a) For this practical exercise, it's better to use a virtual machine to leave no
traces and an android emulator to check the app before sending it into the
victim via a mail or by a person.
Why only android app can be made?
Usually, android is an open-source Linux system and is easy to exploit
using tools like Metasploit. Other famous mobile operating systems like
iOS use package managers with extensions IPA unlike app of android.
Although there is a module splitter that can split
the IPA files as of now
there are no remote execution tools for Apple operating systems. So if you
are trying to trick a user with Mac OS you need to find other ways.
However, if your victim is an android user then you can follow the below
instructions to get the exploit into his device:
b) First of all, start the Metasploit in the device using the Metasploit
command msfconsole
c) when the Linux shell shows the Metasploit interface select the payloads
options. As we discussed earlier payloads
are already proven bugs or
vulnerabilities that can be achieved on a target running on a particular
version of the software.
d) Here our target machine is android that is a Linux kernel machine. From
the payloads shell search for msfvenom payload using the following
command:
root @ hostname : msfvenom payload selec t
e) It gives five arguments that need to be filled out with information. Here
we will discuss those five parameters in detail with commands.
a) -p
This needs to be used whenever you are trying
to create an exploit using
Metasploit. Here our payload is msfvenom
b) LHOST
This is the argument that describes our input network address. We have
already learned about finding the IP address of our system using the
ifconfig tool. The IP address is essential because we need to make a regular
connection between the host and the victim
so that the data can be
transferred.
c) LPORT
Just like the previous one, this describes the port that we are willing to offer
to this Metasploit program so that the victim app can send us data and other
sensitive information.
d) R
This is where the apk format should be selected using the options. We are
dealing with raw format information so this should be mentioned. If you are
dealing with system software's execution files should be selected.
e) Location
This argument helps us to select the apk that we are referring to. You can
simply give the location so that the Metasploit can start making it as an
exploit. But before this process, we need
to make some certificate
installations so that everything runs in perfect. We will learn about this
process in detail in this section.