Ideas #229
Comments
|
Dayum if that could be in csploit. ... dayum |
|
|
I can enable wifi cracking but it will need a patched android kernel..
|
|
By patching the android kernel you mean the mac80211 injection patch? Because Kali NetHunter has a guide on doing just that, so that everyone can patch and configure their own kernels. |
|
@DomenlDruga, yeah, I was speaking about that patch, then thanks for the
|
|
Metasploit Extra Console for Testing MSF Features, that arent currently included in the app. This could help to use exploits before they are even implented, and would help in research to make csploit features bigger. But this is just optional. The main thing I want to get with this is: More features Of course. |
|
Hi,
Anyway, I´m not sure if it happens only on my mobile (htc bravo 4.4.4), but there are a lot of problems with the latest apk/sources. For name a few:
Has anyone seen these problems? I think I could fix some of them. |
|
@ga, I think we could try something like an OSINT tool.
|
|
Funny you should mention android-pcap. I was just playing with it yesterday, got it building w/gradle + the new tools in Android Studio. FWIW, the play store listing says that it's GPL, but I didn't see a notice about what version in the actual source code. Anyway, right now it only supports a few usb network adapters specifically the rtl8187 card. More specifically:
Unfortunately I don't have one of these :/ But anyway, to build with android studio and the newest SDK, you just need to change a few things:
It would be nice to see support for other chipsets in there, but would have to create more UsbSource.java-type classes for each one, and they're not small. But I haven't looked into it or more than 3 minutes. If anyone can get Kismet Wireless to post which version of the GPL this uses, that would be great. Their other tools, particularly the cloudshark uploader, look interesting too. ft |
|
@Fattire thanks, will have a look.
|
|
My idea is to have cSploit able to run also on a LAN interface. |
|
Is it possible to implement a WPA2-PSK hash sniffer? |
|
I might try...
|
|
@sorano, would you mind to add a new issue with your suggestion? I've got a patch which allows you to select a configured network interface, in case of no wireless interface available. I've tested it with just the mobile gms interface, and works fine. Right now cSploit relies a lot on the wireless dhcp information to work properly, so for example, if you configure the mobile to work as hostspot, the dhcp information is not available and we can not use cSploit. From the command line ettercap works perfectly on this case. |
|
@gainan, good, maybe you can do a pull request.... |
|
There should really be a HID (human interface device) attack so you could connect your cellphone on a pc and it would be detected as a keyboard and start typing programmed commands, just like Net Hunter (kali linux for android) and USB Rubber Ducky from Hak5. |
|
How about quicker merging of pull requests? There are even some from February :D |
|
Just to say that I am working on:
|
|
Thanks @developpsoft. Really looking forward to it :-) |
|
Another idea:
|
|
OK, I understand, it's a very low priority, but wouldn't it be cool to have a wearable support? |
|
Yeah, maybe.
|
|
I've added a new wiki page with all the ideas we have contributed: If someone is working on any of these ideas, update the wiki with something like: WIP/, or something alike. |
|
I'm not quite sure what "on-device compiling of the newest cSploit code" -- that sounds like the app compiles itself (?) @tajnymag what would wearable support look-like exactly? |
|
@fat-tire I thought something like that. cSPloit would download latest code, compile a new apk, then prompt to install it. Tadaa, problem with nightly server is solved 😄 On a wearable could be displayed a list of devices on ŮAN or available exploits. With RouterKeygen added, wearable could inform you about "crackable" network. As I said, it's a very low priority :-) |
|
With nightly releases you have the option to test new features etc and might be less stable therefore I think nightly should be hosted on website and not downloaded directly in the app. |
|
new idea:
|
|
@Fattire, I leave IRC because I was using my Wiko OZZY which was closing
|
|
new idea:
|
|
@tux-mind I know this is a bit off topic ;) but where would you suggest as a starting point for a noob to start learning so one could jump in here and contribute? All I have is a laptop. |
|
Just one more noob request ;) maybe a cSploit scripts add on like dsploit but more geared toward pentesting? Can that even be used for testing or is that more like pranks? Where can I donate at to help ya out in anyway. |
|
@evertking first step to become an adavanced user ( aka uber ) it's to install Linux 😉 probably learning a new sexy OS will require some weeks or more. btw those are my suggestions for became a linux expert, not a contributor. for contribute to cSploit you can also use a windows PC, installing android studio on it. once you installed AndroidStudio you can also open the translation editor to help us translate the application into your language. For donations give a look to the donate page. about your idea of "sending" an apk to other phones: using the MSF we will be able to infect downloaded objects. a cool feature that require some cool work 😉 and thanks for your impressions, will post them on the official website if yo agree 😊 |
|
I like how in the latest nightly it added port scan at startup like zanti and I think we should add to that by automatically doing service inspector and exploit finder at startup and putting the exploits found next to the ports found open. I would do this myself but I'm just now learning java in order to use android studio so I can help. |
|
@uranium-waffles service inspection is too deep and heavy IMHO. we already encountered some performance issues with the stealth syn scan ( aka fast scan ). I think that it can be a bad idea. it can be acceptable if we can scan networks with the service inspector, this will use a single process but will not solve the IDS problem. however if you are using cSploit you really don't care about IDS... so maybe will do, unsure right now |
|
@tux-mind how about an intrusive scan option? In zanti2 if you press the refresh button for a rescan a drop down menu appears and allows for selection of an intrusive scan that scans for vulns. That way we could switch between the two. (Non intrusive and intrusive) |
|
