Kali linux on nexus

ctrl-freak / nethunter_grouper-talapia.md

The Nexus 7 (2012) tablet is no longer supported by Offensive Security; I didn’t have any luck with kernel/kali distributions, so attempted upgrading.

  • Installing Open GApps slows the device to a crawl, haven’t been able to install an app without the device freezing (though may need to let it sort itself out for longer)
  • Attempted to avoid GApps by installing a browser from APK (via adb)
    • Mozilla Focus https://github.com/mozilla-mobile/focus-android/releases
      • Launching app shows screen, but crashes Android after a couple of seconds
    • Mozilla Fenix (Firefox preview) https://github.com/mozilla-mobile/fenix/releases
      • Does not work; all sorts of wierd behaviour after launching app
    • LineageOS Jelly browser works well, jQuarks via F-Droid probably best option.
  • Still needs a basic file browser to easily install further APKs
    • F-Droid, Simple File Manager
  • Unlegacy Android does not have iwconfig etc binaries which I suspect is causing issues. ip address etc works, so maybe not

If TWRP isn’t flashed already, do that: https://dl.twrp.me/tilapia/

I went with 7.1.2 as the 8.0 version is experimental

https://builds.unlegacy-android.org/aosp-7.1/tilapia/ (select the appropriate grouper build if that’s your device)

Optional: Open GApps

See Problems above.

Unlegacy Android OS doesn’t include a browser, will use Play Store to install Chrome, etc.

NetHunter Light ARMhf

Access to apps to complete functionality missing from Unlegacy Android

  1. Copy zips onto device
  2. Boot into TWRP
    1. Wipe System, Cache, Dalvik-cache, Data
    2. Install Unlegacy Android: ua_tilapia-7.1.2-*.zip
    3. (Optional) Add zip: Open GApps: open_gapps-arm-7.1-pico-*.zip
    4. Add zip: SuperSU: SuperSU-v*.zip
    5. Swipe to flash/install
  3. Reboot and get Android to Home Screen (Nethunter requires /data partition, so need to setup Android) If you do not install the Open GApps, it should go straight to home screen, with no setup
  4. Power off and boot into TWRP
  5. Install Nethunter: nethunter-generic-armhf-kalifs-full-*.zip
  6. Reboot, wait for Android
  7. Connect to wifi
  8. Update Nethunter though Nethunter Store
  9. Launch Nethunter app, CHRoot Manager; wait until complete, START KALI CHROOT
  10. Test by launching NH Terminal, select Kali
  11. (Optional) sudo apt-get update && sudo apt-get upgrade

Installing Utility Apps

  1. Enable Developer options, enable USB debugging
  2. Install F-Droid via adb: adb install «F-Droid.apk»
  3. Allow F-Droid repository to update
  4. Search F-Droid and install jQuarks, Simple File Manager, etc

NH Terminal crashes after selecting Kali shell

«Try go into NH term and normal shell, not Kali Shell. Type «su» and «bootkali» result?»

May give you an error regarding kernel; this is how I figured out the the kernel/kali combinations weren’t working.

NH Terminal crashes no matter what shell selected

Make sure Nethunter is updated from the store and CHRoot Manager is all OK

Читайте также:  Postgresql use index hint


Kali linux on nexus

Q: Совместим ли NetHunter с моим устройством/прошивкой?
A: Да, NetHunter совместим со всеми устройствами на базе Android, исключения это конфликтующие прошивки

Q: На каких SoC будет работать режим монитора на встроенном Wi-Fi адаптере?
A: Это возможно только на SoC от Qualcom, исключения — некоторые SoC от Mediatek и старые чипы Broadcom. На HiSilicon Kirin и Samsung Exynos перевод встроенного Wi-Fi адаптера в режим монитора невозможен

Q: Как перевести встроенный Wi-Fi адаптер в режим монитора?
A: Это возможно сделать на некоторых SoC Qualcom с помощью PenMon, для старых чипов Broadcom можно использовать bcmon или Nexmon. Для всех остальных чипов можно воспользоваться утилитами airmon, wifite или введя в терминале android

