator command again. Then return to "Tab 2" and try entering "adb devices" again.
Step 3: Opening ADB Shell
Now we can send commands to our device via ADB shell. This is just like a terminal shell on a computer. Enter the following command:
As you can see, we have root access. Next, let's try running commands.
Step 4: Using ADB Shell
ADB shell can accept some of the common Linux commands, but it has limited functionality. You can perform directory listings, modify file attributes, change directories, etc. Since we uploaded some custom tools to the* /data/local* directory, let's change to it with cd:
Feel free to run some other Linux commands and see if they work. Just make sure to return to the */data/local *directory for the next step.
Step 5: ARPinging Hosts
If you want to expand the Android shell functionality, one of the things you can do is install BusyBox. Often referred to as the "Swiss Army knife of embedded Linux", BusyBox "combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. The utilities in BusyBox generally have fewer options than their full-featured GNU cousins; however, the options that are included provide the expected functionality and behave very much like their GNU counterparts"
Among others, BusyBox includes several tools that can be used for basic network discovery and port scanning. One of them is ARPing, a utility that sends an ARP who-has queries to IP addresses. Issue the following command to send 3 ARP requests to IP 10.0.2.2 (which is the IP address of the host machine as the emulated device sees it):
./busybox arping -c 3 10.0.2.2
Step 6: Running pscan
Another tool included in BusyBox is pscan, which allows performing a basic port scan on the host. Issue the following command to scan the host system:
./busybox pscan 10.0.2.2
As you can see, we did get the accurate results pretty quickly.
However, pscan has very limited functionality: the only available options are setting the port range for scanning, showing closed/blocked ports, and timeout/RTT values. For more advanced scanning, we need more powerful tools like Nmap.
Step 7: Running Nmap Scans
You can add custom pentesting tools to your Android device in two ways: either install the APK or download a pre-compiled binary and run it directly from the command line. We did the latter with Nmap. You can find the binary and the source code (if you want to compile it yourself) HERE.
Let's run a TCP connect scan on the host to see if it's working:
./nmap -sT 10.0.2.2
We get the same results as if we were running the scan from a computer.
Also Read: Wi-fi Pentesting with Aircrack-ng
That's it for this post hope you like it and please share it with your mates, in next post (Hacking with Android), we will saw some other pentesting tasks that you can perform from a mobile device, so stay tune for that and for that subscribe to our blog, and check out more amazing stuff on shop, on our site Payground or directly visit HERE.