Top Ad unit 728 × 90

Home ADVANCE HACKING ANDROID DEVICES ANDROID HACKING HACK WHATSAPP ACCOUNT KALI LINUX METASPOLIT Technology How To Hack Android Devices Using Metasploit (KALI LINUX)

How To Hack Android Devices Using Metasploit (KALI LINUX)

, , , , , ,



In this series of articles so far, we have discussed various techniques to identify and exploit vulnerabilities in Android applications. In the previous article, we have seen how to exploit debuggable Android applications. In this article, let’s discuss the vulnerabilities associated with Android WebViews.
Topics Covered
  • Introduction to Android WebViews
  • Implementing WebViews in Android apps
  • Security issues
  • Exploiting Android WebView vulnerabilities using Metasploit
  • Using QR Code attacks
Let’s begin.
Introduction to WebViews
When developing an Android app, we can load a remote URL or display HTML pages stored in our application within an activity using WebView. Internally it uses WebKit rendering engine to display web pages. It supports methods to navigate forward and backward, text searches, etc. It has some nice features such as support for the usage of JavaScript.
Implementing WebViews in Android Apps
Implementing WebViews in Android applications is pretty simple. Initially, we will have to set up all the required Android project setup like any other Android application project. Then, we will have to create an object for WebView Class to use its functionality. Here is a sample code snippet of how we can do this.
In order to load an Internet website:
WebView webview = (WebView) findViewById(R.id.mywebview);
webview.loadUrl(“http://website.com”);
Since we are accessing an Internet application, we need to have Internet access in order for this to work. So, we need to request for INTERNET by placing the following line in the AndroidManifest.xml file:
<uses-permission android:name=”android.permission.INTERNET” />
In order to load a file from the file system:
WebView webview = (WebView) findViewById(R.id.mywebview);
webwiew.loadUrl(“file:///android_asset/www/file.html”);
Security Issues
As mentioned in the beginning, WebView supports usage of JavaScript. If the application being loaded into WebView requires JavaScript support, it can be enabled by using the following line.
WebView webview = (WebView) findViewById(R.id.mywebview);
WebSettings webSettings = myWebView.getSettings();
webSettings.setJavaScriptEnabled(true);
Another powerful feature in WebView is exposing a Java object’s methods to be accessed from JavaScript.
This is one of the important features which requires a keen eye when implementing, as it can be exploited by passing malicious JavaScript to the application’s interface. Below is a sample code snippet by @jduck on how it can be implemented and exploited.
Exploiting Android WebView Vulnerabilities using Metasploit
In this section, we will see how to exploit a recent vulnerability which affected most of the Android devices. This attack works on all the devices running on Android version 4.2 (JellyBean) and earlier.
  1. Launch your Metasploit by typing “msfconsole” in a new terminal.
  2. Type “search android” to see all the exploits associated with Android. You should see the screen below (make sure you have updated your Metasploit to see the screen).
    We are going to use the exploit highlighted in the above figure, which uses vulnerable WebView components. You can get other information about this exploit by using the “info” command.
  3. To load the exploit, we can use the command “use <exploit>” as shown below.
  4. Now, we can see the options to be set by giving the “show options” command.
  5. IP address and Port to start a reverse handler can be set manually; otherwise it automatically takes the default values.
    In our case, we are leaving the default values and setting the URI PATH as shown below.
  6. Once after setting up everything, execute the “exploit” as a command to start a reverse handler.
    As we can see in the above figure, a reverse handler has been started at http://192.168.1.104/srini0x00. We can directly share this URL with the victim. Once he opens it, it will open up a shell on the device as shown in the figure below.
Using QR Code Attacks
To make this attack even more convincing, we can embed the above URL into a QRCode image. If a victim scans it using a QR code scanner, the URL will automatically pop up and will be opened in a browser.
This can be achieved using Social Engineering Toolkit.
Steps:
  1. Open up your Social Engineering Toolkit in Kali Linux by following the path given below.
    KaliLinux -> Exploitation Tools -> Social Engineering ToolKit -> se-toolkit
  2. Select Social Engineering Attacks followed by QRCode Generator Attack Vector as shown in the figure below.
  3. Now, we have to enter the URL to be embedded into the QRCode image as shown in the figure below. In our case, this is http://192.168.1.104/srini0x00
    As we can see in the above figure, a QRCode has been generated.
    If you go to the location where it is saved, it looks as shown in the figure below.
  4. If a victim scans this QRCode with QRCode scanner app from his Android device, it will open it up in a browser and a remote session will be opened in Metasploit.
    QRCode opening the URL in a browser
    Session Opened in Metasploit
  5. Let’s have a look at all the active sessions.
  6. Now, let’s start interacting with the session appeared in the previous step. This is shown in the following figure.
  7. I have set my path to system/bin and am now executing the command “cat /proc/cpuinfo” to see the CPU information on the device.
Conclusion
In this article, we have discussed attacks associated with WebViews. We can use Drozer for finding and exploiting these vulnerabilities in Android apps. I have provided a link as a reference if you are interested to use Drozer for this.
References and Credits
How To Hack Android Devices Using Metasploit (KALI LINUX) Reviewed by Unknown on 13:29 Rating: 5

Tags :

About

Number of Entries : 35

We are Developers Team do our best to create beautiful work for our clients. Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s.