Для последних требуется ядро с поддержкой NetHunter

Q: Что делать, если для моего устройства нет ядра?
A: Поискать ядро теме своего устройства (4PDA/XDA) или собрать самому / попросить (заказать) у умельцев

Q: Что такое сборка NetHunter?
A: Это установленные приложения: NetHunter App, NetHunter Terminal

Q: Как установить сборку NetHunter?
A: По отдельности из NetHunter Store или прошивкой chroot архива

Q: Что делать если на разных устройствах не работает внешний Wi-Fi адаптер?
A: На ваших устройствах разный вольтаж, используйте Y-OTG

Q: NetHunter App вылетает на MIUI хотя все требования для установки соблюдены
A: Вероятно у NetHunter App не выставлены дополнительные разрешение, скачайте «Расширенные настройки MIUI» с Google Play или других источников и выдайте права через приложение

Q: Your kernel does not support USB ConfigFS! — что значит?
A: Ваше ядро версии меньше, чем 3.11, либо при сборке ядра был выключен модуль FunctionFS для USB Gadget.

Q: Your kernel version indicates a revision number of 255 or greater. Не могу обновить пакеты, что делать?
A: Поменяйте ядро версия которого будет х.х.*** где звёздочки версия ядра ниже 255. Либо используйте изначально не ядро nethunter, установите все нужные вам пакеты и установите ядро для nethunter

Q: Какая разница между minimal и full chroot?
A: тут

  • Сетевые адаптеры (rtl, broadcom (неактуально), bluetooth)
  • HID, rndis (возможно в связке с qcrndis), Mass Storage: FunctionFS
  • OTG (USB Power)
  • HackRF (по возможности)
  • System V IPC
  • Желательно без panic on oops


Kali linux on nexus



Kali NetHunter is available for un-rooted devices (NetHunter Rootless), for rooted devices that have a custom recovery (NetHunter Lite), and for rooted devices with custom recovery for which a NetHunter specific kernel is available (NetHunter).

The core of Kali NetHunter, which is included in all three editions, comprises of:

Kali Linux container that includes all the tools and applications that Kali Linux provides

Kali NetHunter App Store with dozens of purpose-built security apps

Android client to access the Kali NetHunter App Store

Kali NetHunter Desktop Experience (KeX) to run full Kali Linux desktop sessions with support for screen mirroring via HDMI or wireless screen casting

Figure 2: Kali NetHunter Desktop Experience (KeX) outputting to an HDMI monitor

Читайте также:  4030 код ошибки что это такое

The Kali NetHunter App Store can be accessed through the dedicated client app or via the web interface.

Figure 3: Kali NetHunter App Store

Both rooted editions provide additional tools & services. A custom kernel can extend that functionality by adding additional network and USB gadget drivers as well as wifi injection support for selected wifi chips.

Figure 3: The Kali NetHunter App is available in both rooted editions (NetHunter Lite & NetHunter).

Beyond the penetration testing tools included in Kali Linux, NetHunter also supports several additional classes, such as HID Keyboard Attacks, BadUSB attacks, Evil AP MANA attacks, and many more.

For more information about the moving parts that make up NetHunter, check out our NetHunter Components page. Kali NetHunter is an Open-source project developed by Offensive Security and the community.

1.0 NetHunter Editions

NetHunter can be installed on almost every Android device under the sun using one of the following editions:

Edition Usage
NetHunter Rootless The core of NetHunter for unrooted, unmodified devices
NetHunter Lite The full NetHunter package for rooted phones without a custom kernel.
NetHunter The full NetHunter package with custom kernel for supported devices

The following table illustrates the differences in functionality:

Feature NetHunter Rootless NetHunter Lite NetHunter
App Store Yes Yes Yes
Kali cli Yes Yes Yes
All Kali packages Yes Yes Yes
KeX Yes Yes Yes
Metasploit w/o DB Yes Yes Yes
Metasploit with DB No Yes Yes
NetHunter App No Yes Yes
Requires TWRP No Yes Yes
Requires Root No Yes Yes
WiFi Injection No No Yes
HID attacks No No Yes

The installation of NetHunter Rootless is documented here: NetHunter-Rootless

The NetHunter-App specific chapters are only applicable to the NetHunter & NetHunter Lite editions.

