search

nvssks / Android-Responder

Scripts for running Responder.py in an Android (rooted) device.
59 stars 22 forks source link

RNDIS up procedure? #3

Open dimpol opened 7 years ago

dimpol commented 7 years ago

Hi, i am having some issues with my nethunter device.

For the attack to work do you follow some procedure to enable the rndis0 interface? For example do you enable the rndis option in the android developer menu?

Or rndis is enabled automatically when you execute startTether.sh?

When i execute startTether.sh the interface remains on usb0 on my device....

Thanks in advance...

nvssks commented 7 years ago

The script enables it:

setprop sys.usb.config 'rndis,adb'

Then it sets the IP and brings it up with:

ip link rndis0 up

Can you share some more details about the issues you're experiencing?

If you enable Tethering from the settings, theoretically it should skip bringing the interface up or changing the USB config. However the dhcp server and responder will be listening to the wrong IP.

On 28 Oct 2016 13:01, "dimpol" notifications@github.com wrote:

Hi, i am having some issues with my nethunter device.

For the attack to work do you follow some procedure to enable the rndis0 interface? For example do you enable the rndis option in the android developer menu?

Or rndis is enabled automatically when you execute startTether.sh?

Thanks in advance...

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/nvssks/Android-Responder/issues/3, or mute the thread https://github.com/notifications/unsubscribe-auth/AJZ6bV_Rg9F6xxyDQuxMZ8PpT4xkT7Mfks5q4eP9gaJpZM4KjXZt .

dimpol commented 7 years ago

No errors or anything while executing the script... The problem is that my interface on the Generic Options remains on usb0 not rndis0 ... Nexus 6 device with latest nethunter (not build from source)

nvssks commented 7 years ago

Ah yes, some android devices use usb0 instead of rndis0 for USB tethering.

The script has checks to see which device is actually there and uses that.

On 28 Oct 2016 13:17, "dimpol" notifications@github.com wrote:

No errors or anything while executing the script... The problem is that my interface on the Generic Options remains on usb0 not rndis0 ...

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nvssks/Android-Responder/issues/3#issuecomment-256906103, or mute the thread https://github.com/notifications/unsubscribe-auth/AJZ6bTxWCSC1vHc5Pjb5U8PSVHayi80mks5q4efjgaJpZM4KjXZt .

dimpol commented 7 years ago

hmmmm then i must be doing something wrong..... responder does not "catch" any hashes.... i will do some debugging and bother you again if i find something interesting.... thanks for your time

nvssks commented 7 years ago

Try closing the rest of the network interfaces and see it responder gets any traffic.

You should at least see some poisoned DNS requests.

Also, if "automatic proxy setup" is not enabled on the host, then you'll not see any hashes leaking when it's locked. It will still poison requests trying to steal credentials if someone is using it though.

Hope this helps

On 28 Oct 2016 13:27, "dimpol" notifications@github.com wrote:

hmmmm then i must be doing something wrong..... responder does not "catch" any hashes.... i will do some debugging and bother you again if i find something interesting.... thanks for your time

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nvssks/Android-Responder/issues/3#issuecomment-256907801, or mute the thread https://github.com/notifications/unsubscribe-auth/AJZ6bXc34nXeGu9xtTjKlfFPyyIsOYK3ks5q4eoxgaJpZM4KjXZt .

dimpol commented 7 years ago

Thank you a lot for the info. I will try to figure out what is going on on my device...