• The process to create an exploitable app
  • Why only android app can be made
    		•

    Linux: This Book Includes 4 Manuscripts. The Underground Bible to the unix operating System with Tools On Security and Kali Hacking to Understand Computer Programming, Data Science and Command Line




    Download 6,34 Mb.
    Pdf ko'rish
    bet200/203
    Sana10.01.2024
    Hajmi6,34 Mb.
    #134102
    1   ...   195   196   197   198   199   200   201   202   203
    Bog'liq
    Linux This Book Includes 4 Manuscripts The Underground Bible

    Metasploit
    Metasploit is one of the most important hacking tools due to its huge
    number of features that can be used on a target. The best thing about
    Metasploit is although being a tool that offers a lot of features and it is
    available as open-source. It matters because the burp suite which we
    discussed before has a premium license and restricts some of its features
    like automatic scanning for free users. Just like burp suite Metasploit also
    offers a professional license .
    The major difference between both versions is that in the free version you
    can only use 32 hosts at a time. This may be quite difficult for hackers
    trying to exploit large systems at once. So choose the version according to
    your preferences.
    Metasploit is pre-installed in the Kali Linux. If you want to install
    Metasploit in other Linux versions use the following command 
    wget Metasploit
    Metasploit also gives web interface access which can help us to access all
    the hosts we are using. Create an account and manage everything about the
    exploits here. 
    Practical scenario: Use Metasploit to make an exploit app that consists of
    malicious code which can take control of an android phone and can read its
    files, contacts, and messages and send them to a web server of yours. 
    Don't forget to try it out by yourself before looking at the solution that we
    describe here. 
    The process to create an exploitable app

    a) For this practical exercise, it's better to use a virtual machine to leave no
    traces and an android emulator to check the app before sending it into the
    victim via a mail or by a person.
    Why only android app can be made?
    Usually, android is an open-source Linux system and is easy to exploit
    using tools like Metasploit. Other famous mobile operating systems like
    iOS use package managers with extensions IPA unlike app of android.
    Although there is a module splitter that can split the IPA files as of now
    there are no remote execution tools for Apple operating systems. So if you
    are trying to trick a user with Mac OS you need to find other ways. 
    However, if your victim is an android user then you can follow the below
    instructions to get the exploit into his device: 
    b) First of all, start the Metasploit in the device using the Metasploit
    command msfconsole 
    c) when the Linux shell shows the Metasploit interface select the payloads
    options. As we discussed earlier payloads are already proven bugs or
    vulnerabilities that can be achieved on a target running on a particular
    version of the software. 
    d) Here our target machine is android that is a Linux kernel machine. From
    the payloads shell search for msfvenom payload using the following
    command: 
    root @ hostname : msfvenom payload selec t
    e) It gives five arguments that need to be filled out with information. Here
    we will discuss those five parameters in detail with commands. 
    a) -p
    This needs to be used whenever you are trying to create an exploit using
    Metasploit. Here our payload is msfvenom
    b) LHOST

    This is the argument that describes our input network address. We have
    already learned about finding the IP address of our system using the
    ifconfig tool. The IP address is essential because we need to make a regular
    connection between the host and the victim so that the data can be
    transferred. 
    c) LPORT
    Just like the previous one, this describes the port that we are willing to offer
    to this Metasploit program so that the victim app can send us data and other
    sensitive information. 
    d) R
    This is where the apk format should be selected using the options. We are
    dealing with raw format information so this should be mentioned. If you are
    dealing with system software's execution files should be selected. 
    e) Location
    This argument helps us to select the apk that we are referring to. You can
    simply give the location so that the Metasploit can start making it as an
    exploit. But before this process, we need to make some certificate
    installations so that everything runs in perfect. We will learn about this
    process in detail in this section. 

    Download 6,34 Mb.
    1   ...   195   196   197   198   199   200   201   202   203




    Download 6,34 Mb.
    Pdf ko'rish
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    Linux: This Book Includes 4 Manuscripts. The Underground Bible to the unix operating System with Tools On Security and Kali Hacking to Understand Computer Programming, Data Science and Command Line

    Download 6,34 Mb.
    Pdf ko'rish