Course Introduction
About the Course
Welcome to my comprehensive course on using Android as a penetration testing tool, you will start as a beginner with no previous knowledge about penetration testing. The course will start with you from scratch, from preparing your Android device and computer, installing the needed apps and will finish up with examples of real life scenarios that will give you full control over various computer systems.
This course focuses on the practical side penetration testing without neglecting the theory behind each attack, for each attack you will learn how that attack works and then you will learn how to practically launch that attack, this will give you full understanding of the conditions which allow this attack to be successfully executed, this knowledge will help you to detect and sometimes prevent this attack from happening. The the attacks explained in this course are launched against real devices in my lab.
The Course is Divided into four main sections:
- Preparing: this section will take you through the steps of of preparing your computer and installing NetHunter (an Android penetration testing platform) on your Android device. You will also learn how to use the main menus of NetHunter, and as a bonus I added three lectures to teach you how to install Kali Linux (a penetration testing OS) on your computer.
- Information Gathering:in this section we still don't know much about penetration testing , all we have is an Android device with NetHunter installed on it, you will learn how to start gathering information about WiFi networks around you, not only that but you will also learn how to map your current networking, displaying the connected devices and information about them such as their IP address, Mac Address, OS, open ports and running services/programs. You will also learn how to connect an external wireless card to your Android device and prepare it to be used to crack WiFi keys.
- Spying: In this section you will learn what is meant by MITM (Man In The Middle) and how to use your Android device to achieve it using three methods. Being the MITM will allow you to gain access to any account accessed by devices in your network, or accounts accessed by the device which your Android device is connected to via USB. You will also learn how to create a fake access point and spy on all the data sent on it.
- Exploitation: In this section we will have a look on a number of exploitation methods that can be used to to gain full control over your target computer weather it runs Windows/Linux/OSX only by connecting your Android device to the target computer. You will also learn why you should never leave your computer locked on a login screen as you will see login screens can be bypassed on both OSX and Windows (ie: you'll be able to login without a password to Windows and OSX machines). Finally you will learn how to make an undetectable backdoor and deliver it to the target computer by replacing files that the target machine downloads or backdooring the downloaded files on the fly.
- Detection & Protection: In this section you will learn three methods to detect ARP Poisoning Attacks, you will also learn how to use Wireshark to detect other suspicious activities in your network. We will also discuss how to protect against these MITM attacks and prevent them from happening. Finally you will learn how to detect backdoors that can bypass antivirus programs and check file integrity to ensure that they have not been backdoored.
What We learn
- 45 Lectures to teach you how to use your android device to hack into other computers & networks to test their security
- Root and unlock your Android device (For nexus devices only)
- Install NetHunter on your Android Device (For nexus devices only)
- Install other apps needed for penetration testing
- Install Kali Linux as a virtual machine inside windows or OSX
- Discover all wifi networks around you and gather information about them
- Prepare your Android device to be used to crack Wi-Fi passwords (WEP/WPA/WPA2)
- Discover devices in the same network & their OS, open ports, running services ...etc
- Create a fake access point with internet connection & spy on clients
- Spy on computers wirelessly (ARP Spoofing) or by connecting to them using the USB cable (BadUSB Attack)
- Carry out a number of man-in-the-middle attacks
- Analyse packet files using Wireshark
- Bypass OSX/Windows login screens
- Setup your android device to execute OS commands as soon as connected to a target computer
- Gain full control over Windows/OSX/Linux devices as soon as you connect your Android device to them
- Gain full control over any computer in the same network using a number of methdos
- Combine a number of methods to represent real life senarios
- Secure yourself against the discussed attacks
Course Syllabus
Lession 1 - Introduction
Lession 2 - Weaponizing
Lession 3 - Installing Kali Linux As Virtual Machine
Lession 4 - Information Gathering
-
4.1 - Discovering Wireless Networks Wardriving Locked
-
4.2 - Preparing Your Device To Crack WiFi Keys Passwords WEP WPA WPA2 Locked
-
4.3 - Network Mapping Discovering Devices Connected To The Network Locked
-
4.4 - Network Mapping Discovering Open Ports Locked
-
4.5 - Network Mapping Discovering Installed Services Locked
Lession 5 - Spying
Lession 6 - Spying MITM Method 1 - Bad USB Attack
Lession 7 - Spying MITM Method 2 - ARP Poisoning
Lession 8 - Spying MITM Method 3 - Fake Access Point
Lession 9 - Detection & Protection
Lession 10 - Exploitation (Gaining Access)
-
10.1 - Introduction Locked
-
10.2 - Bypassing Windows OSX Logins Setup Locked
-
10.3 - Bypassing Windows OSX Logins Locked
-
10.4 - Creating An Undetectable Backdoor Locked
-
10.5 - Using Metasploit Meterpreter Locked
-
10.6 - Replacing Downloads With A Backdoor Locked
-
10.7 - Backdooring Downloads On The Fly Locked
-
10.8 - HID Keyboard Attack Executing Windows Commands On Target Computer Via USB Locked
-
10.9 - HID Keyboard Attack Gaining Full Control Over Windows Machine Locked
