Skip to main content

use zantu on android


Zanti 2 is a android application which is made up for network penetration testing.

What Zanti 2 can do?

Scan the whole network show alive host in the network scan port through Nmap for port Scanning Scan Service on each port and find vulnerability.Perform Brute force Attack Perform Shell Shock etc Vulnerability MITM: Man In The Middle Attack Session Hijackings SSL Striping Sniffing Packets Replace Image Redirect URL and IP Intercept and modified live download.

Disclaimer –  I recommend that you test this tutorial on a system that belongs to YOU.

 

For Demonstration :

Before install Zanti your Phone must be rooted .. In case your phone is not rooted search in the site you will find how to root android its very easy.

I used Zanti in my android device and Scan the network.I choose the Mac OSx Machine which was my laptop.After that start The MITM on and SSL strip to grab some packets and try to grab the password of that machine.in the end i successfully travel the victim into http over https and grab the login credentials.For demo kindly check the images which i posted in this post. 

 

Step 1: Scan the whole wifi network.

After that Scan i get to know all the mobile and system connected to wifi network, its also scan the all ports as you can see in the above image.

I choose the 192.168.0.100 

 

 

Step 2: After Opening the desirable victim i can see the open port and some other details as shown in below image 

As you can see in the above image Zanti2.apk successfully scan the all host in the network and after choosing the victim you want to hack or perform some testing you will see the same image in about section.

In the Attack section:

1. Password Complexity audit: Its check and brute force the password ex: default password on the victim.

 

2. MITM: It Intercept the network packets via MITM attacks.

 

3. ShellShock : its check the vulnerability exist on the victim or not.

 

4. SSL Poodle : its check the target is it vulnerable for SSL Poodle attack or not.

 

 

Its also shows the Nmap Scan Result

In My demo i used MITM Attack on the Target.

 

Step 3: After Selecting MITM attack you will see many things you can do on target machine ex: check the image below

As you can see all the attack you can do on target by using MITM, In my case i switch “ON” the MITM which is on the Right-Top.

 

In next step i turned “ON” the SSL Strip.

As you can see i turned “ON” both things together by using Zanti2.apk in the MITM attack from my android device to hack the other phone or PC.

Step 4: After that I sniff the packets ( Check the image below) and SSL Striping working perfectly and strip hotmail in HTTP .

As you can see any site is strip into http and its ready to grab the password as soon as victim enter the login details.

Labels:

Comments

Post a Comment

Popular posts from this blog

Kali linux android simply amazing

How to Install and run Kali Linux on any Android Smartphone TUTORIAL FOR INSTALLING AND RUNNING KALI LINUX ON ANDROID SMARTPHONES AND TABLETS Kali Linux is one the best love operating system of white hat hackers, security researchers and pentesters. It offers advanced penetration testing tool and its ease of use means that it should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. Now a days more and more apps are available on Android operating system for smartphones and tablets so it becomes worthwhile to have  it on your smartphone as well. Kali Linux on Android smartphones and tablets allows researchers and pentesters to perform ” security checks” on things like cracking wep Wi-Fi passwords, finding vulnerabilities/bugs or cracking security on websites.  This opens the door to doing this from a mobile device such a...
Post a Comment
Read more

What is DNS

D NS stands for Domain Name System is used to as the medium to translate domain names to their respective IP addresses when a client initiates a request query. DNS stores the database of all the domain names and their IP addresses which are registered on the network. Most of us are quite familiar with the term DNS or Domain Name System. DNS can be thought of as an attendance register for various websites present over the internet. In the case of DNS, it maintains the database of all the websites Domain Names and their IP (Internet Protocol) addresses that are operational all over the world. Historical Notes The origins of DNS date back to the time of the ARPANET  when there were only a few computers to get an entry in the database. A HOSTS.TXT file was maintained by Stanford Research Institute, which constituted the data of all the machines, and was copied by all the host machines to remain updated. Jon Postel from the Information Sciences Institute requested Pau...
Post a Comment
Read more

How tor works

 Using the publicly available data, data visualization software firm Uncharted has prepared TorFlow — a map for visualizing how TOR’s data looks as it flows all across the world. It shows TOR network’s node and data movements based on the IP addresses of relays bouncing around the connections of users to avoid spying. TOR is the world’s most widely used tool for anonymity purposes . It has grown into a powerful network that’s spread all over the world. Surprisingly, the TOR project is transparent about the location of the TOR nodes and thousands of machines that power the network. This non-profit organization frequently published an updated list about the bandwidth and location of the computers and data centers spread all across the world. Using the same public data,  TorFlow  maps the TOR network’s nodes and data flow all around the world. This data movement is measured based on the IP addresses and bandwidth of the relay computers bouncing around the...
Post a Comment
Read more