We will begin the formation Meterpreter android payload through Metasploit, looking at the following image:
We also note we configure Android Meterpreter payload, doing a reverse connection to the ip particularly my computer address and port 1234, please review cycle Penetration Testing with Metasploit free to be able to understand this article better, now let 's do the processing of receiving the call through Metasploit through Multi handler :
Fabulous ! , We eavesdrop on port 1234 through the Multi handler, can now receive the next contact through our Albailoud, now there will be many scenarios that we will work with them to deliver pay.apk that was previously generated to an Android device that will be breached file, I will ask a range of scenarios, namely:
- Dns Spoof work and transform the user page has pre-programmed to persuade him to download pay.apk file.
- Send pay.apk file directly to the user.
- Forgery of some of the things inside the Google play and download pay.apk through it.
I know that the latter scenario could be very fun and very strong but I'll choose the second scenario in the beginning to clarify the mechanism of action and will leave Google play scenario of strong new of its kind in this area to explain, and as for the first scenario will touch him later also
We will now send pay.apk file to the user through Bluetooth, and the images of the Android system describes how to receive and run the file:
Well, as we observe the inauguration pay.apk on your Android device and we will now turn it on and complete our own process, these pictures show the completion of the installation of pay.apk
We also note was inaugurated pay.apk He now works under the name Main activity we will turn it on now and will observe the work of Reverse contact with us, and these pictures show that:
Very nice, because now we are trying to help execute the command to view some of the available commands and will observe their last command line, you have the following picture:
As Seen There webcam_list and webcam_snap option, we will now bring existing cameras inside the machine through our implementation of the order webcam_list:
Good ! We also note there are two cameras inside the machine to Anagam now implementing it webcam_snap and then determine the camera number that we want to take a picture of them and this will be the result of executing the command:
This is the image captured by the front camera own my computer:
As we can see, we were able to take a picture of my computer for the camera of a breakthrough system through the APK metepreter and, God willing, there will be more powerful explanations that specializes in test penetration of smart phones.