1、《鸟哥的私房菜(服务器架设篇)》30%

2、《黑客与画家》完!

3、《史蒂夫·乔布斯传完!

4、《黑客大曝光:Web应用程序安全(原书第三版)》30%

More...

0x00 前言


许多朋友都希望Hacking套件可以很方便的从PC移植到更便携的手机或平板电脑上,而Offensive Security团队发布的Kali NetHunter则将这一期待变为现实,通过移动终端随时随地进行Hacking,暂且美其名曰口袋Hacking.

Kali NetHunter是以Nexus(手机/平板)为基本硬件设备(新增对1+手机的支持),基于原生Android实现的便携渗透测试平台.熟悉的Kali使其易于上手,而图形化控制界面则使某些测试更易.基于此平台,工程师们也可自由发挥,加入个人项目.

关于NetHunter国内外文章相对较少且重复度高,故在此将其主要实战技巧加以整理介绍,以备各位爱好者参考.由于资料不足,难免出错之处,如有疏漏错误,望不吝赐教.

0x01 硬件支持


NetHunter官网给出以下支持刷入NetHunter的手机:

Nexus 4 (GSM) - "mako"
Nexus 5 (GSM/LTE) - "hammerhead"
Nexus 7 [2012] (Wi-Fi) - "nakasi"
Nexus 7 [2012] (Mobile) - "nakasig"
Nexus 7 [2013] (Wi-Fi) - "razor"
Nexus 7 [2013] (Mobile) - "razorg"
Nexus 10 (Tablet) - "mantaray"
OnePlus One 16 GB - "bacon"
OnePlus One 64 GB - "bacon"

值得一提的是,2015年NetHunter更新,由于1+手机的廉价与高性能,其被加入支持列表.用1+手机的朋友有福了,以下刷机以Nexus5为例.

0x02 刷机流程


官网给出几种刷机方式,推荐使用Windows引导刷机程序安装.下载地址:

https://www.kali.org/offsec-nethunter-installer/Kali_v1.1.6.sfx.exe

打开安装引导程序,默认路径安装

clip_image001[13]

安装后自动运行NetHunter Installer并更新,进入引导安装步骤

· Step1,选择已有硬件设备型号.

clip_image002[13]

· Step2,安装驱动

clip_image003[13]

clip_image004[12]

可以通过Test Drivers测试是否安装成功

· Step3,安装选项

clip_image001[15]

如已经通过官网下载过刷机包,通过Browser选择文件.下载链接 http://www.offensive-security.com/kali-linux-nethunter-download/ 下载后记得校验SHA1值.至于Android Flash Setting,因为对Android L的支持还未完成,故尚未开放选择.

· Step4,下载文件

clip_image002[15]

如图示,下载所有依赖文件.

clip_image003[15]

所有依赖包都为Ready可进入下一步刷机.

· Step5,解锁设备

clip_image004[14]

解锁bootloader,注意需设置允许USB调试,手机会重启解锁.

More...

Follow these easy steps to display a table of user names and their corresponding SIDs:
Difficulty: Easy
Time Required: It'll take less than a minute to find a user's SID in Windows via WMIC:
Here's How:
Open Command Prompt.
Once Command Prompt is open, type the following command exactly as shown here, including spaces or lack thereof:

wmic useraccount get name,sid

and then press Enter.
You should see a table, similar to the following, displayed in the Command Prompt window:
Name SID

Administrator S-1-5-21-1180699209-877415012-3182924384-500

Guest S-1-5-21-1180699209-877415012-3182924384-501

HomeGroupUser$ S-1-5-21-1180699209-877415012-3182924384-1002

Tim S-1-5-21-1180699209-877415012-3182924384-1004

UpdatusUser S-1-5-21-1180699209-877415012-3182924384-1007

This is a list of each user account in Windows, listed by user name, followed by the account's corresponding SID.

Now that you're confident that a particular user name corresponds to a particular SID, you can make whatever changes you need to in the registry or do whatever else you needed this information for.

 

另一句命令查看用户的SID:

whoami /all

clip_image001

Ubuntu安装rpm包软件

apt-get install alien

root@macbook:~# alien jre-7u71-linux-i586.rpm

Warning: Skipping conversion of scripts in package jre: postinst postrm prerm

Warning: Use the --scripts parameter to include the scripts.

jre_1.7.071-1_i386.deb generated

root@macbook:~# ls

jre-7u71-linux-i586.rpm jre-7u71-linux-i586.tar.gz

root@macbook:~# dpkg -i jre_1.7.071-1_i386.deb

Selecting previously unselected package jre.

(正在读取数据库 ... 系统当前共安装有 362302 个文件和目录。)

正在解压缩 jre (从 jre_1.7.071-1_i386.deb) ...

正在设置 jre (1.7.071-1) ...

 

http://www.howtogeek.com/howto/ubuntu/install-an-rpm-package-on-ubuntu-linux/

kali安装vmtools时,遇到Enter the path to the kernel header files for the 3.14-kali1-686-pae kernel?

the path "" is not a vaild path to the 3.14-kali1-686-pae kernel headers.

clip_image001

需要执行以下命令安装

apt-get install linux-headers-$(uname -r)

clip_image001[4]

 

有线网络设备未托管

用VM安装完kali linux后 如果用桥接的话 有线网络一直显示设备未托管 自己手动添加到网卡 也配过ip了 但是没点用。。如果用NAT的话能上网 但是也是显示有线网络设备未托管。。

解决办法就是找到/etc/NetworkManager/NetworkManager.conf

把最后一行的managed=false改为managed=true。