Skip to main content

use zantu on android


Zanti 2 is a android application which is made up for network penetration testing.

What Zanti 2 can do?

Scan the whole network show alive host in the network scan port through Nmap for port Scanning Scan Service on each port and find vulnerability.Perform Brute force Attack Perform Shell Shock etc Vulnerability MITM: Man In The Middle Attack Session Hijackings SSL Striping Sniffing Packets Replace Image Redirect URL and IP Intercept and modified live download.

Disclaimer –  I recommend that you test this tutorial on a system that belongs to YOU.

 

For Demonstration :

Before install Zanti your Phone must be rooted .. In case your phone is not rooted search in the site you will find how to root android its very easy.

I used Zanti in my android device and Scan the network.I choose the Mac OSx Machine which was my laptop.After that start The MITM on and SSL strip to grab some packets and try to grab the password of that machine.in the end i successfully travel the victim into http over https and grab the login credentials.For demo kindly check the images which i posted in this post. 

 

Step 1: Scan the whole wifi network.

After that Scan i get to know all the mobile and system connected to wifi network, its also scan the all ports as you can see in the above image.

I choose the 192.168.0.100 

 

 

Step 2: After Opening the desirable victim i can see the open port and some other details as shown in below image 

As you can see in the above image Zanti2.apk successfully scan the all host in the network and after choosing the victim you want to hack or perform some testing you will see the same image in about section.

In the Attack section:

1. Password Complexity audit: Its check and brute force the password ex: default password on the victim.

 

2. MITM: It Intercept the network packets via MITM attacks.

 

3. ShellShock : its check the vulnerability exist on the victim or not.

 

4. SSL Poodle : its check the target is it vulnerable for SSL Poodle attack or not.

 

 

Its also shows the Nmap Scan Result

In My demo i used MITM Attack on the Target.

 

Step 3: After Selecting MITM attack you will see many things you can do on target machine ex: check the image below

As you can see all the attack you can do on target by using MITM, In my case i switch “ON” the MITM which is on the Right-Top.

 

In next step i turned “ON” the SSL Strip.

As you can see i turned “ON” both things together by using Zanti2.apk in the MITM attack from my android device to hack the other phone or PC.

Step 4: After that I sniff the packets ( Check the image below) and SSL Striping working perfectly and strip hotmail in HTTP .

As you can see any site is strip into http and its ready to grab the password as soon as victim enter the login details.

Comments

Popular posts from this blog

So what exactly is cryptography

Nowadays Internet is an important part of Life.  We are using the Internet for sending confidential data also like password,for storing army secrets. But the Internet is insecure medium.we all use internet at a daily basis.  Do you know why? Insecure Medium: Imagine you are sending a data.  In internet world, data are separated as packets and send to the destination.  Do you think the data directly reaching the destination?   If  you think so,you are wrong.  The packets are going through different routers.  Finally, the data is sent to the user.  In this gap, Intruders(i mean attackers) takes advantages. so who are they .the are  I.they  can see what you are sending.  Because your data are simple and easy to readable by anyone. How to secure the data? We can not stop the intruders and their activities.  But we can make our data as Unreadable for Intruders.  For this purpose, the Cryptography is introduce...

Lunix malware havoc

The Krebs DDoS attacks have proven that the IoT landscape is a fertile ground that can breed huge botnets capable of launching massive DDoS assaults. As such, it should be no surprise that malware authors are now focusing their efforts on this sector and putting out new threats in the hopes of building the next Mirai botnet. One of the latest additions to the IoT malware market is a trojan codenamed Linux/NyaDrop, recently reverse engineered by MalwareMustDie, the same researcher who discovered the Mirai malware. MalwareMustDie points out in his research that this binary appeared in May, but was somewhat simplistic and not that common. Things changed after the Krebs DDoS attacks, and a new sample has appeared on the market, with the malware’s author most likely drawn back to the IoT landscape by Mirai’s success. Just like most IoT malware nowadays, NyaDrop’s author relies on brute-forcing Internet-exposed IoT devices using their default credentials. In a conversati...

Remove virus from android

Desktops aren’t the only gadgets that can be affected by a virus. Android devices have a malware problem and it’s growing every day. If you do get a virus, you could perform a factory reset to get rid of it, but that means you’d lose all your data — those photos you shot, the saved games, the text messages, and everything else. Obviously, you want a factory reset to be your last option. So what can you do to remove a virus from Android without a factory reset? Is It Really a Virus? If your phone isn’t functioning the way it should be, there’s a chance you have some malware on it. One wrong tap somewhere and a malicious file might have been downloaded on your phone, which is leeching battery life, Internet resources, or your personal data. But it could be something else. Suppose your Android refuses to boot or crashes every time it starts up. Or maybe you can’t seem to download apps from the Play Store. These are not necessarily caused...