Inside the cloned repository, you will change the permissions on the setup.sh file for making it an executable file Important: upgrade and update your Kali repositories before install it, this can save you time. The installation process is quite simple, just keep in mind that can take some time because the dependencies installed. This tool can perform a lot of other things, you can check the tool's GitHub page here. The key tool for this workshop is the FatRat Exploitation tool, this program written on Python, can easily generate backdoors on any existing Android application or almost any other device available with known payloads from the Metasploit Framework (and other payloads as well). Exit: walks out of the attack scene of stops the communication with the target without creating a scene or doing any suspicious.Ī virtualized Kali Linux 2018.4 64 bits on Oracle Virtualbox.Ī Samsung Galaxy S6 with Android 4.4 Kitkat with some regular security configurations.īoth machines where connected on the same LAN Network.Play: make the relationship stronger and continue the dialog to exploit the relationship and get the desired information.Hook: makes the initial move by trying to start a conversation with the selected target after the completion of the research phase.Research: tries to gather information about the target, collected from various resources (dumpster living, website, docs, interactions).The attack can be summarized in something like this: It's all about mocking or tricking people to use or download a Malware and take advantage of it for malicious purposes. Social Engineering is a term that describes nontechnical intrusion that relies heavily on human interaction by tricking other people to break normal security procedures. N order to explain the concept very clearly, we can split the term into two elements, where Social can set up as personal and professional lives, Engineering refers to performing tasks by following certain steps to achieving targets. This demo was created on a controller and local lab, but it can be done on WAN networks easily. This is a pretty common "Social Engineering Attack", and it's focused on generating a reverse TCP connection, where the attacker easily can generate shell access to your Android phone in the time you are using the infected application and do some harmful stuff or access your private information without any concern.Īnd when a mean “Social Engineering Attacks” is because the way it propagates, I’ll explain in a bit how are the typical phases of this attacks. This writing demonstrates a practical and simple example on how to generate a Reverse TCP back-door on an existing APK file. Both have pros and cons, they are designed and configured with default security settings that maybe not the ideal for non-experienced people. The battle of smart-phones remains today between IOs and Android. Many entrepreneurs left behind web-based experiences for building disruptive mobile solutions. We have to set a point, mobile applications are a HUGE market today. Backdooring Android Apps with FatRat and Metasploit Framework
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |