Access Android with Metasploit Kali (Cybersecurity)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi and welcome back to another episode of how to hack so today we're gonna discuss about a long-awaited android hacking where we can gain access into an android device just by redirecting the user or giving a user malicious link and they download the application and King the application can be embedded into a calculator into a browser into some feature and function and from there on we can immediately gain a reverse shell should meet a praetor and out on the second part of the tutorial but discussable post exploitation what else can we do to actually further our access maintain privileges gain escalated privileges int or Android device because after all Android device is actually using a lot of the core capabilities of Linux systems so without further ado let's get started on today's tutorial so the right side of the screen actually of call Linux running so I can zoom in a little so it's easier for you to see so I have conflict we can see the IP address of one 80216 8.1 - tree so again your system could be using many different IP addresses depending on how you set up your lap environment whether you're hosting it on a cloud on premises and so on you know the left side of the screen I actually have a Android device that's running and it has the internet connection and is able to interact freely within the network so at the same time I used to have a separate devices running which is my physical mobile device so there's gonna be some limitation to differences between a virtual Android in the physical Android device so here we've all further a deal we're gonna go and enter MSM venom - help so this will actually list down all the parameters that can help us generate our payload so payload could come in an apk format an exe form and MSI for me so for today's tutorial was specifically going to target the apk format so here we can see the payload type they can put in the format the encoder the encryption and so on so there's a lot of capabilities within the system that it's really important for you to actually try out on so that's really key because the more you try the more you actually learn and the more you learn the more you can apply me it's gonna be really really helpful in your day-to-day work so that's really really important so what we're gonna do is we're gonna go ahead and look at some other capabilities so we're gonna go ahead and enter MSM venom and then full of I - P which to pay little toy and we gonna put Android because this is the talk and platform a going after followed by native creature and then followed by reverse on the score rtcp so it's gonna be reverse made a pretty shell is gonna come in and we'll be able to get more information more data from there immediately so that's gonna be really powerful so moving forward what we're gonna do is enter L host which is the listener attacker machine so one night two one six eight that one two two three so remember again I want to highlight one more time your IP address your font number it's gonna be different in in fact at the same time your shell your media player option could be very different from mine so remember to keep all these values somewhere so that when you launch your Metasploit framework you're able to utilize them immediately so Alport we're gonna set it to 4/4 and from there we can output this and I'll put it into directly my alpha chi web server so from here we'd be able to look at many different options immediately and be able to put forth our attack so I'm gonna call Android app apk I'm gonna hit enter on that it's gonna take probably four or five seconds to generate the payload about ten thousand points ten thousand eight bytes so dolls can actually give us the ability to send it to the user so this time around we see is ten thousand nine two bytes and we can send this file to the user immediately and from there on we can launch our attack launch our capability of phishing campaign and so on and gain complete control of your mobile devices so moving forward we're gonna check whether our patchy web server is already running so Apaches of course a web application server I use it for hosting false you can have your options you can put on Google Drive Microsoft onedrive any of those cloud providers that has two shared drives where you can put those files there and it shared freely and people may not suspect them because the network intrusion detection system may bypass and say hey this is a friendly domain we'll let it go so let's go ahead and enter status so we see them we got the Apache web server or railing running so then it's great so next thing we're gonna launch our MSF console so I'm gonna launch Matt's wife framework and we're gonna use a couple of options to help us tuck the listener set a couple of listeners see what's going on in the environment that's really important so now we're waiting for man support framework to cuss startup so here we got it amazing let's use exploit multi handler and of course we've remembered a payload that used earlier so we're gonna set the payload set payload as employed followed by meter praetor so that's really really important so this will actually help us generate the listener so once you do that you can enter show options so we gotta set the l host which is the only missing value on the current setting so set L host is 22 1 6 8.1 to to treat we ever got a L port set for it so just in case you want to do any checks you can always enter show options again and from here you can enter exploit so once you end an exploit we have this TCP Handler started immediately and of course because I've already hijacked it into the system so on the end going device I can actually be do a double click on a web browser and I can go right here so of course what I can see is the IP address coming from the web application server and I could hit enter on that so this would start to download of the apk file so when I click over here and we can see we have Android a Android app tree dot apk so I've already tried this three times so that I can actually refine the tutorial so they can learn much more beautifully and from here we can do a double click and of course it's asking you to install and you can click all in the permissions and it can see everything so one more thing you want to know is that when you look read the news articles of a mobile phone hijacking and so on we recognize that very simple applications ask you for all sorts of the missions so that is really strange so this is something that you have you very very about especially if you're doing any user awareness training so we're gonna go ahead and click install so once we do that I actually already have the app installed so then would actually help speed things up so what we can do is we can see right here I have a main activity so this is the really install they can double click on it and then of course immediately and have the sessions and so on so I'm gonna background the meetup reader and we can enter sessions and when you see sessions you can see all the IP addresses they're connected to machine so here we got pot we got IP address of 21 coming from different ports going to the system it can kill those sessions actually because we don't need so many sessions from the single same ip address source so this is really powerful and from here of course you can interact with many of those sessions so I can actually enter sessions followed by - I and then we can actually go into state sessions one and now that we're in the session you can enter help so help would actually tell you all the commands that you can put forward so when I scroll up to the top and I can actually see that we have core commands so we can background the session of the meetup reader we can enter help information about the post module we can load some of the extensions so that's amazing especially in terms of post exploitation maintaining excesses and so on so as we go down we can see that we can also do some of the file system commands so that's really really useful especially if you're trying to go after sensitive data sensitive information sensitive documents and we want to download them upload them so lots of capabilities already created right here and we can enter all the other information routing IP config I have configuration system commands executing work commands get user ID getting to shell which is really powerful too and we can do screenshots web cam and so on so let's let's lunch you a couple of capabilities so I can enter at list so this will list all the applications that are installed within the system so here we can see we go calculator Android keyboard and so long and we have we even have the power to uninstall those applications if you want to but we want to make sure this is stealthy control of it so let's go ahead and dump out some context so again we can actually do dumping of those contexts really really quickly so that's really really helpful and we can dump the call locks as well the SMS is so we can go ahead and enter gum double tap and then we can go dumb on contacts so here I can see that we got the fall safe into our local directory so I can actually open up a new window and I could zoom in a little more so it's easier for you see you can enter LS dash L and then we can see we got some contacts detail and we see that we've got some context that's creative right here and we can do a cat contacts and straightaway we can see what the options we have so of course I'm gonna go to the one on 18 which is the latest one and we can actually see more data from there so we got one five one eight tree and then hit enter again we can see some details of the number so again this is this is a Makem number that I put forward so of course going back here we can actually do a webcam listing so of course webcam listing we're not gonna see anything because it's a virtualized machine so what happens right now I'm gonna go into my physical device that you're not able to see I'm gonna launch the same apk file so once I do that immediately I can actually put this the background and from here I can actually enter like exploit again so we start and listen or reverse Handler and so on so of course right now when the user clicked onto the mobile application it would actually send the information into the system with standard stage into the talking machine so that's really really helpful and from there we can actually gain a lot more control so right here we can see we're sending stage again we can see more detail details more information about the system and so on and of course we've got more and more sessions so that is really really helpful so we can have two sessions and here we can see mostly coming from IP address of two one so when we hit exploit and then I click on the from your machine from the physical machine I actually have a part of our IP address of dot six so it's a sending stage right now and from sure we just wait a while more be patient and then we're gonna get our meter create a reverse TCP shell so that's really really powerful so here of course right now I can put this to background and I can add the sessions so I can say towards the end I actually have another different session so here D functions between a virtual Android and the physical and ROI is highly different Shadid so what I'm gonna do is I'm gonna go into sessions I'm gonna interact directly with session number eight which is actually my physical mobile device and from here I can enter a game you can enter help so if you remember earlier we actually use the command and we used to command a webcam list so I can actually go ahead and enter webcam list and from here I can see that I have four cameras on my machine on my actual physical device so if you're hacking a real mobile device you are going to see camera so that's kind of differentiates some things there and you can launch the cameras to actually take photos so I'm currently my room and I can actually do snapping of photos we can do many many capabilities right here and over here we can explore further about how we can have post exploitation maintaining excesses and escalating privileges so one final thing we can enter shell from shell can enter LS and then from LS I can see what are the information I can see from here Who am I and then it will tell you your information you can enter su to actually try to gain route information PWD to see where you are so I have a lot of content inside my mobile device again you can dump all sense lots of sensitive data or contacts and so on so they're saying it how quickly we could gain access in the system by downloading an apk file exploding executing the apk file and immediately we can complete control of the system you know we can navigate across the whole filesystem look for sensitive data or sensitive contacts and many other capabilities as well as downloading uploading different files executables and then further our accesses in the system and ultimately gaining content and capabilities into those critical information so with that I hope you have learned something valuable in today's tutorial so if you like what you watch like share leave a comment below and I'll try my best to answer any of your questions and thank you so much for watching again

Info

Channel: Loi Liang Yang

Views: 892,891

Rating: undefined out of 5

Keywords: hacker, hacking, cracker, cracking, kali linux, android hacking, hack into android, metasploit, meterpreter, msfvenom

Id: YRm-St0bJhU

Channel Id: undefined

Length: 13min 5sec (785 seconds)

Published: Sun Sep 15 2019