I think this could be done, but it's my understanding that the longer, slower scan takes a ton of resources, both generating a lot of network activity and taking up cpu/battery/memory. I was reminded today that thre are local networks with thousands of hosts... That said, I don't see any obvious reason not to make it an option-- either from a drop down menu or a toggle in the settings to use regular vs. extra-crispy port scanning by default. The latter would give you the vuln count... If there is a lot of enthusiasm for this, it could be an option. @tux-mind I imagine this isn't something like the nmap network portscan that could be done "in bulk"... you'd have to inspect each host independently... wonder how many hosts a typical device could do simultaneously before choking.... |
|
In my (personal) opinion, I think that these options belong to the subnet card/window, and adding them to the app start up is redundant. On the other hand it has no many sense to have these options on the main window, and not on the subnet card/window. I guess this is about how each of us understand how cSploit should work :) The initial arp scan is just fine for me, to give you an overview of the subnet you are on, and for select targets. Successive actions should be perform on demand. |
|
3 suggestions I found very interestong that are not on the todo list are Stagefright Aware Media, Geo-Traceroute, and HID attacks where you plug into a computer and you can execute commands. |
ghost
mentioned this issue
|
Also how about bettercap integration? http://www.bettercap.org/ made by evilsocket It is like ettercap but better hence the name bettercap. |
|
@uranium-waffles I think that bettercap is a great project, but is in it's early days let check up together why is not a good choice right now:
I'm not talking about parsing their output, we've scheduled ( from a lot of time ) to move all the MITM stuff into the core, it will be stupid to rewrite all protocol dissectors, just reuse what has been already wrote and tested from years, use libettercap. actually bettercap does not provide any library. sorry for the short answer but I've to go right now 😁 |
Advertisement ButtonAn idea I have was a button in the cSploit settings where you can turn it on and off. If you turn it on, you enable ads in cSploit and the ads will support the devs. If you turn it off, you remove the ads and cSploit is like back to normal. IMO this will help out the devs a lot. |
|
@up This is a nice idea . |
|
I kinda like the idea, except speaking only for myself-- i don't want any money. I think @tux-mind could use some revenue to offset his expenses (domain name registration, web site + bandwidth, beer?). So if he wants to set up an Admob account or something, it would be very simple to incorporate ads. A license concern though-- Admob in particular would involve a dependency on a Google library (play-services-ads), which is closed source. Not sure how that would be compatible, license-wise, with the GPLv3, cSploit's license. Distributing the cSploit code itself on github may fall under the Linking exception -- the source code only refers to the closed library. But the app binary itself? Not sure. But the FAQ seems to suggest you could distribute the app only without the library, which would be pointless for an .apk... |
|
Why can't you just make a standalone simple app with like a calculator or something and then advertising's everywhere to support csploit? |
|
-1 for ads. All you need is a bitcoin address in the about page or paypal set up. If you really wanna make more money set up a script that replaces adsense ads with your own ads for MiTM networks. |
|
MitM script that replaces their regular ads with your ads...dirty, but awesome. high fives |
|
thanks for the suggestions guys. @fat-tire thank you for pointing out the license problem. lemme known what is the best way to raise some money and I'll start working on it ASAP. I'll try to make every incoming donation and outcoming purchase public, thus to allow you to see where your moneys goes. yours, tux_mind. |
|
user new tool in csploit |
|
@tux-mind maybe start something on BountySource and see if anyone wants to fund bugfixes and thus pays for your time. |
|
Hi As it's a free app I think the dev will agree for its source code to be added to csploit by mentioning the credits of that section is for them OR the androdumpper: https://www.linkedin.com/profile/view?id=AAMAAAVKhNMBg5PU0s4M01AIF3H_5uFfn7lLrHg Just like wps connect but can brute force wps too. You may ask why implement such a thing when there it is available...but I say all-in-one is always different. And there is something else called WIBR+ that does brute force on the router(not wps...the real password) |
|
Hey @Somebodyhura, I am taking a look, thanks ! |
|
Maybe something like https://github.com/jackgu1988/dSploit-scripts Maybe graphical gui where you can add those scripts to script injection. No need for writing those could be good for noobs. :) |
|
And https://github.com/n1nj4sec/pupy could be very useful too. It would be added to exploiting module. Also i think automated msf payload generator would be cool. (See #579 ) |
|
And for the other goal ( install backdoor for later access)... How about androrat? Well I just heard of it...I haven't tested it but as its a rat...it should do remote administration and can make installing a backdoor possible ( somehow using the packet editor and replace the apk with Androrat so the victim will install it and its done but mostly as I see users check the apk icon...and see its not matching to what they want...somehow not going to work) ( and I think of an very difficult way to bind apk editor to csploit so apk will be downloaded to attackers phone, extract icon, replace with androrat icon, and maybe add useless bites to make same size...this should better work...permission are never problem cuz...even me don't check them :D) |
|
New easy-to-add but powerfuel idea to add at the main menu attack. This is a special type of DOS attack directed on a special LAN node or IP address. It can be used to exec massive attacks on a single device, and to crash it. The way to implement this feauture is follow these steps:
|
|
@xmashine Mass amount of pings will not crash a machine these days, just slow down their internet connection. Your better bet to create a DOS would be to use the ARP injection attack and just drop all packets from the machine, this is already implemented. |
|
Outdated |
and others
Hello guys, I opened that issue so you will be able to share some ideas concerning cSploit.
Here is mine (working on it if @tux-mind thinks it clan be good):
... And a lot more
The text was updated successfully, but these errors were encountered: