search

cSploit / android

cSploit - The most complete and advanced IT security professional toolkit on Android.
http://www.csploit.org/
GNU General Public License v3.0
3.34k stars 1.1k forks source link

Crashes, freezes, and reboots system when attempting MITM on WiFi #901

Open keeganjk opened 7 years ago

keeganjk commented 7 years ago

DEVICE: OnePlus 5

OS version: OxygenOS 4.5.12

cSploit version: 1.66_rc.2

busybox (installed or not): Installed

Rooted with supersu? Magisk

logcat (filter it!): How-to guide N/A

Daemon specific questions N/A

Go version: ???

OS: ???

Using Docker (incase of unofficial build.) ???

Actions performed: I sometimes use cSploit on WiFi and when I chose the network and select MITM and Kill Connections or Custom Filter, it freezes and reboots after a few seconds. I've installed https://forum.xda-developers.com/android/software-hacking/kali-nethunter-magisk-t3676681/post74014575 and https://build.nethunter.com/nightly/3.20-20170903-2143/kernel-nethunter-oneplus5-oos-nougat-3.20-20170903-2143.zip afterwards. I manually installed cSploit from F-Droid.

Logs:

org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
at org.csploit.android.tools.Tool.async(Tool.java:48)
at org.csploit.android.tools.NMap.synScan(NMap.java:142)
at org.csploit.android.tools.NMap.synScan(NMap.java:146)
at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
at java.lang.Thread.run(Thread.java:761)
org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
at org.csploit.android.tools.Tool.async(Tool.java:48)
at org.csploit.android.tools.NMap.synScan(NMap.java:142)
at org.csploit.android.tools.NMap.synScan(NMap.java:146)
at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
at java.lang.Thread.run(Thread.java:761)
org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
at org.csploit.android.tools.Tool.async(Tool.java:48)
at org.csploit.android.tools.NMap.synScan(NMap.java:142)
at org.csploit.android.tools.NMap.synScan(NMap.java:146)
at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
at java.lang.Thread.run(Thread.java:761)

Issue: Remember to search for issues alike before creating new one! Crashes, freezes, and reboots system when attempting MITM on WiFi

keeganjk commented 7 years ago

Here is the a debug file I found:

org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
    at org.csploit.android.tools.Tool.async(Tool.java:48)
    at org.csploit.android.tools.NMap.synScan(NMap.java:142)
    at org.csploit.android.tools.NMap.synScan(NMap.java:146)
    at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
    at java.lang.Thread.run(Thread.java:761)
org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
    at org.csploit.android.tools.Tool.async(Tool.java:48)
    at org.csploit.android.tools.NMap.synScan(NMap.java:142)
    at org.csploit.android.tools.NMap.synScan(NMap.java:146)
    at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
    at java.lang.Thread.run(Thread.java:761)
org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
    at org.csploit.android.tools.Tool.async(Tool.java:48)
    at org.csploit.android.tools.NMap.synScan(NMap.java:142)
    at org.csploit.android.tools.NMap.synScan(NMap.java:146)
    at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
    at java.lang.Thread.run(Thread.java:761)
org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
    at org.csploit.android.tools.Tool.async(Tool.java:48)
    at org.csploit.android.tools.NMap.synScan(NMap.java:142)
    at org.csploit.android.tools.NMap.synScan(NMap.java:146)
    at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
    at java.lang.Thread.run(Thread.java:761)
org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
    at org.csploit.android.tools.Tool.async(Tool.java:48)
    at org.csploit.android.tools.NMap.synScan(NMap.java:142)
    at org.csploit.android.tools.NMap.synScan(NMap.java:146)
    at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
    at java.lang.Thread.run(Thread.java:761)
org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands
    at org.csploit.android.tools.Tool.async(Tool.java:48)
    at org.csploit.android.tools.NMap.synScan(NMap.java:142)
    at org.csploit.android.tools.NMap.synScan(NMap.java:146)
    at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607)
    at java.lang.Thread.run(Thread.java:761)
pahapoika commented 7 years ago

Hey @keeganjk Can you try csploit from https://github.com/cSploit/android/releases/download/v1.6.6-rc.2/cSploit-release.apk

Thank you

keeganjk commented 7 years ago

@pahapoika arpspoof error

keeganjk commented 7 years ago

@pahapoika Still crashes after about 10 seconds when trying to kill connections on public network.

keeganjk commented 7 years ago

It doesn't even kill any connections, it just shows the circular animation by Kill Connections.

pahapoika commented 7 years ago

@keeganjk can you try it on your own wifi with only few devices. cSploit (or your device) might not be able to arp spoof on big networks. The network might also use static ARP aswell, so that might also prevent the attacks.

keeganjk commented 7 years ago

@pahapoika If I wait for it to connect to Metasploit, Kill Connections appears to work on my home network.

How can I get this to work on a larger network? (And not have my device reboot ;))

keeganjk commented 7 years ago

@pahapoika I installed BusyBox, not sure if it was already installed, tried [custom filter replacing "a" with "b", pressing OK, replacing "b" with "a", killing connections, un-killing connections ] to my laptop, started trying to browse the internet on my laptop to see if it would work, looked over and saw my phone freeze and reboot...

keeganjk commented 7 years ago

@pahapoika Here is the text from the debug file from The session of the crash: org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands at org.csploit.android.tools.Tool.async(Tool.java:48) at org.csploit.android.tools.NMap.synScan(NMap.java:142) at org.csploit.android.tools.NMap.synScan(NMap.java:146) at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:761) org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands at org.csploit.android.tools.Tool.async(Tool.java:48) at org.csploit.android.tools.NMap.synScan(NMap.java:142) at org.csploit.android.tools.NMap.synScan(NMap.java:146) at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:761) org.csploit.android.core.ChildManager$ChildNotStartedException: cannot start commands at org.csploit.android.tools.Tool.async(Tool.java:48) at org.csploit.android.tools.NMap.synScan(NMap.java:142) at org.csploit.android.tools.NMap.synScan(NMap.java:146) at org.csploit.android.services.NetworkRadar$2.run(NetworkRadar.java:90) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:761)

keeganjk commented 7 years ago

@pahapoika Is there a way I could send reconnect packets to everyone on the network instead of using ARP to kill connects?

pahapoika commented 7 years ago

Hey @keeganjk You can use mitm to redirect all connections to 127.0.0.1 and it should do the job

keeganjk commented 7 years ago

Do you think that could potentially cause a crash/reboot?

pahapoika commented 7 years ago

@keeganjk it shouldn't

keeganjk commented 7 years ago

@pahapoika Any guesses on what's causing crash on custom filter and kill connections?

pahapoika commented 7 years ago

@keeganjk you kinda skipped the issue template we have, so I don't have much information.

keeganjk commented 7 years ago

@pahapoika Sorry, I was using an unofficial GitHub client that doesn't bring that up. Will edit now.

pahapoika commented 7 years ago

@keeganjk no need. Just answer these questions. What's your phone: What Android version it's running: csploit version: BusyBox installed or not: What app you use for root

keeganjk commented 7 years ago

@pahapoika OnePlus 5 OxygenOS 4.5.12 The cSploit version you told me to dowload (v1.6.6) BusyBox installed Magisk

keeganjk commented 7 years ago

@pahapoika My device lags really badly when running cSploit. Is this normal?

keeganjk commented 7 years ago

@pahapoika Redirection to 127.0.0.1 doesn't kill connections, but it doesn't reboot my phone either. However, it did bring up an HSTS error when trying a web search, but I could go to other URLs.

keeganjk commented 7 years ago

@pahapoika Do you think this problem might be fixed in v2.x?

HitItAll commented 7 years ago

@keeganjk No, they spent months working on a broken app.

Sorry, I can't help but be a dick

On Fri, Nov 3, 2017, 10:51 Keegan Kuhn notifications@github.com wrote:

@pahapoika https://github.com/pahapoika Do you think this problem might be fixed in v2.x?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/cSploit/android/issues/901#issuecomment-341725460, or mute the thread https://github.com/notifications/unsubscribe-auth/ASxAJffvlrnooB-S8DCi7rIvinmWuzFXks5syyhZgaJpZM4Pv0z0 .

keeganjk commented 7 years ago

@HitItAll I know there will be more than just fixing this feature, but if they're making an entire new version, it might fix some... Problems.

pahapoika commented 7 years ago

@HitItAll no need to be rude. Not every device can be tested and maybe OnePlus just did OnePlus and broke something cSploit uses.

@keeganjk If 2.0 wont work I'll ask you to provide few logs, but as of now the bug has low priority since 2.0 is important update.