The developers of one of the most advance open source operating system for penetration testing, 'KALI Linux' have announced yesterday the release of a new Kali project, known as NetHunter, that runs on a Google Nexus device.
Kali Linux is an open source Debian-based operating system for penetration testing and forensics, which is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. It comes wrapped with a collection of penetration testing and network monitoring tools used for testing of software privacy and security.
After making its influence in hacker and security circles, Kali Linux has now been published with Kali Nethunter, a version of the security suite for Android devices. The tool is a mobile distribution designed to compromise systems via USB when installed and run on an Android phone.
Kali Linux NetHunter project provides much of the power to Nexus users, those running the NetHunter penetration testing platform can now launch attacks including Teensy keyboard via HID style attacks and BadUSB man-in-the-middle (MITM) networking attacks via USB human interface device (HID), wireless 802.11 frame injection, and could setup evil access points in a single click.
> “Our NetHunter images support programmable HID keyboard attacks, (a-la-teensy), as well as “BadUSB” network attacks, allowing an attacker to easily MITM an unsuspecting target by simply connecting their device to a computer USB port,” the Offensive Security team said. “In addition to these built in features, we’ve got a whole set of native Kali Linux tools available for use, many of which are configurable through a simple web interface.”
Nethunter is currently available for Nexus devices only, but builds for other Android devices are likely on the way. Nethunter contained a full Kali Linux toolset, including support for self destruction, software defined radio and the ability to launch a Kali desktop VNC session on Nexus phone.
The tools are designed for use by an attacker who has physical access to a device — an insider threat — or someone who gains access through social engineering, tailing etc.
On one hand, Teensy Keyboard attacks on PCs can be used to automatically elevate privileges on a Windows PC and install a reverse-HTTP tunnel to a remote workstation. On the other hand, BadUSB can force a Windows PC to recognize the USB-connected phone as a network adapter and re-route all the traffic of the PC through it for monitoring purposes.
Additionally, the Kali NetHunter configuration interface helps users to easily manage complex configuration files through a local web interface, which together with 802.11 wireless injection and a pre-configured connect VPN service make it a “formidable network security tool or discrete drop box – with Kali Linux at the tip of your fingers wherever you are.”
Kali NetHunter open source security platform supports Nexus 10 and 7 tablets and Nexus 5 phones built on the existing Kali (formerly Backtrack) Linux platform. The official Kali NetHunter images can be downloaded from the Offensive Security NetHunter download page.