The Kernel specific chapters are only applicable to the NetHunter edition.

2.0 NetHunter Supported Devices and ROMs

NetHunter Lite can be installed on all Android devices that are rooted and have a custom recovery. The full NetHunter experience requires a devices specific kernel that has been purpose built for Kali NetHunter. The NetHunter GitLab repository contains over 164 kernels for over 65 devices. Kali Linux publishes over 25 images for the most popular devices on the NetHunter download page. The following live reports are generated automatically by GitLab CI:

3.0 Downloading NetHunter

Official release NetHunter images for your specific supported device can be download from the Offensive Security NetHunter project page located at the following URL:

Once the zip file has downloaded, verify the SHA256 sum of the NetHunter zip image against the values on the Offensive Security NetHunter download page. If the SHA256 sums do not match, do not attempt to continue with the installation procedure.

4.0 Building NetHunter

Those of you who want to build a NetHunter image from our Gitlab repository may do so using our Python build scripts. Check out our Building NetHunter page for more information. You can find additional instructions on using the NetHunter installer builder or adding your own device in the README located in the nethunter-installer git directory.

5.0 Installing NetHunter on top of Android

Now that you’ve either downloaded a NetHunter image or built one yourself, the next steps are to prepare your Android device and then install the image. “Preparing your Android device” includes:

  • unlocking your device and updating it to stock AOSP or LineageOS (CM). (Check point 2.0 for supported roms)
  • installing Team Win Recovery Project as a custom recovery.
  • installing Magisk to root the device
  • disabling force encryption may be required if TWRP cannot access the data partition
  • Once you have a custom recovery, all that remains is to flash the NetHunter installer zip file onto your Android device.

6.0 Post Installation Setup

  • Open the NetHunter App and start the Kali Chroot Manager.
  • Install the Hacker Keyboard from the NetHunter Store using the NetHunter Store app.
  • Install any other apps from the NetHunter Store as required.
  • Configure Kali Services, such as SSH.
  • Set up custom commands.
  • Initialize the Exploit-Database.

7.0 Kali NetHunter Attacks and Features

Kali NetHunter Application

  • Home Screen — General information panel, network interfaces and HID device status.
  • Kali Chroot Manager — For managing chroot metapackage installations.
  • Kali Services — Start / stop various chrooted services. Enable or disable them at boot time.
  • Custom Commands — Add your own custom commands and functions to the launcher.
  • MAC Changer — Change your Wi-Fi MAC address (only on certain devices)
  • KeX Manager — Set up an instant VNC session with your Kali chroot.
  • USB Arsenal — Control the USB gadget configurations
  • HID Attacks — Various HID attacks, Teensy style.
  • DuckHunter HID — Rubber Ducky style HID attacks
  • BadUSB MITM Attack — Nuff said.
  • MANA Wireless Toolkit — Setup a malicious Access Point at the click of a button.
  • Bluetooth Arsenal — Recon, spoof, listen to or inject audio to various Bluetooth devices.
  • Social Engineer Toolkit — Build your own phishing email template for Social Engineer Toolkit.
  • MITM Framework — Inject binary backdoors into downloaded executables on the fly.
  • NMap Scan — Quick Nmap scanner interface.
  • Metasploit Payload Generator — Generating Metasploit payloads on the fly.
  • Searchsploit — Easy searching for exploits in Exploit-Database.

3rd Party Android Applications in the NetHunter App Store

8.0 Porting NetHunter to New Devices

If you’re interested in porting NetHunter to other Android devices, check out the following links. If your port works, make sure to tell us about it so we can include these kernels in our releases!

9.0 Known Working Hardware

  1. Wireless Cards
  2. SDR — RTL-SDR (based on RTL2832U)
  3. Bluetooth adapters — Sena UD100 or generic CSR4.0 adapter

10.0 NetHunter Apps

All apps can be installed through the NetHunter Store client.