7 comments:

  1. Unknown14 August 2019 at 07:55

    You website is cut off one side please make it normal so I can read everything. Thanks

    ReplyDelete
  2. Unknown5 April 2020 at 20:52

    Hello guys am Chris and am here to share this wonderful experience by hacking world channel , they are the best around which you can trust and work with , this hacking channel helped me get through my cheating spouse phone without noticing, just to get rid of doubt, because if we have doubt in anything we are doing it will never work out , I was beyond impressed with this group, everything was done perfectly without any issues , with just my spouse phone number and that’s it. You too can get rid of doubt , contact smart hacking channel via web: www . Smarthackingworld . com or via mail
    smarthackingworld@gmail.com. let them k now Chris tucker referred you in.

    ReplyDelete
  3. Edward Jarrod8 June 2020 at 10:32

    Excellent and professional investigative services. I hired Mr JOSH for a very private and difficult matter of hacking my spouse's phone and he far exceeded my expectations. He helped me get some info such as whatsapp, facebook, text messages, call logs and even phone conversations that I needed for proof of her secretive affair. The first time we spoke, we had a very long phone consultation in which he gave me all my options that he could think of to resolve my case, and he even recommended I try other options before hiring him, which shows that he is honest. I decided to hire him and I am glad I did. He is a fantastic investigator and a great person; to all loyal partners out there if you have a dishonest partner don't hesitate to send him a mail Contact: CYBERAPPHACK@GMAIL.COM.
    WHATSAPP: +1(562)265-8063.

    ReplyDelete
  4. Anonymous9 June 2020 at 03:42

    After my credit cards got maxed-out then my credit score decrease about 10 to 45 points lower than my actual credit score. I was introduce to Kevin Mitnick by my cousin when I told him about my credit card issues then he referred him to me so he can assist me in repairing my credit report then I’m glad he really helped me to raise my score back to 800’s and paid off my credit card debt without leaving any balance behind. I was amazed by his great credit repair work and got approved for new credit card worth over $100k credit limit after enough credit line to my credit record. Just mail him via KEVIN MITNICK CREDIT SERVICES AT GMAIL DOT COM.

    ReplyDelete
  5. Spam Leads5 August 2020 at 19:00

    Hello Everyone !

    USA SSN Leads/Dead Fullz available, along with Driving License/ID Number with good connectivity.

    All SSN's are Tested & Verified.

    **DETAILS IN LEADS/FULLZ**

    ->FULL NAME
    ->SSN
    ->DATE OF BIRTH
    ->DRIVING LICENSE NUMBER
    ->ADDRESS WITH ZIP
    ->PHONE NUMBER, EMAIL
    ->EMPLOYEE DETAILS

    *Price for SSN lead $2
    *You can ask for sample before any deal
    *If you buy in bulk, will give you discount
    *Sampling is just for serious buyers

    ->Hope for the long term business
    ->You can buy for your specific states too

    **Contact 24/7**

    Whatsapp > +923172721122

    Email > leads.sellers1212@gmail.com

    Telegram > @leadsupplier

    ICQ > 752822040

    ReplyDelete
  6. Andrea Robertson1 September 2020 at 19:47

    He is no scam,i tested him and he delivered a good job,he helped me settle bank loans,he also helped my son upgrade his scores at high school final year which made him graduate successfully and he gave my son free scholarship into the college,all i had to do was to settle the bills for the tools on the job,i used $500 to get a job of over $50000 done all thanks to Walt,he saved me from all my troubles,sharing this is how i can show gratitude in return for all he has done for me and my family

    Gmail; Brillianthackers800@gmail.com
    Whatsapp number; +1(224)2140835

    ReplyDelete
  7. Cool Stuff18 June 2022 at 20:30

    Hi Everyone !

    We are providing all type of FULLZ. Freshly spammed & verified with good quality.

    Bulk quantity also available for serious clients

    ==>Details Available In Fullz<==
    = SSN+DOB+address
    = SSN+DOB+DL+Address
    = Employee & Bank Account Details will be given on demand
    = High CS Fullz with complete info
    = Fullz for SBA, PUA, E-filling & Return Filling

    *PING ME ON:
    ==>ICQ > 752822040
    ==>Telegram > @leadsupplier
    ==>Skype > Peeterhacks

    =>TOOLS & TUTORIALS AVAILABLE<=

    =>All Types of Tools & Tutorials also available for Learning Ethical Hacking, Carding & Spamming<=

    Working & genuine tools with good validity you can get on few taps.

    =>Ethical Hacking Ebooks, Tools & Tutorials
    =>BTC Cracker
    =>Kali Linux
    =>DUMPS with pins track 1 and 2 with & without pin
    =>RAT's
    =>Keylogger & Keystroke Logger
    =>Whatsapp Cracked Version
    =>BTC Flasher
    =>SQL Injector
    =>SMTP Linux Root
    =>Shell Scripting
    =>SMTP's, Safe Socks, Rdp's brute
    =>PHP mailer
    =>SMS Sender & Email Blaster
    =>Cpanel
    =>Server I.P's & Proxies
    =>Viruses & VPN's
    =>HQ Email Combo's

    *All tools are genuine & valid.
    *Feel free to asked for any tool & tutorial.

    -::HIT ME UP ON::-
    ==>ICQ > 752822040
    ==>Telegram > @leadsupplier
    ==>Skype > Peeterhacks

    ReplyDelete

Subscribe to: Post Comments (Atom)
All Rights Reserved by True Hackers © 2014 - 2015
Powered By Blogger, Designed by Sweetheme

Contact Form

Name

Email *

Message *

Powered by Blogger.