Kali NetHunter 1.1
With the opening shots of 2015 fired, we are happy to make some announcements in the NetHunter arena! One of the things that excite us the most about Kali Linux is how our Kali projects always end up being greater than the sum of their parts. This is most evident in our Kali NetHunter Project – the first open source Android based penetration testing platform for Nexus and OnePlus devices. Wait, OnePlus phones? Yes! Our new NetHunter v1.1 release brings with it some great news – and so we begin.
Nexus 4 and OnePlus One Support
Since our last release, we have been feverishly working on adding support for the new (and old) Nexus devices, as well as the OnePlus One phone (OPO) platform. The OPO phone is a real beauty. With a nice, large screen and some very impressive hardware specs, it comes with a price tag of approximately half of competing Nexus devices. Initially skeptical of this new hardware platform, it has grown to be our favorite device to run Kali Linux NetHunter.
In addition, we’ve also fixed up our Nexus 4 NetHunter images and are happy to announce that Nexus 4 is now also a fully supported platform – start digging back into those dark drawers…that Nexus 4 isn’t useless yet!
Backdooring Executables Over HTTP
This is probably one of the coolest features/tools introduced to Kali in the past month (and by extension, NetHunter too) – an updated version of the “BackDoor Factory (BDF)”, and it’s accompanying “BackDoor Factory Proxy” toolset. We packaged these tools in Kali especially for use with the NetHunter platform – and our tests with these tools have shown some impressive results. To those who are not familiar with the BackDoor Factory framework – written by @midnite_runr, it allows us to inject shellcode of our choice in various binary files while the BFD Proxy allows us to backdoor these binary files over an HTTP connection on the fly. By now, you should be grasping the possibilities of this toolset, especially when combined with a mobile platform such as NetHunter – but we made a fancy diagram just in case.
Simply put, we can now quickly use our NetHunter devices to run MANA, an improved wireless AP client hijacking toolset in conjunction with BDF to produce a mind numbing effect – transparently hijacking wireless client connections and injecting malicious code into any binary files downloaded from the Internet over HTTP. Here’s a video of MANA and BDF proxy in action:
New Management App
When we initially released NetHunter, we added a simple web interface to help manage and run certain tools. We didn’t love this idea but it helped rapidly develop a management interface which we wanted to introduce. Since then, we’ve been working on a better and more stable native Android application to replace the web interface – and now, we are ready to debut it. With all the functionality of the previous web application interface and more, this new NetHunter app has been added to the latest v1.1 release.
Multi-Language Support HID Attacks
Since our last release, we were approached by many individuals asking for HID attack support for non US_en keyboard layouts. With their support, we have added language support for French, German, Swedish, and Spanish keyboard layouts. We wish to take this opportunity to thank everyone who contributed to these efforts and hope to continue seeing such great community support!
Updated NetHunter Windows Installer
We’ve updated our NetHunter Windows installer with the new v1.1 images, as well as added some nifty options to the installer – such as allowing the installation of a custom NetHunter zip. We still do not support Lollipop (Android 5.0) with our NetHunter images, but rest assured, we’re working on it – as well as Nexus 6/9 support as well. The easiest way to get NetHunter on your Nexus or OnePlus device is by using our Windows Installer, which can be securely downloaded from our NetHunter installer page. If you want to download the latest NetHunter v1.1 zip and install it manually, head down to our Offensive Security custom Kali downloads page.
Dude, Where’s my Dojo?
Yes, yes, we know – the Kali Dojo materials were expected to come out mid December 2014, but life got in the way. We’re working on generating an open online version of this workshop, rather than just releasing the slides and accompanying website – which is why things are taking longer than expected. Please hold on to your horses as we continue to work on this awesome project. We’ll announce it once it’s ready!