installing kali nethunter on a nexus 5

the nexus 5 is easily my favorite phone, and i would still use it now were it not for one showstopper: battery

it’s truly DREADFUL.  about half a day of reasonable use

it’s been lying around unused for about a year, and so now it’s time to put it to good, or at least interesting, use

i’ll be experimenting on it without using a sim card, not connected to any google account, and definitely not entering any personal info onto it!

# download and unzip android studio (note: you can also just install the CLI tools, but i did it this way)
https://developer.android.com/studio/index.html

# install android studio
https://developer.android.com/studio/install.html
Downloads/android-studio/bin/studio.sh
“I do not have a previous installation of Studio…”
Next, Next, Next, Finish
…wait for downloading/installing to complete
Finish

# put adb/fastboot in the path
export PATH=$PATH:$HOME/Android/Sdk/platform-tools

# download nethunter
https://www.offensive-security.com/kali-linux-nethunter-download/

# download the nethunter-supported stock ROM for device (e.g. 6.0.1 M4B30Z, Dec 2016, for Nexus 5)
https://developers.google.com/android/images?hl=en

# download the correct (and latest) TRWP image for device (e.g. 3.0.3-0 for Nexus 5 as of Dec 16)
https://twrp.me/Devices/

# download the latest SuperSU (bottom of page)
http://forum.xda-developers.com/showpost.php?p=64161125&postcount=3

# clone/download-and-unzip the nethunter linux rootkit
https://github.com/offensive-security/nethunter-LRT
unzip nethunter-LRT-master.zip

# set up the nethunter linux rootkit
cd nethunter-LRT-master
mv ../hammerhead-m4b30z-factory-625c027b.zip stockImage/
mv ../twrp-3.0.3-0-hammerhead.img twrpImage/
mv ../BETA-SuperSU-v2.67-20160121175247.zip superSu/
mv ../nethunter-hammerhead-marshmallow-3.0.zip kaliNethunter/

# enable developer options on the phone
press settings -> about phone -> build number rapidly until debugging enabled

# enable debugging on the phone
settings -> developer options -> usb debugging

# generate an adb rsa key
adb keygen adbkey

# plug the phone into computer usb
should be usb 2.0, not 3.x

# approve the adb key on the phone
adb shell
(accept adb key on phone)

# unlock phone
./oemUnlock.sh
– select ‘yes’ with volume button
– press power button

# restart phone
– use volume buttons to select ‘start’
– press power button
(wait a while)

# note
if android doesn’t restart properly, turn phone off (long power button press) and back on again

# setup the phone
skip/next all the screens

# make a clean usb connection
unplug from usb and back in again

# enable developer options on the phone (for the 2nd time)
settings -> press “about phone” rapidly until debugging enabled

# enable debugging on the phone (for the 2nd time)
settings -> developer options -> usb debugging

# approve the adb key on the phone (for the 2nd time)
adb shell
(accept adb key on phone)

# flash nexus stock
./stockNexusFlash.sh
(wait a while)

# note
if android doesn’t restart properly, turn phone off (long power button press) and back on again

# setup the phone (for the 2nd time)
skip/next all the screens

# make a clean usb connection
unplug from usb and back in again

# enable developer options on the phone (for the 3rd time)
settings -> press “about phone” rapidly until debugging enabled

# enable debugging on the phone (for the 3rd time)
settings -> developer options -> usb debugging

# approve the adb key on the phone (for the 3rd time)
adb shell
(accept adb key on phone)

# setup the phone (for the 2nd time)
skip/next all the screens

# customize script
gedit twrpFlash.sh
remove ‘-p’ from lines ~50 and ~55 (adb push -p)

# install custom recovery, supersu and nethunter
./twrpFlash.sh
– wait a while
– if/when ‘Starting AROMA INSTALLER’ appears on terminal, configure phone
– (i checked all boxes on all screens apart from supersu, which is already installed by twrpFlash)
– wait a long time
– if phone freezes on “checking for chroot” step, tap the end of the progress bar a few times, which should prompt the process to finish and the phone to reboot

# connect to internet
configure wifi as usual

# allow untrusted apps
settings -> security -> unknown sources (turn on / allow)

# download nethunter update
applications -> nethunter
(accept all security prompts)
menu -> check app updates
update
(accept / continue / etc)
(downloaded)

# uninstall nethunter
settings -> applications -> nethunter -> uninstall

# install new nethunter
downloads -> tap on downloaded apk

# finish
(reboot phone)

at first glace, what has nethunter got in it? (i don’t know what some of them even are)

  • services
    • sshd
    • dnsmasq
    • hostapd
    • openvpn
    • apache
    • metasploit
  • mac changer
  • custom commands
    • including wifite… i think i need a wifi dongle for this
  • vnc manager
  • hid attacks
  • duckhunter hid
  • bad usb mitm attack
  • mana wireless toolkit
  • mitm framework
  • nmap
  • metasploit payload generator
  • searchsploit
  • pineapple connector
  • wardriving (appears non functional to me)

# references
https://github.com/offensive-security/nethunter-LRT
https://www.reddit.com/r/NetHunter/comments/4igtq4/nethunter_installation_hanging/

Leave a Reply

Your email address will not be published. Required fields are marked *